BASIC RESEARCH REPORT

The Bug in the Bomb:

The Impact of the Year 2000 Problem on
Nuclear Weapons
(Part 3)

The Current State of Y2K Programs
Inside the Pentagon

Due to the recurrent problems describe above, as well as the fact that most projects are up to four months behind schedule, the OMB and OSD have increasingly stressed the importance of upper-level management involvement in the Y2K process. In response to the civilian retirements, a "Year 2000 Special Assistant" position was created in the OASD (C3I) and filled by William Curtis, an engineer and past member of the armed services. Also, the jobs of DoD Chief Information Officer (the ASD for C3I) and other deputies were filled by OSD officials, all of whom have attempted to strengthen the coordination of the Y2K remediation process.⁶⁴ At the Congressional hearing that followed Curtis' appointment, he gave the following description of the organizational responsibilities for military and civilian leaders:

. . . the Deputy Secretary of Defense chairs the DoD Y2K Steering Committee. This committee reviews the progress of all DoD components, serves as a forum for sharing information, surfaces management and resource issues, and identifies opportunities to accelerate progress on the Year 2000 problem. Senior representatives from all major DoD components participate in this forum . . . The DoD CIO [Chief Information Officer] has overall responsibility for managing DoD’s Year 2000 efforts. The Department of Defense Chief Information Officer function is assigned to the senior Civilian Official of the [OASD C3I] . . . The DoD CIO sets Y2K policy, coordinates the efforts of the services and defense agencies, and monitors Y2K progress on behalf of the Secretary of Defense . . . I lead the DoD Year 2000 Oversight and Contingency Planning Office. Both the GAO report and the recent Defense Science Board Task Force report recommended assignment of a strong central leader. These recommendations were captured in the March 1998 blueprint for restructuring the Office of the ASD (C3I) and accepted by the Secretary of Defense . . . My staff handles all multi-component Y2K actions, such as developing DoD Y2K policy, management plans, consolidated reporting, interface assessments, contingency planning guidance and oversight, and testing oversight.⁶⁵

One of the methods introduced by Curtis was to incorporate integrated or interface testing into regular wargames already scheduled for the coming year. Along these lines, the Joint Staff held a three-day "CINC Warfighters Conference" to improve Y2K operational validation procedures for "system of systems" testing.⁶⁶ It was eventually decided that 25 joint tests of this nature would be conducted.⁶⁷ Another method (in use since the beginning of DoD Y2K remediation) has been "Interface Assessment Workshops" (IAWs), in which officials and project managers from each of the services, agencies, and functional areas meets to discuss progress in fixing and validating systems, as well as identifying potential areas of vulnerability to external connections with other systems.⁶⁸ As noted in the DoD Quarterly Y2K Report to the OMB, "By the end of FY 1998, DoD will have conducted at least three workshops for each of DoD’s functional areas and significant non-DoD data exchange partners. Through these workshops, approximately 80 percent of all necessary systems interface agreements have been completed."⁶⁹

In regard to nuclear weapons, a series of IAWs have been held for three key "functional areas": "Nuclear Command and Control," "Nuclear Systems," and "Nuclear, Chemical, and Biological" operations. Each of these functional groupings encompasses multiple services and agencies.⁷⁰ There have also been increased efforts toward addressing the Y2K vulnerabilities of allied systems through the Unified Commands, including an ongoing series of IAWs initiated on February18, 1998 and involving Australia, Canada, New Zealand, the UK, and the USA.⁷¹

As one example of a Y2K success story in the Nuclear Systems functional area, the B-1B strategic bomber has passed all "end-to-end" systems tests. According to the B-1B System Program Office, the program involved integrated ground testing with data inputed from the global positioning system (GPS), as well as extensive test flights in which "experimental" or "simulated" date entries were entered into various systems. Relevant test simulations also included 11 October 2000 (a date in 2000 using a two-digit month), and February 29, 2000 (the leap year anomaly).⁷²

Other positive developments include ongoing renovations and testing of the Global Positioning System. According to one Inside Publishers report, "Global Positioning Systems satellites are well prepared for their rollover event on Aug. 22, 1999," at least in regard to military usage of the network.⁷³ Three aspects of the GPS system – space, control, and receivers – have been receiving focused attention.⁷⁴ These are all separate physical components, and in fact, ground control networks and receivers must be checked by each service and agency, because Y2K compliance for one arm of the military does not guarantee similar compliance for other organizations. For instance, on 1 January 1998, Naval Space Command recorded an anomaly when "it became clear that the software processing GPS data for NAVSPACE had incorrectly processed 1997 as a leap year, as 1996 had been, so that Jan. 1 . . . was being recorded as the 366th day of 1997."⁷⁵ Nonetheless, the satellites have now been verified as compliant on a DoD-wide basis. Military receivers have been similarly validated, and ground control stations are undergoing renovations for completion by 8 December 1998 for all services.⁷⁶

On a final positive note, the August Quarterly report to OMB stated that warfighting commanders would still be able to ensure strategic command and control communication in the event of commercial network failures through the satellites, radio, and base switches within the Defense Information System Network, the Defense Satellite Communication System, and Government Emergency Telecommunications System.⁷⁷ In particular, the Defense Information System Network has already gone through the repair or renovation stage of the remediation process and is undergoing "validation" of completed fixes.

Despite this renewed effort by the OASD (C3I) and OSD, negative reports of DoD activities have continued to surface. Representative Horn gave another "D" rating to the Pentagon’s Y2K remediation program on 15 August 1998, repeating the evaluation given in May. As with prior ratings, the Subcommittee’s negative conclusions were based on multiple sources both inside and outside the DoD.⁷⁸

For instance, there are signs that severe problems persist in meeting project deadlines for the final phase of "integrated" testing. On 31 July 1998, the DoD predicted that 43 mission critical systems would not be renovated on time and therefore would suffer from a "high risk of failure." In response, a "high-risk systems board" was created. The new board primarily includes those senior officials already tasked to meet the Y2K challenge, with the addition of Deputy Secretary of Defense John Hamre.⁷⁹ This board is now involved in an ongoing effort to discover "alternative" ways of "intervention" for these high-risk systems.

However, the list of high-risk systems has now become larger, and many other systems are still awaiting completion of the "renovation" phase. In the latest Quarterly Report to OMB, the DoD

. . . reported that 51 percent of its mission critical systems still need Y2K repairs. The number of mission-critical systems that will not be fixed by a March 1999 deadline set by OMB has increased from a reported 34 in May to 69. The number of mission-critical systems that have fallen at least two months behind schedule since the Pentagon’s last report has risen from nine to 51.⁸⁰

The OASD (C3I) and OSD’s inability to provide strong, centralized technical guidance also continues. In response to the numerous recommendations of DoDIG audits on the subject, and based on the extant practices of the Air Force, Curtis proposed a high-level testing and certification work force to guide testing efforts and assure true system compliance after the validation phase. Initially expected to consist of 250 five-person teams, the goalpost has now dropped to only 50 such teams, and even that may not materialize. One reason is the lack of specialized personnel, many of whom are already hired for intra-service Y2K programs.

The other reason is political. As one Airforce official stated, "It’s a political tar baby that no one wants to get involved with."⁸¹ Additionally, one anonymous OSD source told an Inside reporter that "The certification force created an unusual tension. Each service is [taking a different approach] to fixing their systems . . . They are saying, ‘If you want to help us, give us money.’ The idea is languishing."⁸² This service-level inertia continues despite the need for a clear central authority to arrange and verify "functional area" and "mission area" test programs that combine communications and weapons systems from multiple services and agencies.

The growing concerns of high-ranking public officials about the status of Y2K projects and the accuracy of DoD reports to the OMB eventually led to a terse memo by Secretary of Defense William Cohen. In his opening paragraph, Cohen stated that "The Department of Defense (DoD) is making insufficient progress in its efforts to solve its Y2K computer problem."⁸³ He then described several actions he had taken to "improve the accountability for corrective actions." He wrote:

I have asked the Chairman of the Joint Chiefs of Staff to develop a Joint Y2K operational evaluation program and he will give me his plans by October 1, 1998 . . . Additionally, starting with the September 1998 Senior Readiness Oversight Council (SROC), the SROC will report on the readiness implications of Y2K . . . By September 15, 1998, the Commander-in-Chief of the U.S. Strategic Command, the Senior Civilian Official (SCO) of the Office of the Assistant Secretary of Defense . . . (C3I), and the Joint Staff Director of Operations (J-3) will provide to me a detailed report on the Y2K compliance of the nuclear command and control system. This report will be briefed to the DoD Y2K Steering Committee in September.⁸⁴

In keeping with this mandate, STRATCOM in Omaha and Washington, DC, along with Joint Staff in the Pentagon, issued a complete report on the current remediation status of systems found in the Nuclear Command and Control "Functional Group." Carrying the subject heading "Year 2000 Compliance on Nuclear Command and Control," the full report was briefed to the Y2K Steering Committee and the Office of Secretary of Defense in mid- to late-September 1998. Both the report and the briefing have been withheld from public view by the Joint Staff and STRATCOM, despite the fact that both documents are unclassified. As Lt. Col. Veshosky of the Joint Staff explained in a short interview, the materials are "sensitive" and will be kept under wraps until the Commander in Chief of STRATCOM and Senior OSD officials decide otherwise.⁸⁵

Finally, in the same 7 August Memorandum, Cohen stated that all DoD organizational components would be held responsible for implementing and enforcing several mandates by 1 October 1998. First, all mission-critical systems were to be accurately reported in the DoD Y2K database, with any changes in mission-critical status (in the form of additions or subtractions from the list) explained and reported in detail. Second, project managers were to ensure that no funds would be forthcoming for modernization or remediation of any systems in the Y2K database unless those systems had "a complete set of formal interface agreements for Y2K compliance" (i.e., unless all points of contact with other systems were accounted for and marked for testing).⁸⁶ Third, funds would be blocked for acquisition of any new IT or national security systems that process date-related information unless those systems explicitly specified the necessary Y2K compliance requirements. Fourth, funds would be withheld from any DoD user trying to access the Defense Information Systems Agency (DISA) information megacenter unless the user signed all the necessary interface test agreements with DISA. This latter mandate is being enforced by DISA, which Cohen directed to provide a report to the OASD (C3I) detailing "all megacenter domain users who have failed to sign explicit test agreements . . . by October 1, 1998."⁸⁷ Finally, Cohen ended the Memorandum by promising to "take a hard look at progress in November and December," and to prohibit any and all funding for further modifications of software if Y2K efforts continue to lag behind schedule.⁸⁸

The most recent developments in September and October 1998 continue to have mixed or ambiguous implications. On the positive side, Deputy Secretary of Defense John Hamre has stated that the Pentagon believes only 100 out of 3,000 mission-critical systems remain to be fixed. Also, the Congress, at the urging of Secretary Cohen and others, recently approved $1.1 billion for Y2K remediation efforts in the final emergency supplemental bill of the FY1999 defense budget.⁸⁹

On the negative side, Hamre has also stated that project managers reporting to his office might be overestimating progress, and that Y2K problems will not be fully addressed until both independent systems tests and mission-level operational evaluations are concluded. Furthermore, the current estimate for Y2K remediation costs is $1.9 billion, and this rough amount does not include testing and verification activities. No federal funds have been allotted in the budget for the validation phase of the Pentagon’s program of action, and Hamre has admitted that he cannot currently estimate the final cost of the entire Y2K program.⁹⁰

Despite the need for dedicated Y2K funds, both higher-level officials in the OASD (C3I) and military commanders at the service level continue to resist pressure to create a central Y2K funding pool. Curtis and other officials believe that a centralized funding initiative would lead to in-fighting and bureaucratic red tape. As a result, all requests to Congress for special allotments remain ad-hoc. This means that each agency, service, and organizational component is expected to divert funds for testing and verification of systems’ fixes from other existing programs, including modernization activities. The only exception is the newly approved $1.1 billion in the FY1999 emergency supplemental bill.

Finally, a Congressional source closely monitoring DoD progress has said that there are "contradictory statements" between what top officials have been saying in public and what has been admitted in closed sessions in the Pentagon.⁹¹ For instance, in a 25 September 1998 meeting of the Y2K Steering Committee in the OSD, Hamre stated that all mission-critical nuclear systems had been repaired, and that most were currently entering the testing phase.⁹² This statement matches his most recent October proclamations quoted in the computer and defense media that only 100 systems remain to be fixed, and that all systems will be ready for the testing or "validation" phase by December or January 1998-99.⁹³ However, this claim was contradicted by Committee member Admiral Richard Mies, Commander-in-Chief of STRATCOM, during the same closed session. Mies stated that eleven crucial STRATCOM nuclear systems would not meet the revised December deadline for repairs, let alone the ongoing plans for early validation of completed fixes. Mies added that twelve new systems currently in development will not be compliant with Y2K program standards.

In fact, there is evidence that increased emphasis is being put on restricting information flows rather than improving the quality of data and guaranteeing access for lower-level project managers. Regarding the completion of an accurate central database on Y2K repairs, officials in the 25 September session again concluded that existing data was inadequate and inconsistent, and that continuing work on the database needed to be synchronized between departments. In contradiction to this goal, however, officials at the policy meeting also agreed that further Y2K information should be held back from the worldwide web, and that much of the existing data already available at Pentagon websites should be revoked. As one congressional source summarized, "These decisions constitute a concerted effort to censor information on Y2K progress. If there’s anything bad, the immediate response is to cover it up, rather than taking care of the problem."⁹⁴ In this vein, Art Money, the Assistant Secretary of Defense for (C3I) and Senior Civilian Official (SCO) involved in Y2K programs, stated during the 25 September meeting that Hamre and other program managers should "just accept the [poor] numbers and get on with fixing the systems."⁹⁵

Thus, several questions raised by the GAO and Inspector General Office reports remain unanswered. Have the services been able to create a complete, clear, and consistent central database for identifying all system interfaces? Have sufficient facilities been set aside for testing? Are contingency plans in place in the event of Y2K failures? Does each agency, military service, and organizational component know roughly what the testing and verification activities will cost? What decision rule is being used by project managers to ensure that money is being diverted wisely and efficiently from other ongoing programs? For instance, with regard to nuclear weapons, how do the Y2K efforts affect warhead modernization, stockpile stewardship, upgrades in Minuteman III guidance sets, embedded chip upgrades for future early-warning satellites, and so on?

Russian-American Interactions on Y2K and Nuclear Arsenals

The civilian and military leaders of Russian nuclear weapons systems and C3I have thus far steadfastly denied that there will be Y2K difficulties for the country's nuclear forces. In fact, both the Principal Director and the Chief Systems Designer at "Impulse State Scientific Production Association," Russia’s version of the North American Aerospace Defense Command (NORAD), have denied any major safety failings of Russia’s aging early-warning and nuclear control systems. For example, unrelated to the Y2K problem, Western intelligence reports in May 1997 declared that multiple "prepare to launch" signals had been mistakenly sent to the strategic rocket forces by the central computer system. However, Principal Director of Impulse Boris Mikhailov adamantly denied the existence of such computer malfunctions, stating only that "I have worked here since July of 1980, and I never heard of anything like this."⁹⁶

In light of this history, it is perhaps not surprising that Russian officials deny its forces will have problems with the Y2K bug. Igor Sergeyev, Russia’s current Defense Minister, said at a news conference in August that "This problem mostly affects sectors where they use conventional computer technologies. There is no such danger [for nuclear weapons], since in the Strategic Missile Forces we use special technologies."⁹⁷

In fact, at this point there is no single version of Russian C3I difficulties that is accepted by all Russian practitioners and outside observers. As one Associated Press reporter summarized the vexing nature of the issue, "[External] Analysts say Russia’s most vulnerable systems are in its aging nuclear plants and defense systems. Information about those computers is secret, and predictions about whether failures can be expected are varied and probably unreliable. . . One thing is clear. The people who oversee these sectors don’t seem concerned."⁹⁸

Sergey Fradkov, a former-Soviet satellite control technician now working in a private software firm in New York, has issued statements that direct contradict the optimistic evaluations of current Russian officials. In regard to the early-warning receiving and processing systems in Russia, Fradkov argued that "Russia is extremely vulnerable to the Year 2000 problem and an accidental launch is possible . . . If the date is used somewhere to track an incoming missile and the date shifts to 000000 for a brief moment, there is a division by zero – an extremely high value – that fools the system into thinking there is a high probability of an attack in progress."⁹⁹

Ron Piasecki, an American consultant with extensive experience fixing Y2K glitches in US government programs, backs Fradkov’s position. According to Piasecki, a mistaken missile launch brought on by date dependencies alone would be highly unlikely because human intervention is required to complete launch procedures. However, it is definitely in the realm of possibility for Y2K glitches to freeze or garble radar and telecommunications networks, which might lead to launch orders based upon inaccurate data.¹⁰⁰

In response to this potential danger, for the past several months Deputy Secretary Hamre has been offering invitations to Russian C3I officials to stand "right beside" their American counterparts when the year 2000 arrives.¹⁰¹ US and Russian political leaders have apparently agreed with Hamre’s proposals. On 2 September 1998, at a Summit in Moscow, President Clinton and President Yeltsin committed themselves to an ambitious policy initiative described in the "Joint Statement on the Exchange of Information on Missile Launches and Early Warning." Under this agreement, data from the early warning systems of each side would be continuously exchanged, possibly through the creation of a bilateral warning center that would be independent from the existing national centers (NORAD and Impulse). As summarized by the United States Information Agency (USIA),

This agreement reaffirms the US-Russian shared commitment to reduce the danger of nuclear conflict, strengthen strategic and regional stability, and develop common responses to the threat posed by the continuing global proliferation of ballistic missiles . . . . The US and Russia will develop arrangements for providing each other with continuous information on the launches of strategic and theater ballistic missiles and space launch vehicles detected by their respective early warning systems. Missile launch information could be sent to each side’s national early warning centers, and possibly to a center operated by US and Russian personnel working together, side-by-side. The US and Russia will also work towards establishing a multilateral ballistic missile and space launch vehicle pre-launch notification regime in which other states would be invited to participate.¹⁰²

Finally, perhaps partially in reference to the Y2K problem, the USIA also noted that the agreement "will significantly reduce the danger that ballistic missiles could be launched inadvertently on the basis of false warning of attack. It will also promote increased mutual confidence in the capabilities of the ballistic missile early warning systems of both sides."¹⁰³

It seems that some parts of the Russian military structure are gradually awakening to the potential dangers of Y2K. Although no dedicated, top-down program exists for Y2K remediation, one unnamed Defense Ministry official has admitted that he is aware of the Millennium Bug and that the Ministry is "working on it."¹⁰⁴

In addition, non-governmental groups have been publicizing the issue. For example, the Central Telecommunications Commission (CTC) has recently handed government agencies a checklist for assessment of present systems (although no advice for actual fixes has been created). However, Alexander Krupnov, the present chairman of CTC, has admitted to the Associated Press that Russia is behind other countries in many areas related to Y2K.¹⁰⁵

The Clinton-Yeltsin agreement to share information is thus far the only solution provided by US analysts that addresses both the Y2K problem and Russia’s more general difficulties with nuclear C3I, such as incomplete coverage of US missile sites by existing satellite networks. The Congressional Budget Office (CBO) recently released a draft report requested by Senator Tom Daschle in response to pessimistic reports on Russian nuclear C3I. The report listed several feasible and cost efficient programs to help reduce the risk of accidental launch by Russian leaders. It outlined the following US policy alternatives:

1) share early-warning data with Russia;

2) give proven 1970s satellite sensor and data processing technology to Russia, and allow Russian scientists to integrate or apply this technology through their own funds;

3) pay Russian scientists directly for the purpose of integrating western sensor technology;

4) fully fund an indigenous Russian C3I improvement based upon existing 1970s US technology; and

5) fund a buildup of Russian research into "next-generation" technology, as well as the construction of the proper industrial infrastructure for producing the final components.¹⁰⁶

These options are sensible and should be pursued. However, only the first option, agreed at the Clinton-Yeltsin Summit three days before the CBO report was released, could help address concerns about Russia's C3I systems before the Millennium. The CBO estimates that each of other four options would take at least five years to fully implement, and perhaps ten.

"The Bug in the Bomb" continued