# Y2K--The Year 2000 Bug Crisis

The Year 2000 Problem (Y2K or Y2K "bug") began as a simple cost saving measure used by computer software companies when programming mainframes. This decision was made back in the 1960's and early 1970's. Software companies found that it would be cheaper to represent the date in a computer as six digits (dd/mm/yy) as opposed to eight digits (dd/mm/yyyy). It was decided to hard code in the 19__ for the first two digits of the year. It was simply easier to subtract two, two digit numbers as opposed to two, four digit numbers. This works fine as long as you are using dates that have the 19 as a prefix but, when the year 2000 hits this will cause systems that use the hard coded 19 to fail.

Many people ask why the dates are so important. The truth is that dates are involved with almost every financial transaction you can make. Imagine how this will effect banking systems that use the year to calculate your interest. When subtracting 20(00) from 19(50) the computer will read the answer as a -50. What the computer will do with a negative number when it is expecting a positive one is part of the problem. There are as many answers to that question as there are sources. It is not simply a matter restricted to finance, because there are other critical aspects of life that could become disrupted. Perhaps a nuclear power plant uses time to calculate how long to keep the control rods in place before moving them. These control rods keep a reactor from going critical, and by moving them too fast, adverse reactions could take place. Remember Chernobyl?  On a broader scale, the US military relies on complicated computer systems to maintain its edge. If these computer systems go haywire then once again, adverse reactions could occur. Computers control many of our strategic nuclear missiles, tactical weapons, command and control systems, and various other systems.

Why has not the problem been fixed yet?  To fix the problem, people must first admit there is one. Many companies and especially government have, until very recently, been reluctant to accept that the Y2K "bug" affects them. It's the old, pretend nothing is wrong and it will go away, syndrome. When the year 2000 arrives we will see if it simply goes away or spawns disaster. Another aspect of fixing the problem is that it is estimated that 40% of companies have either lost, or thrown away the original source code for their systems. The only practical method to fix their problem then becomes to reinvent the program. A very expensive and time consuming task to say the least, especially when the customer has invested much time and money in the original system. Another hurdle to fixing the problem is the very software development community that created it in the first place and no one can agree on a standard. The computer industry as a whole is guilty of this. A standard is important, because for computers to be able to trade information the data must be stored in a manner that all computers can understand.

What will this cost?  The cost for fixing the Y2K problem to date has been simply staggering. The amount can only go up from here as more businesses and government realize that something needs to be done and scramble to find a solution. Since this problem effects us all we can hardly afford to ignore it. The cost of ignorance is by far higher then fixing it.

### Ways the Y2K Problem Affects Us

The Y2K problem will possibly have many serious effects upon many of the workings of everyday life around the world. The Y2K problem, commonly known as the Y2K "bug", occurs because the computer stores the date using two digits. The computer assumes the first two digits are 19 and stores the last two. (i.e. the year 1998 would be stored as 98). This can be detrimental to businesses, because if not fixed, it could deny them to access the internal system and/or produce errors in sales. Whether the company has no sales or falsely reported sales, loss is inevitable. Individuals could experience denied credit, lost funds, wrongly allocated funds, thus changing the way they do business. A point commonly overlooked, is if businesses are closed due to the problem, people will have no place to shop, especially for groceries. To demonstrate how the Y2K problem will affect us, the paper will examine three points:

• Loan, credit, and banking problems
• Businesses facing losing large amounts of money
• Personally owned computers

#### Loan, credit, and banking problems

According to a February 10, 1998  Chronicle News Service [1] [ ] article, the U.S. government's General Accounting Office is predicting that as many as 700 U.S. banks may close their doors on January 1, 2000 because of Y2K computer problems.

Many aspects of the banking world will be affected by this glitch, because practically everything in the financial world is numbers. Among these numbers are dates, which are on savings accounts, checking accounts, CDs, loans, credit cards, et cetera, etc. According to the  December 2, 1998, Iowa Gazette article, "Computers set for year 2000 at Iowa banks" [2] , every bank that deals with the FDIC is on a check list. Every bank or depository institution that deals with the Federal Deposit Insur- ance Corporation has its own plan for dealing with the millennium problem and is re- viewed and verified by the FDIC and several other organizations. These precautions were initiated to hopefully reduce the risk and severity of the perceived problems with the banking industry. There is some hope that the precautions will take care of the problem completely, but many believe that they will only reduce the harshness. Some problems that are expected to happen or have already happened due to the Y2K glitch include:

• Credit card readers not accepting cards that expire in the year 2000
• Incorrect calculating of interest on savings accounts
• Interest problems associated with loans or other problems associated with having the wrong date on a loan

#### Businesses facing losing large amounts of money

Businesses, big or small, do not like to lose mass amounts of money. The Y2K "bug" can affect a company, whether it is directly in contact with it or not. Say for example that a company has completely cleaned its systems of all problems associated with the Y2K problem, now consider the following scenarios that can still ruin a company:

1. A customers of your company does not have all of its Y2K problems fixed and their machines shut down and cancels its order for the next quarter.
2. Major suppliers to your company fail to make time critical deliveries.
3. External payroll and accounting vendors can no longer perform their jobs.

All of these scenarios can potentially cripple a company because its customers or associates have not done all they can to fix their millennium problems. Not only can one lose a great deal of money and profits this way, but lawsuits associated with Y2K problems can generate a huge loss in profits as well. If a business fails to accurately identify and disclose the complete potential financial impact of the Y2K crisis, it leaves itself open to a large set of problems. Included in this are shareholder lawsuits, which could ruin the company as pointed out by the Jacksonville Business Journal [3] .

#### Personally owned computers

It seems that the problem most people today are concerned with fixing, is the millennium "bug" on mainframes and other high end computers. A very good number of people don't even think about how it will affect the individual workstations that are used within the company or even their own personal computers, which they use at home in their spare time. While it possibly does not have as big an effect on the workings of international business as mainframes do, personal computers often hold important data for the people who use them. It would be rather irritating to start your computer up January 1, 2000 to find that it thinks it is the year 1900. This error would also mess up any scheduling programs that are running in the background. These are relatively minor problems and could be lived with if absolutely necessary; however, this should not be an alternative. More importantly, if a computer user takes advantage of on-line banking from home, he/she may be drastically affected without an error free computer. This goes back to the problem that banks would incur if the problem was not fixed. Another problem would occur if electronic checks were sent out dated as 1900, especially if they were for loans or mortgages, which are time dependent.

### Reasons the Y2K problem is hard to fix.

The Y2K problem is a difficult problem to fix for many reasons. There are mass amounts of code that needs to be examined and fixed, poor coding practices used by coders in the past, poor design of older languages, problems with embedded code, and the tremendous amount of procrastinating prevalent in the industry on this problem.

#### Large Programs --poor coding practice

The biggest obstacle to fixing the Y2K problem is the sheer amount of code in the industry that needs to be checked. The large code also compounds other major problems with fixing Y2K and its rapidly closing deadline. The original programs took months or even years to write, which contain code from several different parties. Another complication is that programmers occasionally bypassed the standard library routines for dates and wrote  their own date handling functions, so a Y2K repair team will frequently have to search through a significant portion of the codebase to find all instances of date functions. This problem is also worse than most people realize because most programs will fail sometime before January 1st, 2000. This complication stems from programmers using 99 as a special field in records and people entering future dates into the system as part of normal business work. Mainly because a developer remembers and understands his product more than anyone else, the programmers who originally developed the software applications are generally the most capable persons to fix the problems in the code. This would be a good solution; however, most companies no longer have those programmers anymore. In most cases, many of them are retired and are no longer available. This means that a company will have to hire outside programmers who have never seen the source to the programs before. This will increase the time and cost required to fix the program significantly, since the new programmers must first understand the program before they can fix it.

#### Undocumented Code

Another problem facing the people trying to fix the Y2K problem is the lack of documentation on the implementation of their programs. This is another reason why the original programmers would be the programmers of choice to fix the programs. Programmers have always hated documenting their work, and when they can get away with it they will usually document as little as possible. This problem is alleviated somewhat in current programming projects by the use of mandatory documentation standards. Without these standards in older programming projects, there was generally less documentation. Without the documentation, new programmers must take even longer to understand the code, before they even begin fixing it. For a company trying to fix their Y2K problem this means higher costs and a tighter time schedule.

#### Old Languages

The combination of large program size and short remaining time is made worse by the addition of several other factors such as the poor structuring of older code. In the past few years programmers have learned much about structured coding, usually from the mistakes of earlier programmers, that allow them to write maintainable code with reasonable ease. Old programs do not benefit from those techniques and in fact are the reason those techniques were developed in the first place. Many older languages do not support many of the structuring techniques used today nor did the programmers of the day know how to write easily maintainable code. For the average business, this means that the Y2K problem will take even more time and money to fix. The old programming languages used to write old programs lead to another difficulty, the lack of people who still know how to write in those languages. This is a big problem for companies who are willing to spend the money to fix their systems, but cannot find anyone who can solve their problem. This problem is most pronounced with COBOL, which most programmers were more than happy to slowly let die over the years. This problem is becoming less pronounced as COBOL courses open up all over the country to accommodate the flood of people reacting to the demand created by the Y2K problem.

#### External Libraries

There are some problems that most companies won't have to worry about, but will affect some companies in potentially disastrous ways. For instance, if the programmers used an external licensed library for their date manipulation, the problem falls on the developer of the library. If the developer is out of business, the company will either have to buy a different library and attempt to replace the old one, or rewrite the library and plug it into the program. Both options are extremely expensive and require a good deal of time for any decently sized library.

#### Embedded Code

Another problem area is embedded systems, where the software is burnt into the hardware directly. Fortunately most embedded systems are not affected by the date; however, those that are will either have to be replaced or repaired at great cost before the millennium arrives. Overall, the combination of all of these factors makes solving a Y2K problem very expensive and time consuming. Most companies do not want to spend millions of dollars and also do not have much time to fix the problem.

Code size is the primary contributing factor, although several other factors contribute to the problem. Most of the smaller factors work to multiply the problem, and can make the problem daunting to even the most determined company.

### Costs Associated with Y2K

The Y2K problem is going to be costly for all concerned in terms of repair costs (updating software to operate properly), in lost time, and in customer dissatisfaction. Estimates of the actual costs of Y2K vary from unknown to minimal to \$30 billion, depending on the source. Sources of these cost estimates are from private companies, many of which specialize in the Y2K problem. Searching for and changing existing code to handle a four digit date requires much manual intervention and possibly line-by-line inspection and modification. Considering the millions of lines of code which exist in most aspects of life in the United States, this compounds into a very large issue. Because of this, most companies are approaching Y2K with fear and trepidation.

#### The Government's estimates

The government is, as a whole, taking the problem and the costs associated with it very seriously, though there are some who seem to believe that the problem is overstated. Supporters on both sides of the argument have voiced their opinions and estimates publicly. Judging by the number of large estimates which have been publicly announced, it seems that those who are concerned about Y2K have a louder voice than those are not. In a report to congress in January of 1998, the Department of Defense stated that complete estimates to fix Y2K were unknown [4] . Since then it has been announced that and an additional \$2.4 billion is now estimated to be required to fix all of the systems which the Department of Defense uses [5] . This is in addition to the over \$1.9 billion which the Deputy Secretary of Defense John J. Hamre stated that the Deparment of Defense (DoD) has already spent updating its systems to handle the turn of the century problem [6] . These systems include Air Traffic Control, communications, tactical information systems, and others which could cause great financial and human losses based solely on the problems associated with a faulty date. Hamre expects Y2K computer problems to be "nuisances, not crises," as illustrated by his press release statement on October 14, 1998 [7] . Hamre also said that the DoD will have Y2K fixes in place for 95 percent of its more than 2,500 mission critical systems by the end of 1998. Testing of the fixes will begin in March 1999. All mission critical computer systems will be Year 2000 compliant in time, he said. In typical military style, Hamre said the department is attacking the Y2K problem just as it would an enemy. "We know the time and place this enemy will attack," he said, and that "it has the capability to shut down our fuel system, command and control, logistics and resupply -- everything an enemy would go after."

#### Estimates in the Private Sector

In the private sector, some insurers are quietly preparing changes to general property and liability policies to make it impossible for customers to collect Y2K damages, such as sales lost by an automaker if a supplier can't ship parts because of a Y2K glitch [8] . The Prudential Insurance Company of America, is having a hard time figuring out whether its existing corporate insurance will cover any computer downtime or lawsuits. After five months, Prudential analysts are still attempting to quantify the impact on existing policies and do not expect to have an answer for additional two months. The MITRE corporation has been contracted by the government to produce cost analysis estimates. In her report, Janet Fredrickson [9] has separated the costs into categories as shown in Figure 1, and has estimated the cost of repairing code for certain applications. She states, "our analysis showed a range of cost, calculated as a function of the executable lines of code, as follows:

• Ground and Airborne Radar Systems (\$2.02 - \$8.52)
• Communications Processing Systems (\$1.23 - \$5.54)
• C2 Planning Systems (\$1.22 - \$1.84)
• Logistics Support Systems (\$1.02 - \$1.39)"
These estimates from MITRE are in dollars per line of code. Considering the millions of lines of computer code in use today, this paints a picture of many billions of dollars required to fix the problems associated with Y2K.

Figure 1

### Conclusion

The Y2K problem, now that is is more recognized, has raised much well earned concern and discussion over the past couple years. Much of the the Y2K's realization can be contributed to Paloma O'Reily, a Navy computing security specialist, who in 1996 believed that awareness of the problem was not getting out to the general public. She went on to found a "grass roots" program called "The Cassandra Project."  The Y2K "bug" discriminates against no one, and will infect whosoever chooses to ignore it. The paper has shown and discussed how the bug, not only affects businesses and organization, but also the people who use them. Some predict a 40% chance of a national power outage and an 80% employment rate due to the Y2K problem. The problem is difficult to fix, due to procrastination, "spaghetti code" and poor coding practices, and many more reasons that do not seem to have a direct impact on the issue. Another issue that can not be ignored is the overwhelming amount of money that it will take to fix the problem. Many organizations will solve their Y2K problem with the addition of a software patch, an upgrade to their system, replacement of hardware, and/or possible re-design of database elements. Once these items are completed, many organizations will declare a victory and move back to business as usual. This choice may help some businesses; however, many will experience problems due to their supposed fix. The patches that some companies propose to install do indeed fix the problem, but may slow down every day processes drastically. Because of the choices that the Y2K problem entails, and the finances associated with it, the Y2K problem becomes a management issue as well as a technical one.

The Y2K problem is still not recognized, and must be pushed to make more people aware of the issue at hand. According to a discussion of the Y2K issue, held on Washington-Online.com, "two-thirds of all American business organizations have yet to realize the magnitude of their problem or take any action to reconcile identifiable causes for concern!"  It is reported that many of the European countries are so engaged in developing the Euro-currency, they have not even identified the problem or worked to solve it.

Much testing is presently going on, while many are still in the planning stages. According to Y2K-The Coming Storm video [10 ] the fiscal years in Canada, Japan, and New York are scheduled to be run and tested on April 1999, while more are planning to follow on July 1. The federal government is planning to run and test on Oct. 1, 1999. The INSP published a set of grades that the government has given each department in relation to fixing the problem.
 Department of Agriculture C Dept. of Housing and Urban Devlpmnt. C Nuclear Regulatory Agency D Department of Commerce B Dept. of Health and Human Services F Office of Personnel Management D Department of Defense D Department of the Interior D Small Business Administration A Department of Education F Agency for International Development F Social Security A Department of Energy F Department of Justice F Department of State F Environmental Protection Agency B Department of Labor D Department of Transportation D Federal Emergency Management Agency B- NASA C+ Department of the Treasury D+ General Services Administration B+ National Science Foundation A Veterans Affairs B-

As safety precautions to have checked off before January 1, 2000 arrives:

1. Make a list of things you NEED and prioritize
2. Find alternives for things
3. Buy powdered milk and eggs
4. Purchase non-perishable food
5. Check ALL medications
Washington-Online.com listed a plan of action for businesses to follow:
1. Recognize the Y2K problem
2. Organize a select strategic planning group
3. Examine and define your organization's exposure to all possible Y2K impacts
4. Define risks that may threaten the very life of your organization
Cutoff of critical raw materials or supplies
Impacted finances and cash flows/reserves
5. Define all other risks that could have a cumulative impact to threaten your organization
6. Assign responsibility for investigations and corrective actions
7. Plan for possible catastrophic events through Year 2003 (A five year Strategic Plan)
8. Insure that your outside partners - even large institutions like your bank are taking action
10. Replace any trading partners who are not in compliance
11. Continue to examine your environment (and business domain) for risks and opportunities*
12. Act to change course in accordance with your Strategic Plan and Strategic Path
13. Stay nimble - remain alert to changes
14. Re-initiate your planning process as required until this issue has run its course.

It is imperative that we be aware of the Y2K problem, approach it with extreme caution and most of all....with respect.

# Footnotes

1. "Houston Chronicle.com", http://www.chron.com
2. Ford, George C., "The Iowa Gazette", http://www.gazetteonline.com/money/mon986.htm
3. Hurteau Daniel, "The Jacksonville Business Journal",
http://www.amcity.com/jacksonville/stories/1998/11/30/focus4.html?h=2000
4. Department of Defense Undersecretary Colonel Bridges, DoD news briefingî,
5. Director of Department of Defense Y2K Oversight William A. Curtis, DoD Focusing on Year 2000
6. Deputy Secretary of Defense John J. Hamre, Statement Before The Senate Armed Services
Committee Information Systems: Y2K & Frequency Spectrum Reallocationî,
7. Deputy Secretary of Defense John J. Hamre, Y2K Problem Will Be Nuisance, Not Crisisî,
8. Robert L. Scheier and Patrick Thibodeau, Insurers plan limitations on Y2K coverageî,
http://www2.computerworld.com/home/print9497.nsf/All/SL35ins
9. Janet Fredrickson, jfred@mitre.org, Cost Estimation for Year 2000 Effortsî,
http://www.mitre.org:80/research/y2k/docs/COST_EST.html
10. "Y2K: The Coming Storm", INSP-The Inspirational Network, video-media, Oct. 23, 1998.

# Bibliography and Changes to Current Links

"The Cassandra Project", http://www.millennia-bcs.com/.

Department of Defense Undersecretary Colonel Bridges, DoD news briefingî,

Deputy Secretary of Defense John J. Hamre, Statement Before The Senate Armed Services Committee
Information Systems: Y2K & Frequency Spectrum Reallocationî,

Deputy Secretary of Defense John J. Hamre, Y2K Problem Will Be Nuisance, Not Crisisî,

Director of Department of Defense Y2K Oversight William A. Curtis, DoD Focusing on Year 2000

Ford, George C., "The Iowa Gazette", http://www.gazetteonline.com/money/mon986.htm.

Fredrickson, Janet, jfred@mitre.org, Cost Estimation for Year 2000 Effortsî,
http://www.mitre.org:80/research/y2k/docs/COST_EST.html

Geldern, John van, "Computer Age Armageddon", http://www.y2kanswers.com/Armageddon.htm.

"Houston Chronicle.com", http://www.chron.com.

Hurteau Daniel, "The Jacksonville Business Journal",
http://www.amcity.com/jacksonville/stories/1998/11/30/focus4.html?h=2000.

Scheier, Robert L. and Patrick Thibodeau, Insurers plan limitations on Y2K coverageî,
http://www2.computerworld.com/home/print9497.nsf/All/SL35ins

Stockton, J.R., "John Stockton's Date & Time Miscellany",
http://www.merlyn.demon.co.uk/miscdate.htm.

"A discussion of the Y2K Issue--Washington-Online.com",
http://www.washington-online.com/discussion.htm.