Year 2000 Computing Crisis

A host of critical Federal Aviation Administration (FAA) operations from the targeting of airlines for inspections to the relaying of up-to-date weather conditions to pilots and air traffic controllers depends on computer systems. Unless these systems are readied for the upcoming date change at the turn of the century, hundreds of thousands of travelers could be inconvenienced, airline costs could rise, flights could be grounded or delayed, and safety levels could be affected. This testimony focuses on (1) FAA's progress so far, (2) the agency's self-reported data showing how much remains to be done, (3) the challenges that FAA faces in ensuring its internal systems will work, (4) the risks associated with external organizations especially airports and international entities, and (5) the critical need for business continuity and contingency plans that spell out how aviation operations will continue should systems fail.

GAO noted that: (1) over the past year, FAA has made substantial progress; (2) FAA has: (a) a strong year 2000 management structure; (b) an overall year 2000 strategy; (c) detailed standards and guidance for renovating, validating, and implementing mission-critical systems; (d) a database of schedules and milestones for these activities; and (e) a draft year 2000 business continuity and contingency plan; (3) FAA's self-reported data demonstrate that much work remains to be done in a limited amount of time; (4) FAA must finish implementing 141 mission-critical systems; (5) FAA's year 2000 program office has developed standards for testing and implementing mission-critical systems that require system owners to prepare and obtain approval on a validation plan that includes test plans and procedures, funding requirements, test management roles, and schedules; (6) the system owners are then required to test the system according to this plan, complete a checklist of required validation activities, and prepare a year 2000 validation results report; (7) FAA's ability to implement system repairs and replacements in a timely manner is complicated by FAA's highly decentralized nationwide configuration of air traffic control facilities; (8) in addition to the risks that its internal systems will malfunction or fail, FAA is at risk that external systems will fail, thereby affecting operations; (9) FAA lacks the authority and resources to ensure compliance of any foreign air traffic control system, but it nevertheless retains responsibility for ensuring safe, reliable aviation services for American travellers into 2000 and beyond; (10) FAA is sharing information with its foreign counterparts and assisting them in addressing year 2000 issues, such as business continuity and contingency planning; (11) FAA plans to complete international end-to-end testing with several countries by October 1, 1999, and plans to test interfaces with other countries after this date at their request; (12) because of the risk of anticipated and unanticipated failures--whether from internal systems or due to reliance on external partners and suppliers--a comprehensive business continuity and contingency plan is crucial to continuing core operations; (13) FAA drafted a Year 2000 Business Continuity and Contingency Plan in December 1998, and is reviewing it; and (14) the FAA plans to release four more iterations of this plan by the end of the year, with the next version due out in April 1999.