And now, a word from our sponsor ...

Contents

1.1 Abstract
1.2 Author credentials
1.3 The utility question begs an accurate answer
1.4 How did the Y2K message get distorted?
1.5 Why are some people close-minded to good news?
1.6 Where should we get the best information?
1.7 A critique of The Millennium Bug
1.8 What if we are the problem?
1.9 A word on water treatment
1.10 So what is going to happen?

2.1 The progress extrapolation fallacy
2.2 The power outage non-sequitur
2.3 The Interconnects ("power grid")
2.4 The fuel supply
2.5 The embedded chips
2.6 Dissenting opinions
NEW   Appendix A - June update

1.1 Abstract

Much of the Y2K preparation in progress is centered around utility failure, namely extended power outage. Using the best information we have available, there is no significant risk of an extended power outage or interruption in water treatment. Sources of misinformation are analyzed, and sources of first-hand information are cited. The purpose of this document is to redirect Y2K efforts away from preparation for things that will not happen, and to refocus the reader on prudent preparation for Y2K computer problems. There will be significant problems that we will have to deal with that are being neglected due to the fear of extended loss of utility service. Some people are planning on a significant personal expense for equipment that they will not need for the millennium rollover. This report is written to spare the fearful from unnecessary expense.

1.2 Author credentials

1.3 The utility question begs an accurate answer

In the preparation for Y2K, an awful lot of decisions hinge on whether or not power and water service will be available. I have decided to focus all of my attention on answering the question of electric power service for that reason. The correct answer to the question will guide us in how we should be preparing. To emphasize, let's look at the consequences of the wrong answer:

1) Suppose we predict no extended power interruption, and we are wrong. The consequence is that people should have prepared and have not if they listened to our advice. I don't need to elaborate on this scenario - it is already well documented.

2) Suppose we predict and extended power outage and there is none. The thing I fear the most about this scenario is that people will spend lots of time, effort, and money on items that they will never use. What makes this scenarios worse is the prediction of a worldwide recession. Spending money on solar cookers, generators, solar power converters, and other items that will not be needed is not a prudent thing to do on the eve of a recession.

1.4 How did the Y2K message get distorted?

There is a large amount of information travelling around about the Year 2000 problem. Unfortunately, there is about as much bad information as there is good information. Specifically, this paper focuses on the overstatement of utility failure. There must be some explanation for the bad information. Here are some possibilities:

1) Fear of the unknown. Most of us have little understanding of the computer systems involved in our everyday life. We are aware that computers control us to some degree and that makes us uncomfortable. When we discover that these systems have problems that we don't understand, that discomfort can lead to fear and panic.

2) The long-sounding IT alarm. People within the Information Technology (IT) community have been sounding the alarm for years and have been frustrated with the widespread lack of response. In order to get the message out, the message has been amplified, and sometimes distorted.

3) Y2K consultant advertising. Some enterprising software engineers see the Y2K problem as a gold mine. Many Y2K consulting companies have formed, and it is to their financial advantage to paint the Y2K situation as bleak as possible. The bigger and uglier they can make the problem appear, the more they can charge for their services.

4) Media sensationalism. The media doesn't make money by reporting the everything is going to be OK. The stories reported will be the most disastrous that can be conjured up. For example, the media report on the NERC study (discussed later) was purely negative, even though the study indicates that we should not expect a problem.

5) Book profit. The way to get books to sell is to convince people that their survival depends on getting the information in the book. Authors have capitalized on the fear and lack of understanding around the Y2K bug, and have sensationalized it for their own profit. The Y2K industry extends to videos and preparation materials as well. The more scared people are, the more they will buy.

1.5 Why are people close-minded to accurate information if it is good news?

I have been shocked at how first-hand, accurate information has been rejected, discounted, and unwelcome by those who have been informed by the Y2K books. I have spoken with other engineers who have had the same experience. I have speculated about some possible reasons. Let me be perfectly clear that I admire the compassion, the vision for ministry, and the desire to do the right thing. Please do not take offense at this section of the paper. I don't mean to insult anyone, yet I have to search for an explanation for the closed minds that I have encountered:

1) Book context - Books such as The Millennium Bug divide people into two categories: the Informed and the Benighted. The Informed are the ones who know the information in the book. Once one becomes one of the Informed, he concludes that those who disagree with the books conclusions must be among the Benighted. The book has an overtone of suggesting that anyone who thinks that the Y2K problem will be less of a problem than what is described in the book has his "head in the sand." Another term used for people who challenge some of the Y2K misinformation is "denial."

What I propose is that information be accepted at face value, and not judged by the standard of the Y2K books. Information should be judged by it source, its recency, its consistency with other reliable information, etc.

2) Desire to be a hero - Once someone has invested a great deal of effort, time, and money into preparing for an extended utility failure, he does not want to be told that all was for naught. There is also personal satisfaction to be gained by someone who is prepared when others are not, and the ability to help those who have not prepared. It is fun to be a boy/girl scout!

3) Moral frustration - Christian conservatives are very frustrated with the moral decay of the country and the lack of any action against the president for his acts. This frustration is often funneled into the idea of "just wait - God will judge." The Y2K problem is seen as the judgement of God, and as a relief from the absence of any consequence to immorality. If the Y2K problem isn't severe and doesn't cause repentance, then the pent-up frustration continues.

1.6 Where should we get the best information?

In the computer industry, things change very rapidly. 18 months in computer time is an entire generation by comparison. In order to be accurate, the most up-to-date information must be used.

The Y2K bug is fairly technical in nature. Information passed from one source to another and then to another is certain to be distorted, especially if the sources are not experts in the field. We should use first-hand information as our most accurate information.

We need sources that don't have an ulterior motive. There is a lot of profit being made selling books, survival supplies, and Y2K consulting services.

I would like to thank the following engineers, all Christians that I know through CRPC, for their help in preparing this report, and in providing honest first-hand information in their area of expertise:

Jon Cooper, PE - former Engineer for Broward County Water Treatment systems

Greg Thomson, EE - former Engineer for FPL

Brain McCluggage, CE - current civil engineer, experienced in water treatment

Mark Tatum, - current engineer, experienced in power generation and distribution

1.7 A critique of The Millennium Bug (the book)

I sought to assess the accuracy of one of the most-quoted books, The Millennium Bug. I was compelled to do so because it seems that new information is judged by this book, as if it were some sort of standard. In the particular area of utility service, I believe that this and other books are a relatively unreliable source of information.

My sole purpose for this critique is to establish that the book is not the standard by which all other information should be judged. The information we have today is more accurate, up to date, and closer to the source than what we find in the book. Let's look at that information with a clean slate, not with a predisposition.

I read up to page 25 and cataloged the errors that I found. The information in the book does not meet the above criteria for the best information. In the small portion of the book that I read, I found 11 instances of misleading information, and 10 cases of statements that were simply wrong. These are listed below:

MISLEADING INFORMATION

1) p. xiii - "the Y2K problem was completely avoidable." In the computer industry, no one is capable of producing bug-free software (with the exception of a few academic cases). All commercial software has bugs, and some of those bugs may be Y2K related.

2) p. xiii - "there are no Y2K experts." There are dozens of companies composed of nothing but Y2K experts, who are capable of measuring the cost of fixing the bug, as well as the cost of not fixing it and the impact that the bug will have on a given application.

3) p. xvi - "circuit breakers use computer chips" - the chips may be used for remote monitoring, but are not required for the circuit breaker function.

4) p. xvi - "the water treatment process is monitored by computers" - this is a labor saving function, but the design of water treatment plants in the US requires that systems have manual override for all critical functions.

5) p. xvi - "the modern food chain is completely dependent on computers" - computers are used as vast labor saving devices, but the growth, harvesting, processing, and distribution of food can be done without any computer systems.

6) p. 6 - "bank vaults swing open on Saturday" - timekeeping locks prevent vaults from opening on the wrong day - they are not capable of opening a vault on their own.

7) p. 7 - "2000 being a leap year is a problem" - most algorithms that don't include the century exemption also don't include the 400 year exemption. In other words, most algorithms are either correct or they assume that every multiple of 4 is a leap year. Both methods work correctly in the year 2000.

8) p. 7. - "power company billing is date dependent" - utility companies determine your consumption by subtracting the previous meter reading from the current meter reading. There is no date dependency in the calculation.

9) p. 10 - "airlines are controlled by satellite guidance" - there are no planes that depend solely on the high-tech nav systems. There are many non-computer conventional systems available for navigation.

10) p. 11 - "rail systems are controlled by computer" - computers make the rail switching system much less labor-intensive, but each switch has a manual override that does not require a computer to operate.

11) p. 23 - "DOS is not Y2K compliant" - however, DOS can handle dates beyond 2000. Y2K compliance is a strict definition, for which many requirements must be met. I was unable to find any Y2K problems in my brief testing of DOS.

WRONG INFORMATION

1) p. xvi - "[power distribution] transformers use embedded chips to regulate voltage levels." Transformers are nothing but coils of wire that reduce voltage to home-usable levels. Some electronics may be used to monitor voltage levels, but these electronics are not needed for power distribution. The systems that FPL uses to control voltage are simple analog devices and have no digital components.

2) p. 3 - "the Millennium Bug causes computers to crash" - The most common error caused by the Millennium bug is the wrong date printed on a screen or a report. More rare are Millennium bugs that cause applications to malfunction, exiting with an error status. It is extremely rare to find a Millennium bug that will actually crash a computer.

3) p. 3 - "every mainframe will be affected" - old COBOL programs are the most vulnerable, however many companies have already or will complete their Y2K compliance work before the Millennium rollover. These mainframes will not be affected at all, as has already been proven under test.

4) p. 4 - "your credit card may be invalid" - the credit card companies were forced to correct the Y2K problem back in 1996, when the first cards that expired in 2000 were issued.

5) p. 4 - "the elevator may be stuck" - there is absolutely no date dependency in the elevator control system.

6) p. 4 - "your car might not start" - there is no dependency on date information in the computer systems that operate cars. Some cars log historical data, but that data is not used in any of the car's functions. This can be verified with the automakers.

7) p. 6 - "random number generators divide by the year number" - random number generators, in order to be random, will use the most frequently changing number, not the least frequently changing number. In other words, they divide by seconds, not years.

8) p. 8 - "if they haven't started [to correct the bug] already, it's just about too late" - there is still plenty of time to correct the Y2K bug, and the technology available now is much more powerful than that of even one year ago. For example, the Bureau of Indian Affairs in New Mexico last spring accurately remediated 1.5 million lines of COBOL code in less than one week. (Information Week, Nov. 16, 1998, P. 205)

9) p. 11 - "X-ray equipment and CT scanners are controlled by computer chips that are not Y2K ready." There are no date dependencies in X-ray and CT equipment.

10) p. 25 - "an embedded chip implies a Y2K vulnerability" - embedded chips only store software (in The Millennium Bug's definition). There is no risk of a Y2K malfunction unless there is a functional date dependency. All of the items below were listed, as to suggest they may malfunction, yet none of these devices have functional date dependencies:

Let me emphasize that there is lots of good information in The Millennium Bug book. I agree with much of it. I only want to point to these errors to dissuade people from using this and other Y2K books as "the standard."

1.8 What if we are the problem?

I am actually more concerned about what the fear of Y2K will do than Y2K itself. The fear of Y2K could cause stock market crash, run on the banks, drain on the economy, etc. It could well be a self-fulfilling prophecy.

I know of one major national department store that plans no purchases of any computer or computer

related equipment for 6 months beginning in July 1999. They don't trust vendors to give them Y2K compliant equipment and want to be in control of the testing themselves. I can't really blame them, but if this policy is widespread, the computer industry is going to be hurting. They will be hurting not because of Y2K computer problems, but because human beings are afraid of what might happen.

Imagine this scenario: The banking system solves practically all of their Y2K computer problems. With the exception of a few isolated cases, all transactions complete, and all funds are available. But then the people are so worked up that they crash the whole system by taking out money - lots of money. The mortgage on my house works because someone deposited money and I'm paying them interest for its use. If they want all their money back for no other reason than Y2K fear, the whole system could collapse. What a tragedy if there is a financial crisis that could have been prevented if everyone didn't panic!

1.9 A Word on Water Treatment

This paper focuses primarily on power generation and distribution. This section is only here because of the similarities in the two processes. Water treatment is a largely a mechanical operation involving tanks, pumps, and chemicals. Although computers are used as labor-saving devices, the process is relatively simple and can be done manually. Even if a complete computer failure were presumed, this would only imply that more people were required to man the water works than are currently required.

Another common misunderstanding is that a power outage will cause water treatment to cease. The issue of power outage is addressed below, but even if it were to occur, all water treatment plants are required by law to have diesel-electric backup so that water treatment can continue even without power.

1.10 So what is going to happen?

I find "Scenario 1 - Brownout" from the Millennium Bug book to be a reasonable, good estimate of what life will be like in the year 2000. There are certainly going to be computer related problems. I think that our quality of life will be diminished somewhat, as many services will not be operating at 100%. There will likely be a drag on the productivity of the nation in general, as more manual processes have to be used while computer systems are repaired. We could see a drop in unemployment as anyone with any clerical skill will be hired temporarily as a stop-gap until the computer system returns to normal service.

Take this section of this paper with a grain of salt. I am only researching the power problem and do not know a whole lot about other areas of the Year 2000 problem. I only include this section because I usually get asked this question.

The economy will certainly be affected, but how is difficult to predict. The widespread distrust of the bank system and the stock market, whether founded or not, will influence the economic machine. There may be a few companies that can't survive in manual mode long enough to repair the computer system, and these companies may shut their doors. This will, however, mean more opportunity for those companies that have prepared.

It is myopic to think that we are not able to cope with computer failures. All computer software that affects your life has bugs other than the Y2K bug. Those bugs sometimes surface and cause various types of failure. We are, however, capable of dealing with these failures and moving on.

Many indicators suggest that a tremendous amount of progress has been made in 1998 to correct the Y2K problem. The latest news from reliable sources is encouraging. However, the amount of information that is available is impossible to compile and digest. That is why I have decided to focus on power only.

Preparation for the likely Y2K bugs is currently not in the scope of this document. The effect on the economy seems like a major concern, but I am not an economist or a financial advisor. The purpose of this writing is to properly focus the preparation effort to true hazards and to counter the prevalent misinformation about utility outages.

2.1 The Progress extrapolation fallacy

It seems to be a foregone conclusion among those alarmed about Y2K that we will have an extended power outage. One popular quote is that FPL is now 80% Y2K compliant, but they have been working on Y2K for 5 or 6 years. The conclusion is that since they can't get the last 20% done in the remaining 1 year or so, there will be a power outage. This conclusion has several flaws:

1) The fact that FPL is 80% done is actually very good news. The vast majority of computers at FPL are not used for power generation, but are used for payroll, billing, employee benefits, market analysis, insurance, taxes, and regulation. (In Revision 1.0 of this report, I stated that mission-critical systems get fixed first. This is a generally true rule, but according to the NERC report, it isn't playing out this way. In actuality, the mission-critical systems lag the business systems by about 10%. This isn't too surprising in light of the fact that the business systems are more vulnerable by nature to Y2K problems, and that there are more automated tools to assist in their detection and remedy.)

2) Y2K certification is very stringent. To be certified, every input and every output must be unambiguous. Twenty-four different dates are tested, including Jan 1, 2000. The user must be warned when 2-digit years are used. The leap year calculation for the year 2100 must be correct. Dozens of other criteria must be met. If a computer system is not Y2K certified, then that by no means implies that it will fail at the millennium rollover.

3) The computer systems at FPL, including those involved in power generation and distribution, have failed from time to time. During these failures, power service was not interrupted. For more details, see the next section "The Power Outage Fallacy."

2.2 The Power Outage Non-sequitur

The bulk of Y2K preparation seems to be based on the premise that an extended power outage will occur. According to the best information available, an extended power outage is among the least likely Y2K problems that we will experience. Our preparation time, effort, and money should be directed to other areas.

Power generation is based on rotating generators, transformers, and wires. Computers are used for the monitoring and control of these systems, but like water treatment, the systems are capable of functioning without computer assistance.

The most common non-sequitur I hear goes something like: 1) power companies use computers, 2) computers are vulnerable to Y2K problems, so therefore 3) we will have power problems when the year 2000 arrives. In reality, for us to have power problems, there must be date-dependent algorithms in multiple critical parts of our power system. My research has found this not to be true.

Using the standard for good information above, I refer you to the NERC (North American Electric Reliability Council) report. It is first-hand because it is written by the people who are actually doing the tests on the power system. It is recent because it is updated quarterly. It is credible because NERC has nothing to gain by not telling the truth or by stretching the facts.

The North American Electric Reliability Council is a watchdog group for power companies. Their job is to ensure that power is available. They have been studying and auditing the reliability of electric power systems since before any of us heard the expression "Y2K." They understand how power is generated and distributed. The NERC has done a special study on the impact of the Y2K bug on power. Their complete 66 page report is available at this web site:

ftp://ftp.nerc.com/pub/sys/all_updl/docs/y2k/y2kreport-doe.pdf

Following are some relevant quotes from that report:

The initial findings of this report are that the impact of Y2K on electrical systems appear to be less than first anticipated. With continued work toward finding and fixing components that may be Y2K deficient and with properly coordinated contingency planning, the operating risks presented by Y2K can be effectively mitigated to achieve reliable and sustained operation of electric systems into the Year 2000. (page ii, September report)

At this point, the perceived operating risks are manageable. Recent reports in the news media and on the Internet regarding anticipated widespread electricity outages are unsubstantiated. (page iii, September report)

Discussions with these people at organizations that have completed significant amounts of testing indicate that Y2K may have less impact on electrical systems than first thought. Electrical system consist mainly of wires and metal devices. Most equipment is electromechanical, meaning there is less dependence on digital controls. Even when tests have been completed on digitally controlled devices, as described in this report, those tests have indicated there are very few date-interpretation problems that affect the ability to operate electric systems. (page 1, September report)

The goal and expectation is that electrical systems will be able to sustain reliable operations through critical Y2K transition periods ... the conceivable risks appear to be well within the ability of electrical systems to provide continuous operation ... (page 2, September report)

Many so-called experts in the news and on the Internet have predicted that the electric systems of North America will suffer major power outages as a result of the "Y2K bug." These outages are forecast to last days, weeks, or even months as electric utilities scramble to fix hard-to-find problems. Are these predictions true? One thing we do know - these predictions are not based on facts or rational analysis of information from the industry. That is the purpose of this report. (page 7, September report)

With more than 44% of mission-critical components tested through November 30, 1998, findings continue to indicate that transition through critical Year 2000 rollover dates is expected to have minimal impact on electric system operations in North America. Only a small percentage of components tested indicate problems with Y2k date manipulations. The types of impacts found thus far include such errors as incorrect dates in event logs or displays, but do not appear to affect the ability to keep generators and power delivery facilities in service and electricity supplied to customers. (page ii, January report)

Nearly all electrical systems necessary to operate into the Year 2000 will have been tested, remediated, and declared Y2K ready by June 30, 1999. Any facilities or systems that will be completed after this date are specifically known, are limited in number, and would not adversely impact the ability to provide sustained reliable electric service into the Year 2000 should they not be available. (page iii, January report)

2.3 The Interconnects ("Power Grid")

Most people I've talked to picture our power grid as a chain of dominos - such that if any one component fails, the whole grid is pulled down. In fact, the opposite is true. The power distribution grid is designed so that component failures do not interrupt our electric supply. Inherent in the design of the power grid is the planning for unexpected failures.

The power grid ties together sources of electricity (power plants) with consumers of electricity (homes, industry, commercial, etc). The system is interconnected so that all consumers have access to multiple sources. With this system, if a source fails or needs to be shut down for maintenance, other sources can take up the slack. This morning your power may come from a nuclear station (like Turkey point) and this afternoon it may come from a hydro station in Georgia. The grid is designed to be flexible and to cope with unplanned failures.

Computers are used to help operate the grid. Power companies are motivated to provide continuous power to customers. This requires split-second decisions that computers are so good at helping us with. However, the power grid existed before computers controlled it. It can still be manually controlled. It may mean that brownouts will occur and load switching will happen in minutes instead of milliseconds.

Throughout the power grid are protective relaying systems that keep the equipment from being damaged by overload. These will prevent any hypothetical haywire computer from damaging the system beyond repair. The protective relays have been tested and no Y2K vulnerability has been found.

Historically, the North American power load has been about 40-50% of capacity during the New Year's holiday weekend. This means that we could lose half of our power generating capacity (virtually impossible) at the millennium rollover and still have enough power for everyone.

2.4 The Fuel supply

Some fear that the power companies will not be able to get fuel. This is not an issue for hydro and nuclear power plants. It is only an issue for coal, oil, and gas plants.

The common claim by the alarmist is that the rail system will shut down and that is the end of the coal supply. Well, first of all, the rail system will not shut down. Even if they have complete computer failure, they can still move coal using manual methods. I have heard reports stating that this

is not possible, but I have verified that it is - three times over. Granted, the rail system will be quite inefficient in manual mode, but it can still operate. Track switches can be operated manually. I have verified this with three independent methods:

1. Examined the tracks. There are manual switches still there

2. Checked with a Conrail employee. Manual is possible, but slow.

3. Checked with RTU engineers. Even modern RTU controlled switches can be manually

controlled.

The power plants are capable of stockpiling coal to keep running for long periods of time. A few years ago, the Union Pacific rail system completely shut down for weeks, but there was no interruption in electric power.

Then there is oil and gas, delivered mostly by pipeline or tanker ship. These systems are relatively easy to operate in manual mode. Oil and gas are also stockpiled by the power companies.

Here in Broward County, our two generation plants are capable of generating more power than we use. They are both oil fueled and that oil supply comes from Port Everglades. There are huge reserves of oil at the port and these are replenished from tankers that come into the port. We can take oil from anyone who can provide it. We are not dependent on any particular supplier.

Our plants also can use natural gas as fuel. This is delivered by pipeline from out of state.

2.5 The embedded chips

The power control systems only use dates for logging (recording) functions. The operation of the system does not have a date dependency.

The distribution system is controlled and monitored by RTU's (Remote Terminal Units) and SCADA (Supervisory Control And Data Acquisition) computer systems. There have been times where the entire SCADA system was not operational for longer than a day, but there were no significant power interruptions as a result. The power distribution is made much more efficient and less labor intensive by the SCADA system, but it can function without computer assistance.

2.6 Dissenting opinions

Previous revisions of this paper have brought disagreement to the surface. I appreciate the feedback, and some of the comments and corrections have been incorporated into this paper. The dissenting opinions are online at my Y2K web site:

http://geocities.datacellar.net/TheTropics/9090/y2k.html

When the printed version of this paper is distributed, I will include these opinions and my responses as an appendix.

In summary, the following "But what about X?" questions are addressed in my replies:

But shouldn't we prepare anyway? --- Don Crowe letter

But what about dependencies on suppliers? --- Don Crowe letter

Have our systems been tested for computer failure? --- Alan Fountain letter

You are just speculating and don't have the facts --- Alan Fountain letter

But what about embedded chips? --- Alan Fountain letter

But what about the NRC shutting down nuclear plants? --- Alan Fountain letter

But it is too late now to fix the problems. --- Alan Fountain letter

But we can't test the power system. --- Ed Yardeni report

But what about common mode failure? --- Ed Yardeni report

But the remedial pace is too slow. --- Ed Yardeni report