[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

fw: The Bug in the Bomb (fwd)

Forwarded message:
From di238@freenet.carleton.ca  Sat Nov 21 04:04:38 1998
Message-Id: <>
X-Sender: di238@pop.ncf.carleton.ca
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.2 (16)
Date: Sat, 21 Nov 1998 03:55:41
To: y2k@tao.ca, y2k@inode.org
From: Terry Cottam <di238@freenet.carleton.ca>
Subject: fw: The Bug in the Bomb
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

Date: Wed, 18 Nov 1998 00:32:55 +0000
To: Bob Olsen <bobolsen@tao.ca>
From: Paul Swann <pswann@easynet.co.uk>
Subject: The Bug in the Bomb


BASIC have given me permission to circulate the Executive Summary
of their report on the internet. The full version should now be
on their website.  http://www.basicint.org/



The Bug in the Bomb:
The Impact of the Year 2000 Problem on Nuclear Weapons

Executive Summary

This report is a first step towards assessing the impact of the Year
2000 computer date change - otherwise known as the "Y2K problem" or the
"Millennium Bug" - on both nuclear weapons arsenals and national
security structures. Although primary emphasis is placed on the recent
experiences of the United States Department of Defense, a comprehensive
analysis of the issue will require examination of the entire nuclear
weapons cycle for all nuclear powers, from production of weapons to
deployment to dismantlement.

Initial research findings by a number of different agencies and teams of
experts, both inside and outside the Department of Defense (DoD), have
resulted in "no confidence" that the Pentagon's present program will
meet the Year 2000 challenge. The DoD weapons and communication systems
utilize millions of "embedded systems" in the form of microchips and
microprocessors. These semi-independent systems- within-systems are hard
to locate and difficult to fix, and the ultimate effects of multiple
breakdowns in embedded systems are poorly understood. There is no
general theory or methodology for assessing the "Y2K compliance" of
software, chips, or microprocessors on a mass basis; suspected systems
must be inspected line-by-line and chip-by-chip. Moreover, December 31,
1999 and January 1, 2000 are not the only dates that present problems;
many such "bugs" exist for dates that occur prior to, or months and
years later than, the year 2000. Finally, even if a particular system is
made completely free of Y2K computing errors, interfaces or connections
to other "infected" systems could introduce bad data, causing the
"fixed" system to produce erroneous information or even shut down
completely. Because of these subtle, yet insidious inter-system effects,
Deputy Secretary of Defense John Hamre has admitted that "Everything is
so interconnected, it's very hard to know with any precision that we've
got it fixed."

Nuclear systems are not exempt from Y2K-related problems. A recent
Memorandum from Secretary of Defense William Cohen mandated that US
Strategic Command (STRATCOM) give a detailed report on the status of Y2K
repairs for all nuclear command and control systems. Although it was
produced in mid-September 1998 as an unclassified document, it has not
been released to the general public. Congressional access has also been
extremely limited. This reluctance to provide information raises deep
concerns about the ability of STRATCOM and the armed services to fix
both the weapons themselves and the all-important support systems such
as launch platforms, communications networks, logistics channels, and
safety systems. According to one congressional source, "These decisions
constitute a concerted effort to censor information on Y2K progress. If
there's anything bad, the immediate response is to cover it up, rather
than taking care of the problem."

In fact, there are severe and recurring problems across the entire DoD
Y2K remediation program, including ill-defined concepts and operating
procedures, ad-hoc funding and spotty estimates for final costs, lax
management, insufficient standards for declaring systems "Y2K
compliant", insufficient contingency planning in case of Y2K-related
failures, and poor inter-departmental communications. There is no
credible and concise evidence that all mission-critical systems will be
repaired and tested on time. Moreover, February 1998 saw a mass exodus
of qualified civilian managers from the Office of the Assistant
Secretary of Defense for Command, Control, Communications, and
Intelligence (OASD/C3I), the branch of the OSD responsible for
monitoring and guiding Y2K remediation efforts. This exodus included
many experts on Information Technology (IT), leaving the entire program
rudderless for several months. It is still not clear that recent
organizational restructuring and new civilian appointments have
adequately addressed the need for rational and consistent central
management. According to one congressional staff person who has been
monitoring the DoD's progress, "The ongoing response to the Y2K bug is
symptomatic of catastrophic mismanagement throughout the DoD."

This state of affairs has been exacerbated by a lack of Congressional
attention to defense matters and Y2K. The majority of Y2K committee
hearings and bills have been initiated largely through the concerns of
domestic lobbies. The dearth of external oversight of Y2K and defense
systems extends to Congressional support agencies as well:  the
Congressional Research Service (CRS) is monitoring the problem at only
the broadest levels; the Congressional Budget Office (CBO) believes that
the issue is outside its mandate; and the General Accounting Office
(GAO) has thus far reported only on general DoD procedures and
management, rather than on specific nuclear systems. The GAO will not
consider the results for individual systems until the DoD completes all
"verification" activities by mid- to late-1999. This leaves little time
for the formulation of alternative international policies to avert a
crisis caused by major malfunctions in components of the nuclear

The Pentagon has already announced the existence of "high risk" systems
that may not be repaired or tested in time, and for which repairs may
ultimately be impossible. Problems may not be eliminated by 2000 no
matter what resources and money are devoted to them.

Finally, Russia's decaying nuclear systems are also in danger of Y2K
failures, and US decision-makers are currently planning to share
early-warning information (and even exchange key military and civilian
personnel) to guard against a purposeful launch based on faulty
surveillance data. However, this assumes that US systems will be fixed
and verified on time.

The dangers of a Y2K meltdown, even if restricted to a few key systems,
are intensified by the Russian and American policy of "launch on
warning." This policy calls for nuclear retaliation after detection of
another country's launch of missiles, but before the adversary's
warheads impact. If Y2K breakdowns were to produce inaccurate
early-warning data, or if communications and command channels were to be
compromised, the combination of hair-trigger force postures and Y2K
failures could be disastrous.

For all of these reasons, there should be a "safety first" approach to
Y2K and nuclear arsenals. All the nuclear weapons states should
stand-down nuclear operations. This approach should include taking
nuclear weapons off alert status or de-coupling nuclear warheads from
delivery vehicles. Whatever option is chosen, policymakers must be given
as much time and latitude as possible for making important decisions in
an environment beset with Y2K difficulties and uncertainties. By
verifiably taking forces off alert on a multinational basis, leaders
could be highly confident that there is no danger of a preemptive
attack, thereby lessening the importance of reliance on C3I systems that
might succumb to Y2K failures. This necessitates that Clinton
Administration and Congress abandon the current "wait and see" approach,
which relies on the timely completion of the Pentagon's Y2K program.
Because there is no guarantee of success, US decision-makers must take
steps now to preclude disaster should the Pentagon fail.

Serious attention is also warranted for all nuclear activities under the
Department of Energy (DoE), including warhead testing and modernization
facilities at Sandia National Laboratories and other sites. The Y2K
problem can affect every aspect of the DoE's "cradle to grave" nuclear
program. More information is also needed about the Y2K-related
activities of other nuclear-weapons states. The Clinton Administration
should work with other countries to improve Y2K compatibility and to
provide information on overall progress.

British American Security Information Council
1900 L St., NW, Washington, DC 20036 Tel. +1 (202) 785 1266 Fax +1 (202)
387 6298

Carrara House, 20 Embankment Place, London  WC2N 6NN Tel. +44 (171) 925
0862 Fax +44 (171) 925 0861

Full report should be available at http://www.basicint.org/ on Friday 13th

For more information or for a copy of the report please call Thomas Neve
at +44 (0)171-925-0862

 Bob Olsen     Toronto     bobolsen@tao.ca   (:-)

 PLEASE NOTE my new email address.  Thanks.........!!

This is the OPIRG-events@ox.org list. Announcement only please.
To unsubscribe, send email to opirg-events-request@ox.org, and put
"unsubscribe" in the body.