How bad, how long, how likely?

By Peter de Jager

The discussion (controversy?) surrounding Y2K preparedness lies not in any argument about how many cans of soup per person per day, but in how many days we should prepare for, if any? What depth of self reliance is called for, if any? What threats to safety, if any, will Y2K disruptions impose on us?

All of which boils down to: how bad, how long, and how likely are Y2K disruptions? Once these most basic of questions are answered to our individual satisfaction, then we can make reasonable plans for coping with what we believe might occur.

It should be obvious, but I guess it's worth highlighting, that asking "how bad, how long, how likely" automatically assumes a particular place. The answers to these questions for Toronto, Canada, will differ, perhaps greatly, from Tokyo, Japan, and Moscow, Russia.

This article will make no futile attempt to answer anything but the most basic of aspects of these key questions for different cities, countries or geographic regions. Instead, it will raise the questions which require honest answers. It will also provide a rationale behind my estimates/opinions as to what a reasonable level of preparation is.

Another glaring weakness of this article is that whatever answers I can provide will be neither precise nor certain. They will be merely educated guesses about an uncertain future. I make no claims to omnipotence.

So, if you were expecting a 'how-to-prepare' article that focuses on how many cans of soup, water and candles you should be squirreling away, then this article will be a disappointment. If, on the other hand, you were looking for something discussing what levels of disruption are possible and therefore, what levels of preparation are reasonable, then you just might find this article useful.

Okay, so what level of preparation is reasonable? I'll start with the answer to this question and then proceed to elaborate on why I believe in my answer.

Some are suggesting 2 - 3 days is sufficient. I classify this advice as 'South of Prudence,' but not for the reasons some might think. It's not because I think Y2K disruptions might be longer or shorter than 2-3 days. It's because I think preparation plans of 2 - 3 days are not 'plans' at all.

One could go to practically any household in the Western world, and with only 10 minutes warning, bang nails into the doors, cut off water and power, and even in the dead of winter, come back three days later to find the inhabitants a bit smelly but none the worse for wear.

A three day outage of all services would typically impose hardships in three areas; Heating, water and food. If you had no food at all in the house, you'd end up a bit hungry. The water problem is solved by filling a few pots, pans and the bathtub (assuming you had cleaned it recently). Heat for three days?

Candles or even a makeshift oil lamp using olive oil, combined with lots of blankets and an extended family hug and you'll come through your 'three day crisis' with little, if any damage, and perhaps a better understanding of why deodorant sells so well.

The one exception, and this will keep arising as you think about Y2K preparations, is medical needs. I would expect anyone who had to have medication every day would have at least three days (to a week) supply on hand at all times…but that's an assumption on my part.

So 2 - 3 days is insufficient as a preparation plan for any crisis. It's not really a plan, it's a decision to do nothing.

Note: I have NOT said that 2 - 3 day outages/disruptions due to Y2K are likely. All I've said is that a 2- 3 day preparation plan isn't a plan.

On the other end of the scale, call it 'North of Reason' (as a counterpoint to 'South of Prudence'), we have the 6-months to 10-year preparation plans.

I don't buy the notion of Y2K disruptions lasting 6 to 120 months. I can imagine no reasonable scenario where such lengthy disruptions are feasible. Are they possible? Sure! In the same way it's possible for you to get four flat tires at the same time. That's possible, but I don't see too many people carrying four spares in the back of their car… just in case it happens.

This is where the discussion gets heated. Such lengthy disruptions are admittedly conceivably possible. But preparing for everything which is 'conceivably possible' is not the best use of our time and resources. It's possible that a deranged killer will storm into my room in suburban Canada, but sitting in a corner with a loaded gun wearing a bullet proof vest each and every day…just in case?

Sheesh…Let's all agree to keep a small grip on reality.

But, I won't just dismiss these scenarios out of hand. In the nitty gritty details section of this article, I'll examine long disruptions more closely.

What do I believe is a reasonable amount of planning? The Montreal Ice Storm comes to mind. It was an unexpected crisis, lasting 2 - 3 weeks in the dead of winter, over a large geographic region and affecting a large metropolitan city.

This was not a non-event. Some 20 people died, not because they froze to death, but because they brought gas powered generators into their homes and died of carbon monoxide poisoning. Pity they didn't know how to use the tools they purchased.

If your level of preparation is sufficient to cope with a 2 - 3 week disruption of services equivalent to what happened in Montreal during the Ice Storm, then I would state you've a sufficient level of preparation to cope with anything Y2K might throw at you in the proactive countries such as Canada, USA, UK, Australia, New Zealand, the Nordic Countries, Is-rael, Belgium, Hol-land, Ireland, and even South America to a certain degree.

In other parts of the world where less preparations have been done, then I'd increase those preparations to 4 - 5 weeks, with the notable exceptions of Russia, much of Eastern Europe, and Italy.

What are sufficient levels for these three exceptions? I honestly don't know. I don't have enough information to hazard a guess.

Note: I am NOT stating that Y2K is going to create 2 - 3 week disruptions in the USA or Canada. I'm stating, very clearly and precisely, that a 2 - 3 week level of preparation is sufficient (a word with a different meaning than 'necessary') to handle what Y2K might throw at you.

Here's a prediction. Some people in the proactive countries will find 2 - 3 weeks preparation insufficient. They will be supported, in their time of need, by those (most of us) who find even 2 - 3 weeks of preparation excessive. There is no one answer…

Now…the big question, why do I believe that 2 - 3 weeks is sufficient?

Before we get into the nitty gritty details, a minimal amount of personal background information is required. Why? Because predictions of any sort are based as much on the specific experiences and expertise of the soothsayer than anything else. If you don't know my relevant systems background, then how can you judge the value of anything I say relating to systems? In particular, the failure and repair of systems?

I started as a computer operator in 1977 with IBM. I worked mainly in the online banking department.

I stayed with IBM about 18 months and during that time participated in the remediation of several system failures. I was possibly even the cause of some of them. The longest failure I recall, lasted about 24 agonizing hours.

The causes of these problems ran the gamut of power outages, programming errors, operator errors, hardware failure, and smoke billowing from devices where even the slightest suggestion of smoke was a sure sign that all was not well with the world.

Most of these problems were handled according to pre-established procedures, even the programming errors. These were solved in a two-step process. The first step was the application of a hastily concocted patch or kludge created by some bleary-eyed, caffeine supported programmer. (Errors of this sort always occurred at 3 a.m. and involved the paging of a programmer usually involved in a more constructive activity called 'sleep'). These kludges were applied continuously until the program gave up and succumbed to the programmer's attempts to beat it senseless.

Next morning, when the world is supposed to look better, the programmer would sometimes, not always, examine the program in closer detail. Sometimes this autopsy resulted in additional changes and, if we were really lucky, some documentation of whatever modifications the programmer had inflicted in the dead of night.

In addition to the online banking systems at IBM, I also worked for a large food chain, a computer timesharing company, a bank, clothing retailer and an insurance company. The positions I've held include those of operator, programmer, business analyst, supervisor, system optimizer, systems manager and general problem solver.

During 15 years of direct computer experience, I've never encountered a computer problem that affected a mission critical application to the point it was totally unusable for more than three days. This does not mean that such failures don't happen, it only means they're rare.

The scene during such a crisis was always pretty much the same. A swat team of programmers, anywhere from 1 to 5 individuals (the largest team I remember was a total of seven) would barricade themselves in a room until a solution was found and then take turns babysitting the situation until a better, more robust long-term solution was installed. I've seen the babysitting phase last for as long as several weeks in rare situations.

These 'life experiences' were not always painless. Companies can lose millions of dollars per day, sometimes per hour, when these events occur. (Of course, if you can lose that much in a hour, you're obviously making that much an hour when things are okay, so you can afford a few losses from time to time.)

What's important about these situations is they occur regularly, and seldom, if ever, make the 6 o'clock news. (A case in point, about 50% of companies report they have already had Y2K problems, but how many were reported in the media? How many are you aware of? Not very many? Interest-ing. It means that Y2K problems are already occurring, AND people are fixing them before they become noticeable.)

With that as necessary background, let's get to the core of my reasoning as to why 2 - 3 weeks is sufficient.

It boils down to a very simple observation. A Y2K problem cannot both be pervasive and hidden at the same time. Stated differently, saying something is both 'everywhere' and 'difficult to find' is a contradiction. Again, if it's everywhere, we can't avoid finding it.

Why is this observation important? Because it strikes at the heart of all the doomsday scenarios. First, some 'facts':

1. Most companies, in all industries with the potential to cause widespread outages, are now taking Y2K seriously.

2. The most important industry sectors (Financial, Power, Telecom, Medical, Oil, Transportation, Chemical) are sharing information freely behind the scenes. When a problem is found, the information is shared.

3. Most competing companies inside an industry are NOT tightly dependent upon each other in the same way the financial community operates.

4. The Financial community is further ahead on this problem than any other industry.

5. Failures in some industries, like Medical, generate a very localized effect. Serious, especially to the people affected, but not regionally or geographically catastrophic.

Points 1, 2 & 3 combined with "if it's everywhere, we can't avoid finding it", are the real reason long term disruptions (6-120 months) of entire industries are no longer reasonable scenarios.

Note, two years ago, Points 1 & 2 were not true. They are today. Two years ago, when the majority of companies were still ignoring this problem, it was possible to overlook problems, but today we've achieved critical mass.

Here are some of those scenarios: (At the core of each scenario lurks the fear of embedded systems as well as software problems)



We could suffer total blackouts as isolated failures have a domino affect across the landscape.


Counter Argument

a. Despite the fact that 79% of utility companies have finished inventory & assessment (Source: Canadian Electrical Association, Jan 21st 1999), nobody has identified a situation that would have cut off power. The chances of the remaining utilities coming across something at this date are slim (not zero, but slim). The reasoning here is plain. If 79% of the assessments failed to find anything, it's because it's likely it doesn't exist.

b. If problems do occur, they will not be 'unexpected.' Power companies will closely monitor their stations on Dec 31. Decisions to redirect power due to whatever failures might occur, will not be done automatically by dumb machines.

Y2K is unlike other problems. It's scheduled. We won't be asleep at the wheel, we'll be expecting problems. That alone is enough to avoid a certain percentage (Not all, not even a majority) of problems.



We could suffer a worldwide shortage of oil, which would cripple transportation and lead to starvation due to an inability to transport food, etc.


Counter Argument

a. The oil industry has worked very hard to, at the very least, communicate what they have found to each other. They are not a shining example of 'proactive' Y2K work, but they do realize the necessity of sharing information.

b. Most oil companies do NOT operate at full capacity. (OPEC just cut back on oil production. That's why your gas prices are up.)

c. The oil industry is NOT a tightly connected industry like the finance industry. (Note: A significant failure in the North Sea would affect ALL oil companies working there, but would have zero impact on the Gulf.)

d. Oil can and is being stockpiled through 1999

e. There is a long time (measured in weeks) between a problem at the well head and a shortage at the pumps.

f. If the North Sea oil field were to experience a problem, other oil fields would increase production to take up the slack (and make more money) The same logic holds true for refineries.

g. But what if all the oil fields had problems? Here we're back to the reality that if a problem exists everywhere then we would have found it by now. The fact that we've all woken up to the problem is the #1 reason why system-wide problems are not possible.

h. Could there be isolated problems? The answer, without hesitation, is of course there will be problems. But no system-wide problems.



Chemical plants could blow up, taking years to replace. We'd run out of fertilizer, reducing crop yields and causing starvation. Plant a garden!!!


Counter Argument

a. Practically all the same arguments as used for the oil industry.

b. The notable exception is this: Chemical plants are dangerous places. Accidents here can and have killed thousands of people. We always have an option. We can shut down the plant if we're not certain everything is okay. Yes, costly. Yes, time consuming. But prudent.

c. In the meantime, stockpile chemicals throughout 1999.