Y2K lessons learned

We live today in a new global risk landscape not unlike a past time of high uncertainty: the pre-Year 2000 period.

Left unaddressed, the Year 2000 date change would have disrupted firms' operations and services. Individual preparation and collaboration across organizational and national boundaries prevented disaster. Those at the epi.center of destruction last Sept. 11 benefited from those preparations. After 200,000 phone lines failed in New York, the city and Verizon Communications restored service using procedures developed for the Year 2000. Thanks to safeguards developed in 1999, bond markets reopened in two days. The New York Stock Exchange used Year 2000 testing protocols to validate its back-up trading system. Many other organizations used Year 2000 procedures to determine whom to contact, review the backup of systems, set up command centers and direct evacuations.

Preparation is essential to protect against current cybersecurity risks. Action is needed in five areas: readiness assessments, risk management strategies, useable security tools, crisis management networks and public relations.

For the Year 2000, organizations produced comprehensive inventories of their most important partners, systems and information; the functions they performed; and the interconnections among them. These inventories must be updated. Firms also surveyed their suppliers to ensure their readiness. Today, few organizations are systematically evaluating the computer security posture of their trading partners. Organizations need to assess their readiness to prevent and respond to disruptions caused by attacks.

For the date change, organizations identified mission-critical systems and fixed them first. Today, once systems inventories and supplier risks have been identified, resources must be allocated to address the most important risks first. And personnel security and management must be given additional attention.

For the Year 2000, the computer industry created tools that found and fixed the bugs. Today, many technical security solutions are available, but applying them to organizations' particular situations and systems requires a level of sophistication beyond most network managers.

For the Year 2000, infrastructure owners and operators organized cooperative networks to share information, exercise contingency plans and coordinate emergency response. Today, not enough co.operation and information sharing is occurring, except in the financial services sector, where long-standing trust relationships support strong coordination. A bill modeled on Year 2000 information-sharing legislation is pending in Congress and deserves support.

Finally, before the Year 2000, firms and industry groups organized public information campaigns to reassure shareholders and the public that the impact of the bug would be minimal. To date, post-Sept. 11 corporate publicity has expressed compassion. Focus should shift to creating a coherent message of reassurance.

McConnell, former chief of information policy and technology at the Office of Management and Budget, is president of McConnell International LLC (www.mcconnellinternational.com).


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected