Year 2000 Computing Crisis:
FAA Is Making Progress But Important Challenges Remain
T-AIMD/RCED-99-118: Published: Mar 15, 1999. Publicly Released: Mar 15, 1999.
Pursuant to a congressional request, GAO discussed the Federal Aviation Administration's (FAA) efforts to address the year 2000 computing problem, focusing on: (1) FAA's progress to date; (2) the agency's self-reported data showing that much remains to be done; (3) challenges FAA faces in ensuring that its internal systems will work; (4) risks associated with external organizations--focusing specifically on airports and international entities; and (5) the critical need for business continuity and contingency plans that identify how aviation operations will continue should systems fail.
GAO noted that: (1) over the past year, FAA has made substantial progress; (2) FAA has: (a) a strong year 2000 management structure; (b) an overall year 2000 strategy; (c) detailed standards and guidance for renovating, validating, and implementing mission-critical systems; (d) a database of schedules and milestones for these activities; and (e) a draft year 2000 business continuity and contingency plan; (3) FAA's self-reported data demonstrate that much work remains to be done in a limited amount of time; (4) FAA must finish implementing 141 mission-critical systems; (5) FAA's year 2000 program office has developed standards for testing and implementing mission-critical systems that require system owners to prepare and obtain approval on a validation plan that includes test plans and procedures, funding requirements, test management roles, and schedules; (6) the system owners are then required to test the system according to this plan, complete a checklist of required validation activities, and prepare a year 2000 validation results report; (7) FAA's ability to implement system repairs and replacements in a timely manner is complicated by FAA's highly decentralized nationwide configuration of air traffic control facilities; (8) in addition to the risks that its internal systems will malfunction or fail, FAA is at risk that external systems will fail, thereby affecting operations; (9) FAA lacks the authority and resources to ensure compliance of any foreign air traffic control system, but it nevertheless retains responsibility for ensuring safe, reliable aviation services for American travellers into 2000 and beyond; (10) FAA is sharing information with its foreign counterparts and assisting them in addressing year 2000 issues, such as business continuity and contingency planning; (11) FAA plans to complete international end-to-end testing with several countries by October 1, 1999, and plans to test interfaces with other countries after this date at their request; (12) because of the risk of anticipated and unanticipated failures--whether from internal systems or due to reliance on external partners and suppliers--a comprehensive business continuity and contingency plan is crucial to continuing core operations; (13) FAA drafted a Year 2000 Business Continuity and Contingency Plan in December 1998, and is reviewing it; and (14) the FAA plans to release four more iterations of this plan by the end of the year, with the next version due out in April 1999.