Myths of the Year 2000

Martyn Thomas

Chairman Emeritus, Praxis Critical Systems

The shape of the Year 2000 problem around the world is becoming clearer, as many companies finish their building their inventories of affected systems and processes, and are able to assess the time and resources they will need if they are to reduce their risks to the minimum. For two years, I led Year 2000 services for one of the world’s largest global management consultancies, seeing projects in most industries and in many of the world’s leading economies. This is a snapshot of what I have learnt.

Myth 1: Year 2000 is a single problem

Several problems come together in the next three years.

For hundreds of years, people have abbreviated dates by omitting the century, causing ambiguity and confusion for historians and archivists. In the 1950s and 1960s, as computers were used more and more for business data processing, it was inevitable that this convention would be carried forward. Storage space and processor cycles were scarce and expensive, and the cost of any potential ambiguity seemed insignificant. Few programs had to handle date ranges that spanned two centuries, and those that did (such as pension administration) were either written to cope, or they soon encountered problems and were corrected.

As we reach the end of this century, most programs will need to manipulate date intervals that cross the century boundary. When the year is only represented by two digits, files that are sorted by date will have "00" records added at the front rather than after "99". Calculations that subtract an earlier date from a later will get a negative result and fail. Comparisons of dates in different centuries will give the wrong answer, so that a credit card that expires in 01 seems 98 years out of date in 99, whereas one that expires in 99 may seem valid in 01 (and for a long time afterwards). Similar problems arise with the shelf lives of perishable foods and medicines.

Throughout the 50-year history of computing, whenever there was the possibility of a serious problem, programmers have found many creative ways to make the problem worse. The "two-digit year" problem is no exception: year values of 99 and 00 have been used with special meanings or to mark invalid fields. Programmers designing user-friendly systems have assumed that if the year field is typed as 00 up to 09 then what was meant was 90 to 99, because the 9 key is next to the 0 key and these are common typing errors. Some programmers, knowing that century years need different leap year processing, have then made mistakes in the calculation and lost February 29^th 2000 (1).

There is also a separate, coincidental problem with the real-time clock in PCs, which may reset to 1900, 1984, 1980 or some other date instead of ticking over into 2000 successfully at the end of the century. This will not usually cause a problem as the BIOS in most recent PCs will detect the error and correct it. At worst, someone may have to reset the clock once manually. However older PCs and those with a faulty BIOS may need the correct date set every time they are powered up, and if the PC is being used to control some process directly, with the time taken straight from the real time clock and not through BIOS calls, any clock failure may have more serious consequences. PCs performing critical applications will need checking and may have to be replaced. (2)

Myth 2: Year 2000 is mainly a problem for mainframe systems

Three quarters of all mainframe applications have year 2000 faults. Finding the errors, making corrections, recompiling, re-linking, testing, integrating and further testing will cost a great deal of money: somewhere between 25p and £1 per line of software, depending on how professional the IS department is. Unfortunately, most large companies cannot reliably rebuild all their mainframe applications from program sources, even without the added problem of needing to change 10% of the source lines. The latest changes do not appear in the master source libraries, or parts of the system have not been recompiled for so long that they need an obsolete version of the compiler. (3) The stories are depressingly common, and the lack of basic software engineering disciplines will probably double the final cost of the Year 2000 problems.

Even so, an average of $1 US per line of software source may not seem an enormous cost, but many companies have tens of millions of lines of mainframe software source, and some have billions. An unforeseen expense of over $1 billion, with no business benefit, may not fatally wound a Fortune 500 company - but it is certainly painful and represents a volume of work that is unlikely to be funded, staffed, and completed successfully before systems start to fail.

So perhaps it is surprising that mainframe applications are not the biggest part of the Year 2000 problem.

Mainframe applications are usually managed by teams of programmers who know their systems well and who are able to change them and rebuild them competently. This may not be true for departmental systems (e.g. stock control), desktop systems (e.g. spreadsheets, laboratory systems), factory and warehouse automation, EDI, or communications systems. These present greater difficulties, because they may have been acquired or developed informally, the original vendor or developer may have disappeared, and the system may not be well understood by anyone. (4)

Year 2000 problems also exist in security and access systems (5), in air conditioning management and building control, in vital control systems, such as those driving industrial gas valves or monitoring temperature in power stations, and in engine management systems, alarms, and consumer products (6). The list of potential areas of risk is almost endless. It is already far too late to find and correct all the faults in these "embedded" systems, but some will be critical to safety, the environment or the business, and must be given priority for diagnosis, correction or replacement.

Even if the business has very modern systems, thoroughly checked and warranted free of Year 2000 problems, there could still be trouble. Customers may be unable to pay invoices for lengthy periods. Suppliers may fail, perhaps several of them at once. Business partners may have to switch from electronic data exchange to paper. Essential utilities may be interrupted.

Year 2000 is not especially a mainframe problem, or even an IT problem.

Myth 3: Year 2000 is not yet urgent

It is unfortunate that the 21^st Century Date Problem was not called the 1999 problem, or even the 1998 problem, since that is when many systems will first fail. Too many companies are still saying "we know that we have a Year 2000 problem, and next year we will put something in our budgets to sort it out".

For most companies, systems will start to fail in 1988 or 1999 if they are not failing already. The critical time, for every application, is the first moment that it encounters dates in the 21^st Century. From that point forward, errors could occur at any time. They may cause application failures, they may cause wrong results that are obvious, or the failures may be much subtler. Wrong data may be calculated and stored or passed to other systems. Records may be sorted into the wrong sequence and processed twice or ignored (7).

It makes sense to talk about the failure horizon for each application or item of plant or equipment. Some of these dates will be much closer than you expect; some may even have passed.

Myth 4: Year 2000 is an issue for the IT Department

Year 2000 affects the whole business, the deadline is immovable, and resources are limited in every company. Inevitably, important business investments will have to be delayed or abandoned if the year 2000 project is to be given the resources it needs. In most companies, only the executive committee or the Board can take such decisions. Auditors are already commenting on year 2000 readiness in their reports to audit committees. Soon they may have to start qualifying companies’ accounts. There may be issues affecting legal regulation, Health and Safety legislation, and litigation risk. Insurance cover for Year 2000 damage is limited and, in some cases, has even been withdrawn completely, leaving companies and individual Directors exposed to the possibility of crippling damages. Few IT Directors have the breadth of knowledge and executive authority to make the necessary decisions on behalf of the Board. Year 2000 is not an issue that can safely be left to the IT department.

Myth 5: Year 2000 is the only date-related problem

Year 2000 is a very significant member of a family of date related problems. The GPS Global Positioning System overflows an internal clock field in August 1999. Countries that use local calendars have similar problems on other dates - for example, some Japanese systems used a calendar based on the years of the emperor’s rule. The hardware clocks in most (perhaps all) processors and the date fields in most operating systems overflow at some time - one such problem occurred last Autumn. Then there is the Year 10,000 problem - but that can wait for a later issue of Computer Journal.

Myth 6: There will be a magic technical solution

The problems that have been created by incorrect date programming are very different from each other and embedded in almost every form of electronics technology. The corrections that have to be made, and whether they can be made at all, differ for each application. There will be no magic solution (8). There are tools that can be very cost-effective in helping with parts of the problem: preparing an inventory of software on a particular hardware platform; scanning code for suspected date processing; managing test data or controlling versions of source code. These tools can save more than half the effort that would otherwise be spent in some phases of the Year 2000 programme, and the cost estimates given earlier assume that tools will be used. Nevertheless, most risks can only be identified, prioritised and managed by people who understand the business and its processes.

Myth 7: The problem is under control

It is very difficult to get accurate information about the scale and nature of Year 2000 problems nation-wide or world-wide. At the end of 1997, it seemed that most companies had not finished their inventory of Year 2000 risks, so they had insufficient information to be sure what the problem would cost them, or whether they would get all the necessary work completed in time. Not surprisingly, most companies initially underestimate the scope and cost of the work needed, so budgets and timescales are constantly revised upwards. Those surveys that have been published have all depended on data from questionnaires filled in by companies themselves, without independent audit. The surveys are inevitably based on incomplete information and optimistic estimates.

Organisations are not good at delivering complex projects on time and within budget. Estimates vary, but it seems that more than 75% of projects are late or over budget and that many of the remaining 25% deliver less than was originally intended. Year 2000 has fixed deadlines and scope; it seems inevitable that a lot of the desirable work will not get finished, that testing and other quality management activities will be skimped, and that unplanned failures will occur.

Internationally, the level of awareness and action differs greatly from country to country. My impression from my own international experience, which is supported by the leaders of Year 2000 services in other major consultancies, is that the USA and other English-speaking countries are generally ahead of the rest of the world, but that even these countries still have a large part of their economic activity at risk. In continental Europe, preparations for European Monetary Union have taken priority over Year 2000 work. In Asia, awareness of the issue is at an early stage, although the problems exist in the same form as they do elsewhere. Central Europe and Russia seem to have major problems, as do South American countries.

The evidence is weak, in that it is anecdotal, but it is quite consistent. The problems are far from being under control.