*EPF313 02/02/00
Text: Information Industry Assesses Y2K Remediation
(Liability protection, information exchange are key issues) (3560)

A representative of the information technology industry told members of Congress January 27 that businesses and organizations around the world reaped three benefits from the Y2K remediation effort: increased communication, organizational restructuring, and updated computer software and systems.

Harris N. Miller, president of the Information Technology Association of America (ITAA), said, "It is my belief that avenues have been opened and communication lines have been formed that can lead to new relationships and substantive agreements between countries that collaborated on Y2K."

While Miller described the Y2K remediation effort as an "unprecedented success story," he also said that reports of disruption still occur on " an almost daily basis." Further he warned the congressional panel that February 29 may still cause problems and he suggested that companies may encounter difficulties later in the year as they compile quarterly reports.

Miller said Y2K remediation was successful because of Congressional passage of the Information Readiness and Disclosure Act of 1998, a law which encouraged information exchange about Y2K problems

Communication throughout government and industry also contributed to the success of the remediation effort, Miller said. "ITAA worked closely with the Department of Commerce and the Small Business Administration to communicate with the commercial sector on Y2K issues." Miller is also president of the World Information Technology and Services Alliance and he emphasized the importance of communication about Y2K fixes on the international level.

As many companies raced against the clock to prepare for the Y2K rollover, Miller said top managers found the need to restructure as they came to understand the company's computer capabilities for the first time. Many executives realized that their companies computer software and systems required updating. Miller said, "Many companies used the Y2K Renaissance as the opportunity to not just renovate old systems but to replace them altogether."

This renaissance may also lead to what Miller called "a floodtide of innovative new information systems deployments across the economy." Miller also stressed the importance of continued communication and cooperation in our increasingly computer driven world.

Following is the text of the statement as prepared for delivery:

(begin text)

Statement of Harris N. Miller

President, The Information Technology Association of America (ITAA)
Before the Joint Oversight Hearing of the Subcommittee on Government Management, Information and Technology and the Subcommittee on Technology

January 27, 2000

Introduction

Chairman Horn, Chairwoman Morella, and Honorable Members of these Subcommittees, I am honored to testify before your Subcommittees today on the subject of the Year 2000 Computer problems again. I am President of the Information Technology Association of America (ITAA), representing over 400 direct and 26,000 affiliate members in the IT industry across the United States.

I am also President of the World Information Technology and Services Alliance (WITSA), consisting of 39 information technology associations around the world. Through ITAA and WITSA, I have been very involved since the beginning in education, awareness and information sharing related to the Y2K issue on a national and global level. As I had the privilege to participate in the first of the Year 2000 hearings your Subcommittees held, I appreciate the opportunity to testify on what may be the last.

Unprecedented Success Story

As I have testified before to these Subcommittees and others on the Hill previously, ITAA was the nation's Paul Revere on the Year 2000 issue. We began our midnight ride in 1995, with a series of industry meetings and publications. We learned much about the Year 2000 issue along the way, built the industry's only certification program, a weekly electronic newsletter reaching ten thousand readers in 80 countries, an alternate dispute resolution program, a solution providers directory, an information packed Web Site (http://www.itaa.org), and much more. I also gave numerous Year 2000 presentations to groups all over the world, in locations as diverse as Brazil. Beirut, Beijing, Shanghai, Paris, Mexico City and many others in my role as WITSA President, in addition to testimony here on Capitol Hill and speeches to government and industry leaders here in the U.S.

Now that the ride is over, we have, in effect, defeated the British at Bunker Hill. But I must give credit to the many leaders who made the success possible. The Y2K transition in the U.S. and around the world was so smooth in large part due to some of the people sitting in this room today. I commend you both, Chairmen Morella and Horn, for highlighting this important issue and helping to bring it to the forefront of the attention to the U.S. government. Senators Bennett and Dodd were also critical in their roles with the Senate Special Committee on Y2K. I also commend the three witnesses on the previous Panel, John Koskinen, Joel Willemson and Commissioner Rossotti, each of whom had very prominent roles in assuring that our government and our country were prepared for the Y2K rollover. The appointment of John Koskinen by the President in 1998 signaled the recognition by the Administration of the seriousness of Y2K, and the creation of the President's Council may have been the turning point that enabled our government to utilize time and resources to remediate the government systems in time for the rollover. ITAA worked closely with the Department of Commerce and the Small Business Administration to communicate with the commercial sector on Y2K issues. Those two agencies performed a particularly important task of bridging the gap needed to communicate with medium and small businesses.

This Congress played a crucial part in ensuring a smooth transition to 2000. Combined with the many hearings held by your Subcommittees and others, the passage of the Information Readiness and Disclosure Act of 1998, a bill that ITAA strongly supported, allowed businesses to work more closely together to solve issues together quickly. ITAA worked with our members and non- member companies to explain the provisions of the Act and encourage companies to share information after the bill was passed. The Small Business Y2K Readiness Act was a necessary measure that also encouraged action for our nation's thousands of small and medium-sized enterprises, so important to supply chains across the U.S. These two legislative measures captured the spirit of U.S. success with solving Y2K - information sharing, awareness and special resources where necessary.

We cannot talk of the tremendous success of the Year 2000 transition without mentioning the hundreds of thousands of programmers and engineers who painstakingly combed through trillions of lines of computer code to repair nearly all of the Y2K date references, then tested and re- tested the remediation to make sure it was correct. Also critical to the national success were the CEOs and Boards of Directors who recognized the need to remediate and made it a priority. And finally, the Chief Information Officers in business and government who engineered the successful repairs and also made sure that all supply chain components were compliant, were essential to operationalizing the directions from management and mobilizing the troops for successful repairs.

Remediation was no small task. This was the greatest peacetime mobilization of all time - or at least since the building of the pyramids. But Y2K is also the unmitigated best technology news story of the millennium - and the benefits of the investment of time, resources and new equipment will pay off in real increases in productivity, competency and understanding of technology.

Y2K Renaissance in the Making

Y2K occurred for numerous reasons, in no small part due to the incredible resilience of information technology systems themselves. Many software applications were designed to operate in the "here and now" but instead worked productively far into the future.

Ironically, many software systems became the victim of their own success, tripped up by the two- digit date formatting convention.

I would submit that with the substantial investment made by companies in fixing their systems, these firms now stand poised to reap the benefits of a Y2K Renaissance. How can this be?

Any major organizational change has at least two components: a consolidation of things past and a channeling of time, energy and resources into new strategic directions. We have both elements present with the Year 2000 date conversion. For many firms, Y2K became not only a down in the weeds date find-and-fix exercise, but the pretext for making a systematic, enterprise- wide reassessment of IT assets. In essence, companies decided that while getting the oil changed, why not have the engine tuned also? For the best managed organizations, the "tune up" meant taking a careful inventory of all systems, applications, Commercial Off The Shelf (COTS) products, utilities, databases and other software and embedded system holdings. Programmers and other IT professionals considered issues such as:

--what, where and how frequently corporate IT assets were used;
--how critical these were to operations;
--the extent to which systems and subsystem components were properly documented;
--the interrelationships between systems both inside and outside the enterprise;
--the accuracy of IT inventory listings;
--and mechanisms for managing IT assets.

Through this process, organizations have gained an unprecedented level of visibility into IT infrastructures -- a blueprint for managing the installed base and the informational foundation for moving forward. In drawing the lines tight, companies have pruned away the dead wood from their software inventories; prioritized systems and gained new insights as a result; improved the management of source code, test scripts, documentation and other software artifacts; created test beds and logical partitions for system testing along with invaluable new experience in the testing realm; gained bona fides in such areas as configuration and program management; built important and constructive new bridges between IT shops and line units; acquired exposure to many innovative new tools and techniques for software design, development and maintenance; achieved a more quality-oriented approach to software development, leveraging the benefits of formal processes and methods.

Faced with a fork in the road, many companies used the Y2K Renaissance as the opportunity to not just renovate old systems but to replace them altogether. This process in itself has been instructive. Conventional wisdom on new software deployments suggested that years are required to implement an enterprise application. Given the narrow window of opportunity and "brick wall" due date for most Y2K replacements, firms were forced to think long and hard about the wisdom of replacing their legacy systems. Many organizations decided to face the new millennium with new Y2K compliant applications in place. I think that one of the unsung stories of the Year 2000 conversion is the dramatic success enjoyed by those firms able to field new systems so quickly and, apparently, so flawlessly. Advances in technical areas such as common program interfaces, data standards, directory services and other categories are ringing the risks from software projects. Modem programming techniques, including object oriented programming and structured database approaches, have also played an important role.

Another of the success stories shared across the Y2K community is the extent to which companies learned to work together. The Y2K potential for mishaps was recognized and avoided by organizations willing to remove their own organizational barriers and to seek crosscutting solutions. This is certainly true of the find-fix-and-test interplay between IT and line business units, as mentioned earlier. But this is only part of the story. Y2K required companies to think and plan for contingencies on an enterprise-wide basis. As a result, employees across a broad spectrum of professional disciplines became involved in the contingency planning process. These individuals gained the opportunity to view their company through a much wider lens and to appreciate its inner-workings with much greater understanding and appreciation. They also received the opportunity to step outside of the box. To see how a corporation is one link in the chain bringing value to customers. They discovered the vulnerabilities posed by supply chain relationships, how these relationships are under-girded by information systems, and how the entire business eco-system must be protected by proper communication, knowledge sharing, testing and contingency planning.

Surely these new insights will yield a variety of business and economic benefits, from graduating far more employees to general management to finding new points of leverage for IT solutions, themselves.

So this Y2K Renaissance sets the stage for good things to come. I think its also fair to say that many companies responded to Y2K by freezing new system development activity, putting off plans to build E-business functionality, shying away from new enterprise-wide software deployments. With every freeze comes a thaw. The Y2K winter heralds a robust infusion of IT investments, particularly in the adaptation of Web technology to traditional business processes-and vice versa. The Internet is transforming everything about commerce today, from assembling the international team that designs a product to transmitting the truck routing information necessary to bring it most expeditiously to your door. To the extent that Y2K created a freeze, it also gave companies the opportunity to step back and build their post-Y2K technology investment strategies. With the Year 2000 software conversion out of the way, I look for a floodtide of innovative new information systems deployments across the economy.

The Hype and the Reality

I am by nature an optimist and freely admit that this notion of a "renaissance" sees the Y2K glass half full. I do not doubt that there are those who see the glass completely full--of hype. To these individuals I would simply observe the following:

--If left uncorrected or corrected improperly, the Y2K bug would have proven troublesome at best and disastrous at worst. The situation was binary: either fix the software or suffer the consequences. Any doubts should be resolved by the Japanese nuclear power plants reporting glitches with their monitoring systems, the Department of Defense reconnaissance satellite disabled by a glitch on the ground, the medical equipment failures in Sweden and Egypt, a Y2K problem at the Oak Ridge National Laboratory, the Doppler weather system shut down in Chicago or the double charging snafu in Visa and MasterCard transactions. I suggest to you that if just one problem-that with credit cards-had not been properly remediated, you would be listening to Alan Greenspan today talking about an economic downturn caused by Y2K, not Harris Miller talking about success.

--The medium is the message. In this case, the Internet proved to be the great equalizer-an incredibly powerful medium for leveling the learning the curve on Y2K renovation. Both companies and countries coming late to the proceedings were able to gain enormous efficiencies from the shared experience of others. These efficiencies expressed themselves in saved work, fewer mistakes and false starts, more productive processes, a better understanding of available tools and supports, compliance information and more. The Internet was put to wonderful service by industry trade associations, ITAA among others, who used this medium as a force multiplier. Working together, industries from electric and nuclear power to retail and banking closed ranks to defeat the bug.

--We are not out of the woods yet. Y2K to date is an incredible success story. Almost one month into the new year, the outages that have occurred, while many have been significant, have not been of the epidemic proportions once feared. Still, we continue to hear of disruptions on an almost daily basis and organizations still face important date rollovers, including leap year, end of quarter and end of year closings, and other events. While the popular perception surroundingY2K conjured fears of a major and immediate meltdown, many knowledgeable observers have warned of the cumulative effect instead. As with everything else Y2K, only time will tell.

--Industry proved up to the task. The self-governed information technology industry, working in tandem with other industry groups, identified the Y2K threat ahead of time and fielded the solutions necessary to head off disaster. This industry-driven approach worked in real time-a happy circumstance which I expect would have been quite different if attempted under a government regulatory approach.

Key Global Cooperation

One of the very real benefits of Y2K was the global cooperation among governments and in the private sector. Commercially, large companies made it a priority to work with smaller vendors and suppliers to ensure Y2K compliance, whether those businesses were located in Mexico, Madagascar or Mongolia. Among governments, some might argue that such a rapid mobilization by so many has never even been tried before, let alone succeed. Take for example, the nuclear missile command center set up by the United States and Russian militaries in Colorado Springs to collaborate on weapons monitoring. A remarkable example of information sharing.

I have been fortunate not only to witness this cooperation first hand, but to play a part in its development as well. In 1997, WITSA produced the first global white paper on Y2K impact which was widely distributed among our 39 member associations to generate dialogue and awareness. WITSA, the International Chamber of Commerce (ICC), the World Bank, the Organization for Economic Cooperation and Development, and INTUG then organized the first global summit on Y2K in London in October 1998 for the commercial sector, bringing together key delegates from over 35 countries. For many on the international scene, this was the first wake up call outlining the realities of Y2K, and later international Y2K conferences held were modeled after this event.

WITSA also worked with the leadership of the United Nations to help support the December 1998 meeting of 120 national coordinators in New York City, which called for greater international coordination, information sharing, and cross-sector dialogue on the Year 2000 problem. The meeting also recommended launching a global awareness campaign with emphasis on international contingency planning. The International Year 2000 Cooperation Center (IY2KCC) was established at the beginning of February 1999 to carry out the recommendations of the special meeting, and WITSA was able to play a critical role in its creation by obtaining funding from the World Bank's InfoDev sector to create the infrastructure for the Center. The Center is governed by a steering committee of National Y2K Coordinators, of which I am a member.

Bruce McConnell, the Center's director, and the IY2KCC have been successful in creating a trans-border dialogue and action on Y2K. Through a series of regional and global meetings, the Center outlined concrete action plans in the areas of awareness, cross sector cooperation and cross border cooperation and contingency. Every indication now shows that the cooperative agenda and programs developed by the IY2KCC have helped countries, companies, organizations, and other individuals around the globe cope more effectively with the Y2K challenge.

It is my belief that avenues have been opened and communication lines formed that can lead to new relationships and substantive agreements between countries that collaborated on Y2K. The threat of disaster may have forced the initial cooperation, but I believe the threat of losing connections in the future will keep these lines strong. Too much could be lost by severing ties in 2000 and beyond.

New Opportunities

The high level of international cooperation on important IT challenges should continue in the next Millennium. One of the strongest challenges is that insuring that the Digital Revolution, which has already brought access to the Internet to 200 million people worldwide, does not inadvertently create a divide between digital "haves" and "have nots." Instead, the Internet should be seen and become a technology, which is available and beneficial to all.

The IY2KCC highlighted the effectiveness of a global dialogue on high technology challenges and opportunities facing all countries and sectors. While much publicity has surrounded the explosive growth of the Internet and e-commerce, there is growing concern that the Internet will develop unevenly and could potentially further the economic divide between developed and developing economies and within various countries between individuals of various socioeconomic status. However, not enough has been said or done to maximize the new directions open for both developed and developing countries because of the Internet--what many refer to as the Digital Opportunity

Building on the network of experts developed by the IY2KCC, a global coordinating

Center on Digital Opportunity should be created. The Center should include both public and private sector experts. The mission of the Center should be to promote the expansion of the Internet and electronic commerce in developing countries by establishing increased collaboration among governments, multilateral institutions, businesses, and NGOs which want to promote and can benefit from insuring that as many people as possible are

connected to the Internet and the products and services that can be delivered thereby.

A second area for future collaboration should be on information security. Like Y2K, so much is at stake as more and more of the national resources of the globe are carried over technology and computers. Threats to systems come in multiple forms: disgruntled employees, mischief-minded hackers, terrorists, rogue nations. These threats are global in scope and global in their potential impact. They are not just problems in the United States. All those who produce and use IT have an obligation to lead in our own countries. Information security is a fundamental challenge that requires everyone's attention.

Chairman (Stephen) Horn, Chairwoman (Constance) Morella, again I thank you for the opportunity to testify here today, and I would be happy to answer any questions from the Subcommittees.

Harris N. Miller
President
Information Technology Association of America (ITAA)

(end text)

(Distributed by the Office of International Information Programs, U.S. Department of State)

NNNN