The False Assumption Lay People Have
That All Utilities Can Operate In a Manual-Bypass Mode
in January, 2000 - Water Supply Implications
by Roleigh Martin
Uploaded to the CPSR-Y2K Mailing List, 1998-01-26

Some people have read my article, "The Year 2000 Embedded Systems Threat to Core Infrastructures" published either in the January/February 1998 issue of the widely circulated, Year/2000 Journal or on the Minnesota Software Association website at http://www.msa.org. Others may have visited my web site at http://ourworld.compuserve.com/homepages/roleigh_martin (where links to the prior two articles exist). Among those who have followed my concerns and to whom I have had the opportunity of speaking with, some tell me not to worry because the core infrastructures will be able to operate in a manual, bypass manner if their automation controls fail because of Year 2000 embedded systems problems.

"Embedded systems" has been best defined by the U.K. Institution of Electrical Engineers as "... devices used to control, monitor or assist the operation of equipment, machinery or plant. 'Embedded' reflects the fact that they are an integral part of the system. In many cases their embeddedness may be such that their presence is far from obvious to the casual observer and even the more technically skilled might need to examine the operation of a piece of equipment for some time before being able to conclude that an embedded control system was involved in its functioning." *

The Year/2000 embedded systems problem deals with embedded systems that are subject to failure because their software is not Year/2000 compliant.

Core infrastructures refers to the utilities that provide us with electricity, clean water, natural gas, waste removal, phone service, and so forth. Reliable, large-scale distribution of electricity is the most important issue, because almost all other utility services depend on it.

The embedded system Year 2000 problem with core infrastructures concerns equipment with embedded control devices used by utilities that will operate improperly (causing equipment failure or worse) after the turn of the century, or in some cases after 1/1/1999 or even other dates.

I have received in-depth reports from three investigators who work inside the electric utility industry and whose job is embedded systems Year 2000 compliance. All three of these individuals report that my web site material is either accurate or when not, that my problem is that I am missing additional factors to be concerned about -- that is, that I am understating the problem! The material I have received is being reviewed by lawyers whom are helping me on a voluntary basis as to how to safely make use of the material. However, one quote from the investigators needs to be released now. One investigator reported that a new HVAC system failed in year 2000 testing and wrote:

"New HVAC machines (as well as others) do not always contain manual override for 'on' position. Work-arounds are impossible without costly replacement. Lead time on replacement of such machines has put several utilities into guaranteed non-compliance."

A HVAC is a heating/ventilation/air-conditioning system. Without HVACs working, rooms containing electronic sensors and heat-sensitive data processing equipment can overheat and start malfunctioning.

Now, as always, what is the impact of non-compliance? In some cases, it only impacts the rollover across centuries, but in other cases it can impact ongoing operation in the new century (even if it was shut down for the rollover hour) for various reasons too technical for purposes of this article.

Bottom line: it is foolish not to be concerned about this problem if you and your family value electricity. Some people act as if it would not be analogous to preparing for a winter campout in a unheated cabin. But these people forget the water issue -- most winter camping sites have hand-operated water pumps. If your family is dependent upon city water, then chances are that electricity is needed to maintain water pressure for the water has to be pumped up into water towers so that gravity thereafter can maintain water pressure.

In conventional power outages, the problem is typically caused by events external to the power plant and a city-wide outage is very rare. In conventional power outages, backup equipment identical to the failed equipment is available for replacement. In a Year-2000 outage, an outage could be caused by equipment inside the power plant where the same Year-2000 noncompliance flaw exists in the replacement equipment. If this is the case, compliant-replaceable equipment might either have to be custom made or purchased and it might not fit in exactly right with the other equipment interacting with the failed equipment. In other words, a variety of new equipment might be needed with long lead times required. A Year-2000 outage could mean a prolonged period without electricity for the area unless the power grid can supply the area previously served by the downed power plant -- but if an abundant number of other power plants across the nation have the same problem? You get the picture.

Although most water utilities probably have backup generators, for how long a period are they prepared for? How long can your city go without city-wide provided electricity and maintain water pressure? In a sub-zero weather in January 2000, how long would a period of a lack of water pressure take before becoming a city-wide disaster? Even if the electric utilities had their act together and water pressure was okay, will the water utilities' equipment work after 1/2000 so that the water is clean?

Steve Gravelle, in the 9/10/1997 issue of the Cedar Rapids Gazette newspaper in Iowa, wrote about the loss of electricity and its' impact on water. "With no heat, residents in older homes and mobile homes turn on their water to prevent their pipes from freezing. But with no electricity, pumps can't replenish the water towers, and Marion soon runs out of water. And when power is restored, the entire water system must be flushed and treated to prevent contamination." Quoting Ned Wright, Linn County Director of Emergency Management: "'The power may be out for five days,' Wright said, 'but you can't drink the water for seven.'"

It is the above reasons that principally drives me to continue this campaign. I live in the coldest state in the nation (a Minnesota city has the record as the coldest city in the nation!). As long as the experts refuse to discuss their preparations and the inspection, remedy, and fallback measures being taken -- if any, I am seriously concerned. You should too if you value electricity and city-provided water.


* Special thanks to David Spinks for providing this definition of embedded systems. Thanks also to Karl E. Vogel for his help with some of the other definition paragraphs.

About the author:

Roleigh Martin, M.A., is a software engineer consultant who has written for The Year/2000 Journal and the Minnesota Software Association's publications on the Year 2000 embedded systems threat to core infrastructures. He has a web page at http://ourworld.compuserve.com/homepages/roleigh_martin where these two articles can be read. Prior to his data processing career over 20 years ago, he was a research sociologist employed at various research centers and was a consultant for a National Science Foundation grant on system modeling. Over the years, he has done various freelance articles.


Index The Year 2000 Problem Home Page