Defense Computers:

Year 2000 Computer Problems Threaten DOD Operations

AIMD-98-72: Published: Apr 30, 1998. Publicly Released: Apr 30, 1998.

Additional Materials:

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the Department of Defense's (DOD) program for solving the year 2000 computer systems problem, focusing on the: (1) overall status of DOD's effort to identify and correct its date-sensitive systems; and (2) appropriateness of DOD's strategy and actions to correct its year 2000 problems.

GAO noted that: (1) DOD relies on computer systems for some aspect of all of its operations, including strategic and tactical operations, sophisticated weaponry, intelligence, surveillance and security efforts, and routine business functions, such as financial management, personnel, logistics, and contract management; (2) failure to successfully address the year 2000 problem in time could severely degrade or disrupt any of DOD's mission-critical operations; (3) DOD has taken many positive actions to increase awareness, promote sharing of information, and encourage components to make year 2000 remediation efforts a high priority; (4) however, its progress in fixing systems has been slow; (5) in addition, DOD lacks key management and oversight controls to enforce good management practices, direct resources, and establish a complete picture of its progress in fixing systems; (6) as a result, DOD lacks complete and reliable information on systems, interfaces, other equipment needing repair, and the cost of its correction efforts; (7) it is spending limited resources fixing nonmission-critical systems even though most mission-critical systems have not been corrected; (8) it has also increased the risk that: (a) year 2000 errors will be propagated from one organization's systems to another's; (b) all systems and interfaces will not be thoroughly and carefully tested; and (c) components will not be prepared should their systems miss the year 2000 deadline or fail unexpectedly in operation; (9) each one of these problems seriously endangers DOD chances of successfully meeting the year 2000 deadline for mission-critical systems; and (10) together, they make failure of at least some mission-critical systems and the operations they support almost certain unless corrective actions are taken.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: The DOD Year 2000 Management Plan and related guidance call for every system, mission, and function owner to develop and test contingency and continuity of operations plans to ensure the Department can accomplish its missions at the turn of the century. DOD has delegated oversight responsibility for these plans to the Joint Chiefs of Staff for their subordinate commands and to the Principal Staff Assistants in the Office of the Secretary of Defense for all other plans. Also, DOD has provided a means to track progress in completing these plans through its year 2000 inventory, and component-level databases.

    Recommendation: The Secretary of Defense should: (1) require components to develop contingency plans to ensure that essential operations and functions can be performed even if mission-critical systems are not corrected in time or fail due to year 2000 problems; and (2) track component progress in completing these plans.

    Agency Affected: Department of Defense

  2. Status: Closed - Implemented

    Comments: In August 1998, the Secretary of Defense directed the JCS, in conjunction with the CINCs, to develop a joint Year 2000 operational evaluation program to verify year 2000 operational readiness. Later that month, the Deputy Secretary of Defense assigned inter- organizational responsibility and authority for various end-to-end test activities to the Office of the Secretary of Defense functional area focal points to ensure year 2000 readiness for key functional areas that support CINC operations. These requirements have been incorporated into DOD's Year 2000 Management Plan and JCS operational evaluation guidance. These documents constitute: (1) a high-level, departmentwide testing strategy that should also ensure adequate resources are available; and (2) high-level common criteria, processes, and reporting requirements for Year 2000 testing and operational evaluations.

    Recommendation: The Secretary of Defense should: (1) develop an overall, departmentwide testing strategy and a plan for ensuring that adequate resources, such as test facilities and tools, are available to perform necessary testing; and (2) ensure that the testing strategy specifies the common criteria and processes that components should use in testing their systems.

    Agency Affected: Department of Defense

  3. Status: Closed - Implemented

    Comments: Through December 1998, DOD held periodic Interface Assessment Workshops (IAW) as a forum for discussing interface issues and to provide visibility of high level issues in this area. DOD has also taken additional steps to ensure that system interfaces are adequately addressed. For example, DOD has: (1) added system interface information to its year 2000 inventory database; (2) provided a means to track system interface progress through its inventory; (3) required interface agreement documentation, known as memorandums of agreement (MOAs); and (4) provided general guidance on the content of MOAs. DOD also assigned responsibility for managing system interfaces, including verifying, reporting, and documenting interfaces, as well as preparing MOAs that define the process required to pass date-derived information between systems, and the funding for doing so, to system/program managers of individual interfaces.

    Recommendation: The Secretary of Defense should ensure that system interfaces are adequately addressed by: (1) taking inventory and assigning clear responsibility for each; (2) tracking progress in year 2000 problem resolution; (3) requiring interface agreement documentation; and (4) providing guidance on the content of interface agreements and who should fund corrective actions.

    Agency Affected: Department of Defense

  4. Status: Closed - Implemented

    Comments: While DOD has continued to prioritize mission-critical systems, it continues to allow priorities to be determined by its individual components. This approach has resulted in an unwieldy number of mission-critical systems, which precludes effective concentration on the most critical systems. As a result, operational organizations, such as the Joint Chiefs of Staff, have been forced to consider additional prioritization, based on actual operational requirements, to ensure that operational plans and milestones can be met. These efforts have identified a large number of critical systems not prioritized by the DOD effort. While DOD has directed the various parties to work out this problem, no effective policy has been promulgated. In April 1999, over half of the systems needed to complete critical CINC operational functions could not be identified on the DOD Year 2000 inventory. The system owner/manager could not be readily identified for more than one quarter of these systems.

    Recommendation: The Secretary of Defense should clearly define criteria and an objective process for prioritizing systems for repair based on their mission-criticality and ensure that the most mission-critical systems will be repaired first.

    Agency Affected: Department of Defense

  5. Status: Closed - Implemented

    Comments: DOD has made extensive upgrades of system hardware and technical capability in its efforts to establish a comprehensive, accurate departmentwide year 2000 inventory of systems, interfaces, and other equipment needing repair. DOD has also required its components to validate the accuracy of data being reported to the Office of the Secretary of Defense. However, because data collection and verification for systems included in the year 2000 inventory remains the responsibility of individual DOD components, and because DOD has not issued a clear definition of what constitutes a system for reporting purposes, the components continue to use different system definitions, processes, and reporting requirements. As a result, the inventory, while improved, continues to fluctuate and the information remains incomplete and unreliable. DOD continues to require separate data collections to compile quarterly reports to OMB.

    Recommendation: The Secretary of Defense should: (1) expedite efforts to establish a comprehensive, accurate departmentwide inventory of systems, interfaces, and other equipment needing repair; (2) require components to validate the accuracy of data being reported to the Office of the Secretary of Defense; and (3) provide guidance that clearly defines a system for year 2000 reporting purposes.

    Agency Affected: Department of Defense

  6. Status: Closed - Implemented

    Comments: GAO's report and the Defense Science Board Task Force report recommended that strong centralized leadership be established within DOD for the Year 2000 effort. In 1998, a Special Assistant for Year 2000 was assigned within the Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) with responsibility for all multi-component Y2K actions, such as developing DOD Y2K policy, management plans, consolidated reporting, interface assessments, contingency planning guidance and oversight, and testing oversight. Most recently, this office was reorganized to provide greater focus on Y2K readiness issues, such as testing, continuity of operations, and crisis management. In August 1998, the Secretary of Defense also required the Commanders-in-Chief, military services, and Defense agencies to prepare plans for ensuring operational/functional readiness.

    Recommendation: The Secretary of Defense should establish a strong department-level program office led by an executive whose full-time job is to effectively manage and oversee DOD's year 2000 efforts. The office should as a minimum have sufficient authority to enforce good management practices, direct resources to specific problems areas, and ensure the validity of data being reported by components on such things as progress, contingency planning, and testing.

    Agency Affected: Department of Defense

  7. Status: Closed - Implemented

    Comments: Defense has continued to monitor and revise its year 2000 cost estimates, but has not changed its approach for doing so. As a result, year 2000 costs continue to be estimated at the system level, reported through components, and accumulated at the OSD-level. Growth of DOD's year 2000 cost estimate in each reporting period indicates a continuing inability to define the scope and magnitude of the problem, and thus, reliably estimate the overall cost of this effort. In May 1999, Defense's quarterly report to OMB estimated that $3.658 billion would be needed from fiscal year 1996 to fiscal year 2001 to fix and test year 2000 problems within its computer systems. This amount represented an increase of $1.077 billion (41 percent) since February 1999. Without reliable estimates, DOD's ability to make sound resource allocation decisions among competing year 2000 priorities is limited.

    Recommendation: The Secretary of Defense should prepare complete and accurate year 2000 cost estimates so that DOD can assess the full impact of the year 2000 problem, ensure adequate resources are available, and effectively make tradeoff decisions to ensure that funds are properly allocated.

    Agency Affected: Department of Defense

 

Explore the full database of GAO's Open Recommendations »

Sep 26, 2016

Sep 23, 2016

Sep 21, 2016

Sep 7, 2016

Aug 30, 2016

Aug 11, 2016

Jul 22, 2016

Jul 21, 2016

Jul 6, 2016

Looking for more? Browse all our products here