|The millennium bug: its consequences for European defence |
Document 1622 5 November 1998
The millennium bug: its consequences for European defence
REPORT1 submitted on behalf of the Technological and Aerospace Committee2 by Mr Atkinson, Rapporteur
TABLE OF CONTENTS
on the millennium bug: its consequences for European defence
EXPLANATORY MEMORANDUM submitted by Mr Atkinson, Rapporteur
II.Measures taken by the Defence Ministers of the WEU countries
- Associate members
- Associate partners
- The Council and its subsidiary bodies
- The Satellite Centre
- The Assembly
APPENDIX: The methodology of studies pertaining to the problems of the Year 2000 (submitted by the Hungarian Ministry of Defence)
on the millennium bug: its consequences for European defence
Noting that all but the most modern computer systems refer to the date by using two digits for the year and that as a result these systems will fail to recognise the millennium date change;
Considering that the fact that the year 2000 is a leap year could exacerbate any resulting problems;
Pointing out that the millennium bug could have serious repercussions for European defence;
Taking into account the fact that all modern national defence and security systems rely on the accurate and efficient performance of computer systems and that this also applies to the interdependence of support, communications and information systems between WEU member states;
Noting that both defence experts and the various defence ministries report that many defence-related computer systems, satellite communication systems, logistic systems and weaponry might be unable to respond to military threats at the turn of the century;
Considering that it will be necessary to ensure that all the computer systems involved are "millennium compliant";
Noting equally that it will also be essential for the critical computer systems of those public services and infrastructures upon which the armed services rely, such as electricity supply and civilian rail and air traffic control systems, to be "millennium compliant";
Wishing to have an assurance that European defence will not be at any risk owing to insufficient preparation to ensure the millennium compliance of the computer systems involved,
RECOMMENDS THAT THE COUNCIL
Report to the Assembly (a) on its response to the problem and (b) on any contingency plans that have been drawn up;
Support Resolution 1167 on the OECD and the world economy, adopted by the Parliamentary Assembly of the Council of Europe on 23 September 1998, calling for an internationally agreed standard of millennium conformity and for an international test day in 1999 to allow time for any further preparation that may be necessary.
(submitted by Mr Atkinson, Rapporteur)
Computer systems influence and govern our daily lives more than ever before and this situation is accelerating with the information technology revolution. This equally applies to military technology upon which the security of nation states, and defence alliances, have become increasingly dependent. This includes, of course, NATO, WEU and their member states.
Now, many IT managers are becoming aware of the Year 2000 (Y2K) problem relating to computer systems. This suggests that all but the most recent systems will fail to recognise the millennium date change and will fail to function properly, leading to widespread confusion and chaos. Many applications will also fail to recognise the Year 2000 as a leap year. Defence experts in the United States and the United Kingdom have admitted that both countries could be rendered "defenceless".
The root of this problem is simple. As computers took over from punched cards, programmers invented the practice of saving scarce memory space, and hence money, by using two-year digits to store and manipulate dates, i.e. the DD/MM/YY format. Twenty-five years ago there was no need to distinguish between 1900 and 2000, and it was expected that these systems would be replaced in ten years.
Recent estimates claim that 90% of the computer programmes in regular use are running systems which the Financial Times has described as a "potential time bomb". Before the century comes to an end, any computer programme which relies on date and time calculations, as 90% do, will need to the checked for their error potential - their "millennium compliance". Indeed, there are growing experiences today of problems arising before the Year 2000 deadline.
Fixing the problem is a simple task for a computer programmer. The real issue is the scale of the problem in dealing with thousands of programmes which are in operational use, many of which lack complete and accurate documentation. The necessary skills are in short supply and will become scarcer as demand increases, and thus more expensive as governments and business organisations become aware of the problem and the urgency of taking action.
Defence experts employed by governments are reporting that serious flaws are inherent in many defence-related computer systems, satellite communications systems, logistic systems and weaponry. They warn, frankly, that these will fail at the turn of the century.
A particular problem arises from the fact that many computer programmes and computer chips embedded within machinery are unable to recognise 2000 and that a large number of them were installed by programmers now retired and supplied by manufacturers no longer in business.
A number of computer systems, mainly in the support area, are already experiencing problems on the operational side. A particular problem is predicted for 22 August 1999 when the satellite Global Positioning System (GPS), used to direct cruise missiles to their targets, supertankers into harbours, and aircraft to airports, will reset their date to 6 January 1980 because of a Year 2000 related fault (Daily Telegraph, 31 August 1996).
A growing number of airlines are considering avoiding all flights on 31 December 1999 because, even if they have sorted out their own computer systems in time, they cannot be certain that the computers of other aircraft and air traffic control systems will operate correctly (Peter de Jager in the Daily Telegraph, 31 August 1996).
It is reported that the United Kingdom Ministry of Defence (MoD) does not know which of its equipment is millennium compliant and is now embarking upon a time-consuming programme of checking all its computer systems, for which it has estimated a cost of £100m. No new money has been made available for this work and the identifiable costs will have to be met from existing budgets (Sunday Business, 24 November 1996).
In July 1996, its Defence Council sent out instructions to the whole of the MoD to conduct an audit of all computer systems to identify the work necessary to test, amend and re-test systems to ensure that they are or become millennium compliant. These audits are due for completion early next year (House of Commons Library).
The US Department of Defense (DoD) embarked upon serious work in 1995. Its problems are somewhat unique since a major part of the strategy of the US armed forces is to "digitise the battle field". Effectively, to link every aircraft, ship and even every individual soldier into a worldwide computer system (House of Commons Library/The Times, 7 October 1996).
The Pentagon has even warned of a potentially "catastrophic" outcome in which the country would be unable to respond to military threats and some weapons systems would run out of control (Sunday Times, 9 June 1996).
DoD Year 2000 problems include maintenance schedules for sophisticated equipment replacing hardware as well as software. Chips in ballistic missiles may prove difficult to replace. Hardware in communications satellites may to impossible to replace. If the conversion programme is not complete by the end of 1999, many national defence systems may not actually become dangerous but may simply fail to work (House of Commons Library/The Times, 7 October 1996).
The DoD has yet to complete its inventory of computer software codes which need to be converted. The cost of changing the estimated 358 million lines of code has been put at between $1 and $8 per line. Thus the cost of reviewing and repairing all of their systems ranges between US$ 358 million and US$ 3 billion. This will have to be obtained from within existing budgets.
The US Assistant Secretary for Defense Command, Emmett Paige, gave evidence before the Congressional Sub-Committee on Government Management, Information and Technology on 16 April 1996. He said: "The DoD is very much aware of this serious problem and we are treating it much as we would a computer virus".
Finally, in the case of Russia it is very disconcerting that because of the country's precarious financial situation, it will not be able to give this problem the proper attention or deal with it effectively. The obstacles Russia will have to clear in order to obtain the financial assistance from abroad that is necessary to solve the problem are huge.
II. Measures taken by the Defence Ministers of the WEU countries
All the Defence Ministers of the countries associated with WEU as members, associate members, observers or associate partners were sent a letter in which they were asked to provide information on any measures they had taken to deal with the possible effects on their countries' defence systems of the millennium computer date change problem or "millennium bug".
Their various replies are analysed below.
Our request for information met with a response from the Defence Ministers of Belgium, France, Germany, Luxembourg, the Netherlands and the United Kingdom. Notwithstanding a letter reminding the other countries of our request, we have still not received replies from the ministers of Greece, Italy, Portugal and Spain.
The Belgian defence authorities inform us that the armed forces are well aware of the Year 2000 problem and steps have been taken to deal with it. The problems linked with office information technology (computer software, networks, etc.) have been studied at combined force level and those concerning "operational" information technology addressed by each force in an individual capacity. No serious problem has come to light to date.
No particular difficulty is anticipated at the end of the century with any of the systems that have been investigated and checked, and these include both management systems and weapons or embarked systems.
The air force identified some potential air traffic control (ATC) problems but solutions have been found and the necessary measures will be taken in time for the new millennium.
The systems concerned in this particular case are the Radar Analysis Support System (RASS) and the Semmerzake national ATC system. Eurocontrol anticipated the RASS problem and will be distributing a new software package called "Year 2000 failsafe" to deal with it.
As far as ATC is concerned, the operating system (OS) used in Belgium is not "Year 2000 failproof". Hewlett-Packard is working on this problem and will update its OS-UNIX-10.2.
All the older systems which might have been affected by the problems under discussion have either been or will be replaced by 2000 and all modern systems acquired recently have been designed to handle such problems. These include computer software and servicing products. Procurement contracts for new items of equipment contain a "Year 2000" clause.
In their reply the French authorities say that because the vast majority of procedures in all areas of activity have been computerised, government departments and businesses have been obliged to draw up reorganisation and action plans to deal with the millennium bug. The purpose, they stress, is to anticipate any risks the transition to the new millennium might pose for the country's economy, the proper running of state services and the general safety of installations and therefore of French citizens.
The Government has accordingly decided to implement a package of specific provisions including the setting-up of an interministerial task force to ensure the necessary coordination between the various ministries and encourage businesses to take similar steps at their own level.
With specific reference to the Ministry of Defence, officials responsible for the main areas of information technology and telecommunications have drawn up an inventory of all computer hardware and software systems concerned by the millennium date change. In the field of information technology proper, this inventory covers general aspects on the one hand and operational and weapons systems IT on the other, areas for which a summary analysis is also submitted.
When it comes to information technology in the more general sense, the effects of the millennium date change will be considerable for applications predating the 1990s and will in many cases mean the wholesale replacement of equipment. In the case of basic hard and software, the major system environments will in all likelihood be adapted in coordination with manufacturers whereas many office systems will probably have to be replaced so that any problems that might arise can be handled by Year 2000 compliant equipment.
As far as operational IT is concerned, it should be noted that systems developed over the past three years have been programmed to take the transition to the Year 2000 into account and systems currently in use are being checked to see whether any corrective action needs to be taken.
Many systems and items of equipment in the defence field will also be affected by the Year 2000 phenomenon. The main difficulties identified concern the operation of embedded processors and the conditions for running tests. The French procurment agency, the DGA, has also been involved in making the necessary adjustments in liaison with manufacturers and military staff using the systems concerned.
According to the analysis provided by the French Ministry of Defence, the computer problems posed by the millennium date change for all information and communication systems, regardless of the type of information they cover, are twofold in that they concern the transition to the Year 2000 proper and the fact that it will be a leap year. The problems in question affect application software (dedicated or otherwise), basic software programmes (browser and database management systems) and hardware.
In the section of the French analysis dealing with the general aspects of information technology, the authorities state that central sites are undergoing development mainly as regards operating systems covered by servicing contracts concluded with the manufacturers. Databases are gradually being adapted with the assistance of editors and operational tests are being run.
Hard and software purchased over the last two years for office networks and work stations are millennium compliant. A general audit is being conducted of all hard and software acquired prior to that period. Its purpose is to make a global assessment in terms of technical, timetable and financial criteria and to give priority to ascertaining which items of equipment will have to be replaced.
For departments using information and communication systems designed at the end of the 1980s or in the early 1990s, there should be no major technical hitches because the software application programmes being used have been made millennium compliant. Older systems will be adapted as required or replaced in order to get over the Year 2000 hurdle.
However, the situation for basic hard and software is more complex given that the system architecture is different in each case. Thus while Intel 486 processors will not be affected by the millennium bug, the same cannot be said for some basic software products such as Microsoft's Windows 3.X operating systems.
The Ministry of Defence is therefore planning to speed up the replacement of hard and software for office-type work stations with all the consequences that entails for the related application programmes proper even though they themselves are millennium compliant.
On the operational information technology side the DGA, in coordination with military headquarters staff users and with the assistance of the firms concerned, has carried out a systems analysis to ensure that current operational information systems continue to function properly. Simulations have been performed in industrial centres and system tests have been run. Military staff are also carrying out tests to check that network management centres will operate properly.
All information systems developed since 1995 were made millennium compliant in the design phase.
Finally, weapons system information technology concerns a very substantial proportion of defence-related equipment and systems. Indeed, the whole range of such equipment is affected to varying degrees: computers proper, backup systems, networks (auto-switching devices, dedicated network components, messaging services), basic or intermediary software (various dedicated and non-dedicated programmes) and application programmes.
Initial experience has, however, brought to light further difficulties linked to the complexity of the tests that have to be run and to the problems posed by embedded processors.
In view of the fact that it is essential to establish the criticality of applications and systems before any action is taken, the French DGA has set up a task force to tackle all these problems.
In its reply to the Assembly's request for information, the German Ministry of Defence said that detailed work on preparing computer equipment for the millennium date change had begun in 1996.
The work can be broken down into the following phases:
- inventory of the computer programmes and procedures to be converted;
- analysis of the procedures to be implemented for conversion purposes;
- conversion proper;
- individual tests;
- testing of all systems in real operating conditions.
The German authorities stress that information available about the millennium date change problem suggests that the United States is taking a similar approach.
It would seem that at the time the German authorities sent in their reply, the problems remaining to be solved mainly concerned administrative procedures (such as computer-generated calculations concerning remuneration, staff management and logistic support) and that there was a lesser impact on information technology command, communication, weapons and weapon command systems.
In principle the millennium date change is not expected to have any repercussions for Luxembourg's armed forces for two reasons: first, the military is about to bring in a new IT system which will be installed over the next few years. This system has been designed to avoid any millennium bug problems.
Secondly, owing to their size, remit and the nature of the tasks they carry out nationally and abroad, the Luxembourg armed forces do not have any defence equipment whose computer software would be affected by the millennium bug.
According to the Minister for Defence, the Year 2000 problem was acknowledged by the Netherlands Government a long time ago. Ministries, other government bodies and the private sector worked towards finding solutions on the basis of their own responsibilities. The need gradually arose for an understanding of the scale of the problem and for coordination in creating awareness among the competent government officials and managers. This applied equally to the exchange of knowledge and experience with regard to analysis, finding solutions and testing the software and hardware components involved.
The Netherlands Parliament has shown itself to be closely involved in the Year 2000 issue. In mid-1996, partly as a result of questions asked by Parliament, the Minister for Home Affairs, who is responsible for coordinating the supply of government information, took stock of the problem throughout the government. An independent body, commissioned by the same Minister, is currently carrying out a reappraisal of the scale of the problem, the measures the Government intends to implement and those already carried out.
The setting-up of a platform of representatives from the government and the private sector is currently being prepared. The task of the platform will be to guide the issue at the national level for all sectors of society; activities will be related to raising consciousness, setting priorities, giving advice and making the required instruments available. The proposals for setting up the platform will be submitted to the Council of Ministers in the very near future.
The Ministry of Defence, including the Services of the armed forces, has also been working on the Year 2000 problem for quite some time. At the beginning of 1996 a first assessment of the situation took place. Since then, systems have been adapted and action is being taken to ensure that systems are replaced in plenty of time. The regular defence-wide consultative body for information policy and information and communication technology (ICT) has the matter permanently on its agenda, and promotes consciousness-raising within the defence organisation with regard to the Year 2000 problem.
Under the name of CTS2000 (Century Turnover Services 2000), the Duyverman Computer Centre - the defence organisation's internal ICT services supplier - has facilities for analysing, adapting and testing applications on mainframe, midframe and PC-LAN configurations. The Minister is aware that, despite the measures already taken and initiatives currently planned, it will be necessary to keep a finger on the pulse and to give new impetus where necessary, so as to solve the Year 2000 problems in good time.
In 1996, the Ministry of Defence instituted a programme of work to address the Year 2000 problem. That is why it now has a good understanding of the extent of the potential problem across the whole range of equipment used, from support systems, communications and information systems through to weapons platforms and systems with embedded processors. Its objective is to ensure that its operational capability is not put at risk from any failure to recognise correctly what is involved in the millennium date change.
The Ministry of Defence has established clear management responsibilities for assessing and rectifying each potential instance of the problem. A detailed guidance pamphlet has been published and is available on the Internet at www.mod.uk. Work to assess systems and to modify or replace those where a problem is found is well under way.
From the work done so far it is clear that the problem is widespread. The MoD has already publicised the potential problem but continues to run an awareness campaign to try to ensure that no systems are left unchecked.
Furthermore, in reply to a question put by your Rapporteur in the House of Commons on 2 July 1998, requesting the Secretary of State for Defence for information on what contingency plans his Department was making in the event of the failure of computer systems to recognise the Year 2000, the Junior Defence Minister, Mr Spellar, replied that the Ministry of Defence recognised the risk posed to operational capability by the Year 2000 problem.
He said that while every effort was being made to ensure that all systems were millennium compliant, some of the work would not be completed in time. The MoD was therefore developing contingency plans to ensure that it continued to meet operational commitments and that essential defence capabilities were maintained. The target date for completion of these plans was December 1998, with testing continuing throughout 1999 and regularly thereafter to ensure that the plans remained valid for any similar problems which might arise in the future.
In addition, in reply to an earlier question put by your Rapporteur in the House of Commons on 29 October 1997, requesting the Secretary of State for Defence for information on what discussions he had had or planned to have with his NATO and WEU counterparts on the problems computer systems faced on account of the millennium date change, Mr Spellar said that the MoD had initiated a departmental programme 18 months earlier to address the problems computer systems were likely to encounter because of the millennium date change.
Since then the Year 2000 question had been raised with counterparts in NATO and Allied Nations. According to Mr Spellar they were fully aware of the serious nature of the problem and the action being taken within the UK MoD to ensure that defence operations were not at risk from a failure of systems to process date-related information correctly.
Mr Spellar added that the authorities were discussing with the Allies the need for a collaborative approach to ensure the continued effectiveness of the interconnection between systems on which Allied operations depended. Senior-level discussions had taken place with the United States Department of Defense on solutions to the Year 2000 problem. It had also been raised within the NATO Command Control and Communication Board, the most senior committee in NATO dealing with command and control systems, and was being raised within the WEU information systems forum. This would be kept as a high priority topic within NATO and WEU and established as a regular agenda item in the appropriate committees so that progress could be monitored.
(b) Associate members
Of the three associate member countries - Iceland, Norway and Turkey - only Norway has so far responded to the Assembly's request.
In his reply, the Norwegian Minister for Defence points out that his ministry's concern regarding this problem and any effects it might have on national systems and interfaces - as well as those between nations - is reflected in a remit given to the Norwegian Defence Communication Agency to identify critical systems and interfaces affected by this rapidly advancing problem.
This task implies close coordination with national agencies exercising configuration management and the control of systems supporting national defence both in a peacetime establishment context and in a war, crisis-management and support context. Systems having interfaces with NATO systems implemented in Norway - or cross-border connections with other nations - are part of this context.
Finally, a plan for renovating and testing critical systems has been established and will be completed prior to the onset of the third millennium.
Furthermore, Norway's Headquarters Defence Command, and more precisely its Communication and Information System Division, has informed us that a great deal of effort has gone into work to minimise or eliminate the effects of the millennium date change. This involves adapting, changing or removing systems. The Norwegian authorities seem to be well aware of the fact that this problem is not confined to information systems and indeed may be even more complicated when it comes to embedded systems. It is this second aspect that is therefore causing the Norwegian military authorities most concern at the moment.
The five WEU observer countries have sent in replies to our request for information even though some of them, as in the case of other countries, are very short.
The Austrian Minister for Defence says that in the course of routine servicing and upgrading work, the Austrian armed forces are currently taking all the necessary measures to ensure compliance with the millennium date change.
Adaptation or replacement of the hardware and software products affected by that change is due to be complete before 2000. This therefore leads the Minister to assume that Austria's defence capability will in no way be impaired as a result of the millennium date change.
The following measures have been taken in Denmark to resolve the difficulties caused by the millennium date change:
- an in-depth analysis of all applications, including source-codes, databases and operating environments;
- an upgrade of all affected system software;
- an information campaign in the form of briefings and seminars.
The estimated cost of these measures is DDK 3 million for 1997 and 2 million for 1998. The Danish Ministry of Defence expects that the problem will be resolved in time and within the existing budget.
Preparations to analyse the consequences of the millennium bug problem began in Finland in 1996. On the basis of information gathered to date, the Finnish authorities are reassured that the Year 2000 will not pose any major problem for their computer systems.
Data system problems will be solved by modernising and replacing old systems and programmes. The effects on data transfer systems and other items of equipment mainly concerning various weapons, simulation and surveillance systems are under control. Systems will be tested and measures taken ingood time.
In its reply the Department of Defence in Dublin merely states that the Department is well prepared for the upcoming millennium, with a Year 2000 Compliance Plan already in operation in both the civilian and military branches of the Department.
Since 1 March 1997 a "Project 2000" group within the Swedish armed forces has been addressing the Year 2000 problem. The group is responsible for coordination, support and follow-up of all Year 2000-related work carried out on information systems as well as technical and embedded systems.
Responsibility for carrying out such work (which includes conversion) on the above-mentioned systems lies within each individual service. A "Workgroup 2000" consisting of representatives from Project 2000 has been formed in order to allocate the project's resources for whatever purpose they are required within the armed forces.
It is important to note that the Swedish armed forces are working in close cooperation with the Defence Materiel Administration to solve the millennium date change problem. This is because the Administration owns most of the equipment used by the Swedish armed forces which is where the majority of technical and embedded systems are to be found. It is also responsible for the conversion of a great number of information systems. The Defence Materiel Administration is represented both in Workgroup 2000 and Project 2000.
In 1997, the Swedish armed forces were in what could be termed a combined inventory/analysis phase. Decisions on how to handle each specific information system were being taken and the plan was that all of them were to be taken by the end of that year, with conversion of the systems due to start in the first quarter of 1998.
(d) Associate partners
All the WEU associate partner countries have replied to the Assembly's request for information.
In its reply the Bulgarian Ministry of Defence states that none of the software programmes, technical resources and systems used for the management of the country's armed forces and armaments are affected by the millennium date change.
In the Czech Republic the Ministry of Defence has a number of somewhat outdated information systems. It is currently developing modern systems to replace the older ones before the turn of the century. This means that the millennium date change problem will not affect the information systems used by the Czech armed forces.
The Estonian Minister for Defence makes the point in his reply that the Estonian defence forces have only been in existence for six years. During that period they "have started from scratch and built up their small but effective forces with a tight budget".
As the Estonian forces have no satellite systems or complex computer-controlled weapons, the Minister says the millennium date change will not present any problems.
The Hungarian Ministry of Defence takes the view that the date change will not create difficulties and its information systems seem to be sophisticated enough to tackle this problem. As far as the authorities are concerned, the Year 2000 problem may affect financial and human resource programmes which will be changed or modified by the end of the century.
The Ministry enclosed with its reply a description of the methodology it has developed in order to test its information systems (see Appendix).
Latvia has been reorganising its defence system for the past six years with limited financial resources. For the time being only the Ministry of Defence has some stand-alone databases.
Latvia is participating in a joint project for the establishment of a Regional Air Surveillance system. This project is only in the initial phase and will require the creation of a database. It goes without saying that the necessary hard and software for this project will be millennium compliant.
The Ministry of Defence points out in its reply that because Lithuania has no older-generation computers, computerised equipment with embedded chips or software programmes that might fail after the millennium date change, the problem as such does not exist for its armed forces.
The measures the Polish armed forces have decided to take to cope with the millennium date change problem are as follows:
- stop using older-generation computers which do not properly interpret dates after the Year 2000;
- make the necessary software changes for computers belonging to the new generation;
- check all technical systems (including combat devices) that are controlled by microprocessors and take the necessary steps to guard against millennium complications.
The Ministry of Defence informs the Assembly that the Romanian armed forces do not have any weapons systems that will be affected by the inability of some computer programmes to continue to operate correctly after the millennium date change.
Similarly, the Ministry has no missiles or communications satellites in operation that would require components to be changed in order to qualify as millennium compliant.
The Minister for Defence informs the Assembly that since the Slovak Republic's armed forces have computer and installation systems that could be affected by the millennium date change, they are fully aware of the potential problems and are accordingly taking all the necessary steps to deal with them as appropriate.
The matter is being addressed as a cooperative venture involving military specialists from the various branches of the armed forces and, where necessary, technical and scientific experts from the civil sector.
(a) The Council and its subsidiary bodies
The WEU Council was also sent a letter in which it was asked to provide any information on the measures taken either by the Council itself or by its subsidiary bodies to deal with the millennium bug.
In its reply, the Council points out that: "The problem may reside in either the hardware or the software. As far as the hardware is concerned, it could be due to one or both of the following:
- the CMOS (Complementary Metal Oxide Semiconductor) processor: this contains the various data needed by the Operating System;
- the BIOS (Basic Input/Output System): this is the buffer between the hardware and the Operating System.
As far as the software is concerned, problems may arise in the Operating System or in specific software programmes. The real time clock on the CMOS chip is easy to test. It is sufficient to put the date forward near midnight on 31 December 1999 and watch time move forward to the Year 2000. If it does so successfully, then it is Year 2000 compliant. As far as BIOS is concerned, there are a number of BIOS fixes/patches available. These can ensure that any BIOS will work in the year 2000.
The above are both hardware factors which are no longer present in recent computers. The WEU Headquarters low-security network computers come within this category. The high-security network computer, which is now in the implementing phase, will of course be even more modern.
As far as software factors are concerned, the Operating System utilised at WEU Headquarters is Windows NT (that will also be the case for the high-security network). Microsoft assures us that this Operating System is not affected by the Year 2000 problem. WIN 32, the API (Application Program Interface) used by Windows 95 and Windows NT, both in use at WEU Headquarters) store data as a 16-bit field and can store data up to 2099.
As far as the other software programmes are concerned, an existing list indicates the deadline they can support. From that list, some of the more popular ones which may still be in use (but not at WEU Headquarters) are the following:
- Microsoft Access 95 (deadline 1999);
- Microsoft Excel 95 (short dates) (deadline is 2019).
On the other hand, WEU Headquarters still has problems with software related to the security of the building (management of fire detectors, magnetic locks, security exit control, presence control, etc.) that is currently being replaced. There are also problems with the software programmes managing the air-conditioning system and the UPS (Uninterruptible Power Supply) and EPS (Emergency Power Supply) which are in the process of being checked by the firm contractually responsible for their management. The final responsibility for these last software programmes lies with the owner of the building who has been duly informed and is taking the appropriate steps".
(b) The Satellite Centre
The Satellite Centre is making use of five computer systems for its activities, namely:
- the operational system;
- the Helios system;
- the research system;
- the Intranet system and stand-alone PCs;
- the Internet system.
Regarding communications, secure (Thomfax, Telsy, forthcoming WEUNET) and unsecure (standard fax, telephone) means are used. A database with all this computer and communication equipment is kept up to date.
The following steps have already been taken:
- part of the computer equipment has been renewed in 1998;
- for all equipment that is covered by a maintenance contract, a certified letter has been sent to the service suppliers requesting that they provide the Centre with certification that the equipment is millennium compliant. If they are unable to provide such certification, they are requested to provide the set of relevant tests that have to be performed in order to establish the status of the equipment;
- for all equipment that is not covered by a maintenance contract (mainly PCs), the same procedure is being applied by directly contacting the equipment manufacturers.
The next steps to be taken are as follows:
- list all remaining equipment (other than computer or communication items) that could be affected by the millennium bug and contact the manufacturers to establish their conformity status;
- establish the matrix of equipment status with respect to the millennium bug;
- if necessary, call for external consultancy to consolidate equipment conformity status;
- establish the action plan;
- implement the action plan.
(c) The Assembly
The Assembly is well aware of the difficulties transition to the Year 2000 may pose for computer systems. It has analysed the various aspects of this problem to determine what implications the millennium bug may have as far as it is concerned and has accordingly drawn up an inventory of all the computer systems (hard- and software) installed on its premises that may be affected by the bug.
The first part of the programme started with the renewal of the Assembly's computer equipment in 1997 and tests run on computers purchased since then have shown that as far as the hardware is concerned (CMOS and BIOS) no problems have been detected. Older computers (in the main PCs of the 486 AT type), which are used on a temporary basis during Assembly sessions, have also been checked at hardware level and have passed the test. The criteria used to assess their millennium compatibility are consistent with the ISO 8601 standard and are also incorporated in the EN 28601 European standard; in this respect they constitute a widely accepted reference.
The purpose of the second part of the programme was first to bring to light those operating systems that could not make the transition to the 21st century without posing a problem. The study that was done showed that the gradual move from a Dos 6.22ª system first to a Windows 3.11ª and then a Windows 95ª operating system was the right solution in that Microsoft guarantees that Dos 6.22 and Windows 3.11 will make the transition to the year 2000 with only a minor hitch affecting the display of dates after 23:59:59 on 31.12.1999 (in which years are shown as two digits), but this will not have any impact on the management of such dates.
It was found that Microsoft Access v2.0ª software will no longer be able to make calculations after the critical date of 31 December. This will not affect Access 2.0 applications still in use since none of them makes calculations on the basis of dates.
A final point to be mentioned concerns the Assembly's accounts and wagebill. A recent update of the programmes concerned has made it possible to counter any risks to which accounting data may be subject at the turn of the century.
It should also be borne in mind that according to the rules of the Gregorian calendar, which specify that any year divisible by 100 is not a leap year, there will be 29 days in the month of February 2000.
It is also worth noting that the expiry dates of most of the software in common use vary fairly widely, posing a additional problem to that of the notorious millennium bug itself.
As will be evident from the introduction to the report, it was originally drafted on the basis of press and other information available in January 1997. This formed the submission of the Rapporteur for an outline for a report originally intended for debate during the Assembly's part-session in December 1997.
In response, at its meeting on 4 November 1997, the Committee agreed to produce an information report on the consequences for European defence of the millennium bug. This would be based on the information obtained from WEU members, associate members, observers and associate partners in response to a letter from the Chairman of the Committee requesting information on the measures they were taking.
As will be seen from Chapter II of the report, six member states: Belgium, France, Germany, Luxembourg, the Netherlands and the United Kingdom responded. It is to be regretted that no replies were received from Greece, Italy, Portugal and Spain, which must cause concern that the necessary action is not being taken to avoid problems. If this is the case - and assuming that the computer systems relating to defence of WEU members are linked - much will be at risk.
From the replies that have been received from the various defence ministries, it is clear that they are on the whole of a very general nature for a number of reasons.
In the first place this is because the scope and repercussions of the millennium date change computer problem are still not easy to predict, identify or assess. In this connection it is important to remember that, according to the experts, ten types of different problem have been identified in the Global Positioning System (GPS) computer programme and that in the case of some of them, it will not be possible to pinpoint them in more detail until three months before the Year 2000.
Secondly, because the Assembly's request mainly concerns military information and command systems, the defence authorities in the various countries are probably not in a position to provide data that might be classified.
Finally, few of the replies received include an assessment of the cost involved in finding solutions to the problem. However, this is hardly surprising given that there are all sorts of difficulties involved in any such cost analysis.
When they met in Birmingham in May 1998, the members of the G8 reached the conclusion that the millennium bug posed a major problem for the international community and accordingly decided to take steps to prevent computers malfunctioning in the short and long term. However, they did not go so far as to consider exactly what action should be taken.
For its part, the Russian Atomic Energy Ministry said it would wait until 2000 to fix any computer glitches arising from the millennium date change problem, thereby ignoring the advice of other G8 nations that these glitches could lead to a nuclear meltdown.
According to the US Federal Reserve, the effect of the Year 2000 date change is likely to reduce the growth rate in the United States by 0.1 points over the next two years. The Gartner Group, specialised consultants in the field of information technology and telecommunications in the US, has put the cost of the investment required to rewrite computer programmes at US$ 600 billion while other sources have given an estimate of 300 billion.
In the United States the Joint Chiefs-of-Staff are planning a series of joint exercises that will be used to determine whether the warfighting command's information networks and weapons systems will be able to compute the date change. According to William Curtis, the Pentagon's Year 2000 Director, the systems will "run across the Y2K border by moving the clock to 2000".
These exercises will also establish whether Y2K software fixes are working. The Pentagon estimates it will cost nearly US$ 2 billion to have teams of computer programmers assess, renovate, validate and fix an estimated 22 000 computer systems (2 200 of which are considered "mission critical") which may be contaminated or fail altogether.
The Central Intelligence Agency (CIA) claimed in May 1998 that - compared with the United States - Canada, the United Kingdom and Australia were about six months behind in dealing with the problem and that the time lag for other European countries was nine months. The CIA considers that Europe will probably be unable to cope with the transition to the euro and the millennium date change problem by the necessary deadlines. It says the situation in other countries is even more worrying.
Finally, the French Ministry of Defence stresses that the necessary work and its financial cost are in the process of being consolidated for all departments and systems. However, various surveys and assessments conducted by major organisations suggest that the transition to the Year 2000 will swallow up some 20% of the human and financial resources earmarked for information and command systems.
There can be no doubt that mobilising these resources, which is essential to guarantee the sustained operation of the systems in question, will mean that a number of projects in the defence ministries will have to be spread over a longer period or even postponed. In actual fact, there is no knowing to what extent the millennium computer date change problem is going to affect such projects.
From the foregoing it must be clear that insufficient evidence exists for the Assembly to conclude that the computer systems involved in the defence and security of Europe, as provided for under the Brussels Treaty, will be guaranteed millennium compliant.
Moreover, there is certainly no guarantee that the computer systems of those public services and infrastructure upon which the armed services of WEU member states rely, such as electricity supplies, civilian rail and air traffic control systems, will be millennium compliant.
Thus, when the Assembly debates this report during this December 1998 part-session, it should seek clear assurances from the Ministerial Council, supported by sufficient evidence, that European defence will not be at risk because of insufficient preparation to ensure that the computer systems involved will function at the turn of the century.
Anticipating that it may prove impossible to guarantee that there will be no problems, the Assembly should also seek clear assurances, to be supported by evidence, that adequate contingency plans are being developed, will be in place and will have been tested in time.
Thus the Assembly should call on the Ministerial Council to report fully on its response to the problem, and its contingency plans.
In addition, because no internationally agreed standards of millennium conformity of computer systems exist, to avoid confusion and
misunderstanding, the Assembly should call on the Council to support paragraph 20 of Resolution 1167 (1998) on the OECD and the world economy, adopted by the Parliamentary Assembly of the Council of Europe on 23 September 1998, which reads:
"The enlarged Assembly is aware of the recent G8 report on the threat to international business, especially banking and financial services, telecommunications, transport and infrastructure of the failure of many computer systems involved to recognise the century date change. It is particularly concerned that there is no agreed international standard for Year 2000 compliance. It urges the OECD to consider, as a matter of urgency, the establishment of such a standard, (the British Standards Institution's Year 2000 standard, for example), and the need to ensure that member states are taking the action necessary to avoid national and international disruption, and are drawing up contingency plans to cover the key sectors of their economies. The enlarged Assembly calls for an international test day for the millennium compliancy of computer systems. It looks to the OECD to take a leading role in organising such a day with other international institutions, most notably the United Nations, provided financial resources are available."
The methodology of studies pertaining to the problems of the Year 2000
(submitted by the Ministry of Defence of Hungary)
I. Controlling the internal date of computers
What is the internal date of the BIOS or the operating system in the following situations:
passing into the year 2000 while the computer is turned on (e.g.: if the system time is set to 23:59 and the date to 31.12.99, what date and time is detected after two or three minutes? The next step is to check the result of turning the computer off and then on again, i.e. rebooting);
passing into the year 2000 while the computer is turned off (executing the steps described above, except that after setting the internal time to 23:59 and the date to 31.12.99, the machine is turned off and after waiting two or three minutes, it is turned on again);
setting any date after the year 2000 (the system date is set at 01.01.00, and the result of a date check is recorded; the next step is to check the internal date after turning the machine off and on again).
The various types of machines or identical machines with different BIOS or operating systems react differently in the abovementioned situations. Therefore these examinations have to be carried out in every machine to see the exact date-control. The study has to be carried out on each server as well.
The investigation has to cover the issue of the way the machines handle the year 2000, as a leap year. Contrary to certain incorrect beliefs stating that the year 2000 is not a leap year (as from among the years divisible by 4, the ones divisible by 100 are not leap years - this in itself is true), the year 2000 being divisible by 400, is in fact a leap year. Certain BIOS do not take this into consideration.
II. Control of programmes using an internal date
to check the way the year 2000 is handled by programmes with date fields on screen or in print;
programmes using date operations have to be tested thoroughly with simulations involving the year 2000. (In the test environment special care has to be accorded to executing the tests separately from existing, recorded data, in order to avoid damage to the files by certain functions of the system, e.g. automatic deletion of outdated data. We should also make sure that for limited licence software, there is no protection in the system, which would automatically damage or disable operation following the expiry of the licensed use).
The results of the examinations should be recorded, in case any problem arises.
If any problems are detected in certain software:
check whether the source programme (original install version) is available;
if the source programme is available, are there any specialists capable of modifying it? (The most optimal situation is if the programmer of the software is available.);
if the source programme is not available, can the organisation which designed the programme be located and is the source programme available at the organisation?
The duration and cost of the repairs have to be determined. The following should be taken into consideration:
the extent and amount of modifications to be carried out within the programme;
the eventual need for conversion of the data base, with special emphasis on the inevitable conversion of the copied archived data files;
the need for modifications to enable reception or transmission data on network systems. This issue needs consulting with the partner organisations linked by the network to ensure a uniform and compatible modification;
the eventual necessity of the modification of input reports (to enable recording of 4 digits) - printing costs.
The assessment of the time and cost necessary for the modification has to involve analysis of the advantages of developing new software to replace outdated programmes, especially if repairs are hindered by any circumstances as costs would therefore rise considerably. The time remaining until the year 2000 allows for the design and development of an up-to-date programme satisfying all needs.
III. The examination of information technology contracts
The existing hardware and software contracts have to be amended so that all software and equipment satisfies all requirements pertaining to the turn of the millennium. This is simply a legal safeguard for any subsequent disputes, as - unless the contract does not specifically state that the equipment or software will be used in this millennium only, which is in itself not typical - the operational condition for the life span of the machine (programme) is guaranteed by the manufacturer. The contract can include a clause stating that the supplier accepts a financial and moral obligation for compliance with the requirements (which cannot as yet be enforced) before the year 2000.
Any new contracts signed should include the abovementioned.
IV. Newly purchased (developed) equipment and programmes
All newly purchased equipment and programmes should be checked in accordance with the abovementioned.
The developers should be aware of the fact that the date 31.12.99 is no longer acceptable as the latest date set, and that the next day is after and not preceding this date. This is also applicable for unlimited licence rights set at 31.12.99, if the system has any automatic protection.
V. Evaluation of costs
The execution of all the abovementioned steps in relation to the problems pertaining to the year 2000 carries expenses which should be considered and planned for the following years. These costs include:
- the costs of setting up the test environment and executing the tests (machine time, wages);
- the eventual costs of necessary hardware replacements or modification;
- the costs of eventual replacement or modification of software; (we should note, that the costs of modification of hardware and software should legally be borne by the supplier (manufacturer), but - especially for larger systems - this would probably be resisted, and therefore a compromise should be sought);
- the costs of the necessary modification of printed input or output reports.
Budapest, 8 April 1997
Ministry of Defence
Information Technology Department
1. Adopted unanimously by the Committee.
2. Members of the Committee: Mr Marshall (Chairman); MM Lenzer, Atkinson (Vice-Chairmen); Mrs Aguiar, Mr Arnau Navarro, Mrs Blunck, MM Cherribi, Cunliffe, Diana, Mrs Durrieu, MM Etherington, Feldmann, Hunault, Lòpez Henares, Lorenzi, Luìs, Martelli (Alternate: Turini), MM Nothomb, Olivo, Polydoras, Probst, Ramírez Pery (Alternate: González Laxe), MM Sandrier, Staes, Theis, Valk, Valleix, Mrs Zissi.
N.B. The names of those taking part in the vote are printed in italics.