Another article appeared today concerning the Gartner study and embedded systems. The incredible thing about it is that the title of the report, GARTNER SYMPOSIUM: EMBEDDED SYSTEMS WILL NOT FALL PREY TO Y2K BUG, is totally misleading! As you read down the article, it reports that large scale embedded systems are most at risk, with more than 35% expected to be non-compliant. It goes on to say that "the three areas likely to be the worst affected by problems in embedded systems are the oil industry, telecommunications and POWER GRIDS (caps mine)." Since these are the Big Three which affect everyone, how in the world the reporter can say the risk is overhyped is completely beyond me. Pat Harmon noticed (in the original Gartner thread on this site) the apparent discrepancies between the facts and the summaries being put out. It's happening a whole lot now. The distortions between the headlines and the info in the body of reports is approaching idiotic proportions, if not downright criminal, in that a false picture of security is being painted with no basis in fact. Read everything carefully, folks! To access this latest story go to:

http://www.year2000.com/y2karticles.html Then click on the Oct. 15, VNU newswire Gartner Symposium link.

Where are the real investigative reporters when you need them?

-- Anonymous, October 16, 1998

Answers

Bonnie,

I wanted to thank you for your intelligent analysis of both this and the previous Gartner report.

It's important to understand a few things at this juncture in Y2k history. Many of the major companies who were involved, at the outset, of ringing the Y2k alarm bell are now looking at the future and life beyond Y2k. If a company like Gartner places it all on the line, and does not take a moderate tone, it risks losing both current clients and future credibility beyond Y2k, if things don't turn out too badly.

So, what you're seeing right now, from Gartner and companies like Tenegra (year2000.com), is outright waffling on the issue. I first noticed this shift to a moderate tone with ITAA several months back. For me, the greatest fear from this shift is a quick return to complacency on the part of all companies, not just electric companies. Now, throw in the various government reports and things like the recent NERC report. The stats in these reports just flat out don't justify the optimism, and one has to wonder what's going on.

Is it a deliberate disinformation campaign, or just a stampede to a middle ground for future positioning purposes? In other words, hedging the Y2k bets. I am not a conspiracy theorist, so my opinion tends to the latter. But as you note, journalists for the most part are just taking the pablum in these reports verbatim, regurgitating the optimistic executive summaries, and doing no research to understand or verify the information.

When someone finally publishes statistics and hard data to justify optimism, I'll be the first to shout it from the highest mountain. I haven't seen the need to purchase a megaphone or any mountain climbing equipment yet.

-- Anonymous, October 16, 1998

I am thankful to Bonnie Camp and Rick Cowles for their comments above. I had wondered if the Gartner Group might be "waffling", as Rick up it, in their Senate Testimony interpretations of their findings. If true this just makes it all the more important that we as individuals come to an informed understanding of the meaning of the levels of compliance that the Gartner Group reports in order to make good use of this valuable source of information.

So, with apologies in advance, I am going to re-ask a question I asked on the previous Garner Thread: "What will be the nature of companies that remedy less than 70%, 80%, 90% or 100% of critical items by 2000?"

It seems that if we could draw upon the perspective of a few well placed individuals to answer this question then we as members of the public at large would be much advanced in our ability to assess the risks that Y2K presents. So, if you feel you have a perspective on this I for one would be grateful for your reply.

-- Anonymous, October 16, 1998

Guys:

After spending ten years in the newspaper business, I can enlighten you to the nature of reporting, fact gathering, and what works in the medium. Take a look at the posts from newspapers across the nation. By and large you will see few articles written by "beat" reporters covering technology on a daily basis.

Stories outside the realm of national and local politics are generally delegated to the "greenhorns" of the industry as a way of "cutting their teeth." I can tell you, as a former greenhornm myself, my fact gathering suffered early on. You have to develop a repore with the folks on the 'inner circles' before you can start to peel away the layers of the onion.

Until newspapers start devoting one reporter to write almost daily stories on Y2K, like they did when the AIDS story first broke; until there are updated sections in major dailies on the issue, like they do covering the Olympics, you are not going to find the 'investigative reporting' you are looking for.

I can almost assure you, however, that by the start of next year, this will occur. It's a timeline thing. Give them a timeline they can understand, less than a year, and then you've got a story.

In the meantime, you've got to get on the horn with your local papers. Increased pressure may cause them to rachet up the coverage earlier than that. At least that's my take on it.

-- Anonymous, October 16, 1998

My thanks to Rick and Charles for giving me a lot to think on regarding the reporting of Y2K. Charles, your assessment that the coverage will increase next year is also very hopeful.

Pat, I didn't forget your question about the failure of mission critical systems. It just took me a while to search for a definition I vaguely remembered about critical failures in an earlier Gartner poll. Here is one section I located:

"Even more worryingly, key utilities are barely doing any better - 50 per cent of power, gas and water companies, as well as oil companies, are expected to see one or more mission critical system failures.

The same prediction applies to chemical processing, transportation and construction businesses.

A mission critical system failure is defined as the failure of an application, causing interruption of a business operation or of a piece of a business operation. According to Gartner, of these failures, approximately 10 per cent will disrupt business for more than three days."

So from this statement, Gartner seems to believe that 90% of mission critical failures will be repairable in less than three days. I asked my husband, who has worked in computer systems for many years, what the time frames for repairs of critical systems were in his experience. He replied that for a software failure, one to four days, on average. For a hardware failure, less time - assuming that the business either maintains a backup supply of critical parts, OR has contracted with their vendors to maintain a backup supply on hand. If the affected hardware is not available the time frame is open ended.

He did caution that these time frames consultants use are for the typical single failure of either software or hardware, occurring at different times. If a multiple hardware failure occurred, then diagnosing any software failures would, of course, have to wait until the hardware was running. And multiple software failures would be more difficult to diagnose. After repairs are made, the damage to the business will depend a great deal on how much data is lost, and whether or not the business maintains proper backup procedures. In other words, a quick fix would not necessarily keep a business running if a massive unrecoverable data loss had occurred. The variables are endless and much depends on how professionally a business or government agency operates their information systems.

The above only applies to "normal" random failures. Addressing possible multiple failures occurring in a very compressed time frame is outside of everyone's experience. Obviously, if the electricity is out, nothing will get fixed. If the electricity is out, then on, then out, surges can disable hardware. If the air conditioning in a plant fails while the power stays on, then a central computer room can overheat and damage the computers. If a monitoring system in security fails, the computers can be damaged. Endless variables again!

I guess it boils down to the fact that the Y2K problem is a systemic one and no one has any prior experience with which to gauge the impact or its duration. Certainly some mission critical failures will be recoverable. Some won't. One experience of my husband's is also rather sobering. A tiny error made halfway around the world, in a subsidiary of an international manufacturing business, brought the company headquarters systems down for four days. So it's not just our U.S. based systems we have to worry about - the global implications will affect us too. That's not a very comforting thought, is it? Interesting times ahead!

-- Anonymous, October 16, 1998

First I would like to thank Mr. Rick Cowles for answering my e-mail to him on a related subject. As to the Gartner report personally I have numerous reservations. For one it's way to general. How can they even talk about no power problems when they all but admit Int'l oil producing countries like Nigeria and Saudi Arabia aren't going to make it on time? Maybe their analysts weren't alive for the oil shocks of the 70's? Now add into that the fact that a good % of our food in winter comes from 3rd world countries and the Gartner report gets ugly real fast. The way I read Gartner is you'll be ok on Jan 2. power on food in the fridge and don't worry about it. But who knows in 1 month? When oil reserves start to go down and shipping/air transport is cut in half and little food is coming in. Add in other problems like raw material shortages and the manufacturing plants they will effect and on and on and on. They really don't even attempt to examine the possible "systemic" nightmare aspect of their own report? The Press interestingly has seized on only the most optimistic lines of the whole report and gone on to magnify these excerpts. The Gartner report in my opinion is a disaster for Y2k groups and for those trying to get funding for 99' to continue the fix at their sites. This report and others like it will be waved in every Y2k activist face and every y2k managers face as proof it's all been fixed "here" so why worry? Who cares about Burundi anyway? The net effect of this kind of report is to make the y2k problem worse in the long run. I suspect when things go bad in 2000 many of us are going to rue the day groups like Gartner ever issued these reports.

-- Anonymous, October 17, 1998