Y e a r 2 0 0 0 r e a d i n e s s

YEAR 2000 READINESS N A T I O N A L I N F R A S T R U C T U R E F O R U M C O N F E R E N C E - Y E A R 2000 R E A D I N E S S - J A N U A R Y 1999

Michael Sutton

Key regulators in the UK made statements at the National Infrastructure Conference in London, which show the UK National Infrastructure working towards business as usual over the millennium, These statements were confirmed in subsequent weeks by publication of papers by the relevant regulators on the steps they are taking to ensure those companies which they regulate will beYear 2000 compliant.

Margaret Beckett, Cabinet Minister responsible for co-ordinat- ing government action against the Mil lennium Bug announced at the conference that: "The UK's National Infrastructure Forum was the first, and may still be the only, forum in the world which brings together the major indus- tries to help boost business confidence in continued opera- tion of the key services and industries."

She continued "Many international commentators tell us that the UK is one of the best prepared countries in the world.This forum is testimony to that fact. No other country, to the best of our knowledge, has so much independent assessment of the preparedness of its infrastructure... Today the regulators have said that their industries are well on the way to solving the bug problem, though as always we must warn against complacency. UK Plc depends on its business leaders working together on the Millennium date change problem and we owe it to the public to tell them what the position is."

The National Infrastructure Forum (NIF) is part of the government fundedAction 2000 group.The NIF is made up of representatives from regulatory authorities and private and public sector providers of national infrastructure, six of these

power, water, transport, oil, te lecommunicat ions and finance - have been judged byAction 2000 as critical.

The following regulators made announcements at the NIF conference: OFWAT, OFGAS, OFTEL and the Financial Services Authority.

OFTEL

OFTEUs current assessment is that the risk of material disrup- tion to telecommunication networks at the Millennium is extremely low. However, they are not complacent and will be commissioning an independent verification of aspects of the telecoms sectors state of readiness.

The UK telecommunications industry is extremely signifi- cant. Uses range from the 999 emergency service to social ser- vices, from small businesses to multi-national companies, from local authorities to central government and to everyone in their work and personal lives. Telecommunications under- pin virtually all commercial and industrial system and

processes - for example financial transactions, equity mar- kets, safety processes and remote monitoring of equipment not least in the infrastructure industries which were the focus of the NIF conference. Therefore, tackling and dealing with the Millennium Bug is essential for the continued opera- tion of telecom networks and because networks intercon- nect,Y2K compliance must also involve ensuring end-to-end connections.

OFTEL believes that the Millennium poses a two-part problem. First, the implications of the Millennium Bug. Secondly, recognizes the expected huge surge of telecom use at the Millennium change the contingency plans necessary to deal with congestion over the NewYear period.

The Millennium Bug is being tackled by focusing atten- tion on computers and other date dependent systems and telecommunications networks. Each direct access network operator has a program to identify all the elements that may behave abnormally, to rectify any problems and to test sys- tems. In total the planned spend of the industry to achieve its objective will be in excess of £500m. Due to the volume of interconnection between networks, a high degree of cooper- ation is required from all telecoms operators to ensure end-to- end functionality.

On the day of the NIF conference, eleven months before the Year 2000, the state of readiness of the direct access oper- ators, including the four mobile operators, using the colour coding designated by Action 2000, is amber. In Action 2000's words "some risk of material disruption to infrastructure processes exists, but there is an agreed plan to rectify, short- comings". However, work already in hand means that there will be a significant improvement over the coming months. OFTEL believes that by the end of June the mobile networks will be colour coded "blue" that is "the assessment has not identified any risks of material disruption to the infrastruc- ture process". OFTEL also expect a 100% "blue" status by the end of September.

With regards the congestion of the telecoms networks during the New Year period, cont ingency plans are in place to deal with the expected high volume.The phoning of fam- ily and friends, the withdrawing of money from cash machines and the buying drinks on credit cards all require

Computer Law & Security Report Vol. 15 no. 4 1999 ISSN 0267 3649/99/$20.00 © 1999 Elsevier Science Ltd. All rights reserved

257

Y e a r 2 0 0 0 r e a d i n e s s

use of te lecoms systems during the night time hours. No- one knows for sure just how high the peak will be around midnight on 31 December 1999 but all operators are mak- ing extensive preparations as part of theirY2K planning.

International services - these are not, obviously, under the direct control of UK telecoms companies nor OFTEL.Work is underway, however, to try and tackle any potential problems and the International Telecommunication Union has estab- lished a Millennium Task Force. OFTEL do, however, advise any users to talk to their telecommunications suppliers about the Millennium status of the services they use, particularly if the business depends on international connections or cus- tomer equipment.

Overall, OFTEL seem to be particularly upbeat about the state of Millennium readiness of UK telecom networks.

OFWAT

The Office of Water Services is the economic regulator of the water and sewage industry in England and Wales. The water industries in England and Wales has an annual turnover of £6.3bn and consists of seventeen water only companies and ten water and sewage companies.The total population served is 52 million. OFWAT has focused on two key issues. Firstly, the needs of the customers. Secondly, that the water compa- nies are encouraged to get on with their Millennium Bug pro- jects, wi thou t the burden of numerous and repeti t ive progress chasing questionnaires. OFWAT emphasizes that above all services to customers must be protected.

There is an inter-relationship be tween the supply of water and sewerage services and other utilities. Water supplies are heavily dependent upon the continuity of supplying of elec- tricity and telecom. The water companies are therefore also seeking reassurance from their suppliers that supplies from the other utilities will not be materially affected. The utility regulators are now working together gathering information and monitoring progress across their industries.This has been facilitated byAction 2000.

OFWAT has joined forces wi th the Depar tment of Environment Transport and the Regions (DETR), the Environment Agency (EA) and the Drinking Water Inspectorate (DWI).

The independent engineering consultants Montgomery Watson were appointed to report on a comprehensive survey of the water companies, and site visits to ten companies to assess what was happening on the ground. The survey and the site visits focused on the assessment, testing, rectification and project timetable of those systems that are necessary to deliver the service to customers. OFWAT had identified earli- er in the year that the companies ' water and sewage pumping treatment systems are the main ones that may require rectifi- cation if services are to continue normally.

The independent report found that the water industry is well aware of the Millennium Bug problem and companies are taking active measures to tackle the problem. The com- panies are making good progress on their formal projects to avoid material disruption and most companies are sharing informat ion and work ing toge the r on the problem. Although, the report did identify some companies that appear to be working in isolation. We have recommended, however, that these companies do work together as this will

enhance success.The companies have started developing or revising cont ingency plans to cope with any problems including those associated with the Millennium Bug. In April 1999 each company 's plans will be independent ly certified- DETR being notified of the outcome.

One area of concern showed differences across the indus- try and the way that embedded systems and telemetry were being assessed and tested. Some companies were testing all potentially at risk equipment whilst a few were relying on suppliers writ ten assurances. It is hoped that the industry will share information about the system assessment and testing. Some of the responses from the companies indicated that their project end dates for system checks and rectification was after July 1999.This gave little time for financial rectifica- tion if problems were identified. OFWAT has contacted those companies to seek reassurances about bringing forward their project timetables. OFWAT's priority aim for all companies is that by the end of July 1999 all the necessary system rectifi- cation has been implemented and tested. Its objective is to monitor the progress of each company and take any neces- sary action. In the first quarter of 1999 a firm of consultancy engineers undertook site visits to all companies in England and Wales to assess progress on system rectification and pro- ject progress and to undertake a survey of progress and com- pletion of systems rectification and contingency plan testing. These were reported by early June 1999 and a final survey of readiness is to be reported inAugust 1999.

At the end of October 1998 it was OFWAT's opinion, based on independent verification, that all the companies in England and Wales were assessed as "amber", that means there is some risk of material disruption to the industry sup- ply but that there is an agreed containment plan to rectify, shortcomings. OFWAT has since received further feedback that good progress is being made towards achieving, by July 1999, a "blue" rating - - that is, no risk of material disruption.

OFWAT has stated that:"1999 is the peak of a significant investment in the finance, expertise and resources by the water companies to ensure that services to all customers are maintained and that business as usual will be delivered."

OFGAS AND OFFER

OFGAS and OFFER the gas and electr ic i ty regulators announced at the forum that the gas and electricity industries were making good progress in their preparations for the Millennium date change.

Peter Carter, the Deputy Director General of electricity supply, indicated at the conference that both industries are well on the way to ensuring that it is business as usual over the Millennium change. He said that: "In gas there are two companies critical to the continuation of the f low of gas to all customers over the Millennium period - - Transco and Siemens Metering Limited. The Office of Gas Supply has received initial results from the consulting engineers on the independent assessment that commissions. This shows that both companies are well advanced in complet ion of the Millennium compliance projects."

He also explained that the independen t assessment of the electr ici ty industry is initially targeting the twenty or so major players in the sector - that is the major generators, transmission and distribution companies . About half these

258 Computer Law & Security Report Vol. 15 no. 4 1999 ISSN 0267 3649/99/$20.00 © 1999 Elsevier Science Ltd. All rights reserved

Y e a r 2 0 0 0 r e a d i n e s s

assessments are comple te and the findings are that these companies are well on their way to solving any problems that may exist. Some tests to demonstra te full compliance, however , remain outstanding. It is indicated that these tests will be comple ted in the second quarter of 1999.

OFFER's independent assessments are conducted by P B Mertz and McLellan, a group of energy consultants. OFGAS appointed W S Atkins, consulting engineers, to conduct the independent assessment.

FINANCIAL SERVICES AUTHORITY

The financial services sector has made good progress so far in tackling the Year 200 computer problem.

Michael Foot, Managing Director of financial Supervision at the Financial services Authority (FSA) told the conference that one of the FSA's prime responsibilities was to protect depositors, investors and policy holders and to oversee the integrity of the UK financial markets. He explained that the FSA would not hesitate to use its regulatory powers where necessary to support these aims in relation to Year 2000. Exchanges and clearing houses are generally on track with their programmes and the FSA is particularly focusing on those individual firms where there is a potential high impact on consumers and markets. The large majority of these are graded "blue" for Year 2000 compliance and many of the rest are graded "amber" and well placed to catch up in t ime.The few firms in danger of not being compliant, i.e. graded "red" are being intensely supervised.

Michael Lewis, Deputy Chief Executive of APACS (the pay- ment system) explained to the conference that he was very confident of normal operations in APACS's clearings will be maintained. BACS, which clears salaries, wages, direct debits, standing orders etc, the cheque clearing system, CHAPS ster- ling and CHAPS Euro are Year 2000 ready and tested. He also believed that cash dispensing systems will operate normally with a sufficient supply of cash throughout the UK.

Gerard Long, Senior Manager, Year 2000 Problem, Midland

Bank, pointed out that the Midland had completed most of its work on its own systems. He said that 97% of the Midland's critical systems, over 95% of its PC hardware and standard software, most of its telecommunications systems and its premises and office equipment is Year 2000 ready. The out- standing systems work is planned to be completed by 30 June 1999. Further testing will continue to mitigate any external risks to the Midland organizations.

Colvin Rae, Head of Business Operations, London Stock Exchange, said that he believed the Exchange's Year 2000 Readiness programme was on schedule. He explained that the systems were being upgraded where required and thor- oughly tested and that the Exchange was also running ser- vices to test the linking of its customer's systems to the Exchange's own central trading and information systems. These tests are based around the key Millennium dates and replicate trading as if it were taking place.

Alastair Clark, Executive Director, financial stability at the Bank of England explained to the conference that the main infrastructure providers had been "on the case" for two or three years, sometimes longer. He outlined that preparations in this area are well on schedule and that extensive testing has already been undertaken but he highlighted that there remains more to do on testing, on risk mitigation and contin- gency planning and on the international front.

The FSA's responsibilities include maintaining confidence in the UK financial system and the protect ion of customers. The Bank of England is responsible for the overall stability of the financial system as a whole.The primary responsibility for achievingYear 2000 compliance and adequate business conti- nuity rests with the financial institutions themselves.

The FSA has since writ ten to organizations graded red indicating that fairly tough steps will be taken by the FSA if those companies are not compliant in time or have not made acceptable contingency plans.

Michael Sutton Trainee Solicitor, Lovell White Durrant

Book Review

Law and Medicine

Medicine and the Internet - Introducing Online Resources and Terminology, 2rid Edition, by Bruce C. McKenzie, 1997, soft-cover, Oxford University Press, 353 pp., £16.95

The purpose of this book is to serve as both guide and reference to assist the reader in obtaining access to medical data on the Internet.Through an introduction to a range of online health information - databases, discussion group mailing lists and support lorums - the author hopes that health professionals will learn how individuals and health care organizations can access databases and other forms of electronic information quickly and at little cost.The book is divided into six sec- tions: the first section is about getting started - choosing a computer system and modem etc., while Part 2 discusses 'Going Online' and how this may be achieved. Part 3 introduces the Internet and examines some of the data sources in medicine, while Part 4 takes this a stage further, considering the different mechanisms for accessing such material. Part 5 examines the Medline database, and Part 6 looks at how to become an information provider.The book is supported throughout by technical notes and a variety of tips and traps for the new Internet user.A wide variety of Web sites are quoted.

Available from: Oxford University Press, Saxon Way West, Corby, NN18 9ES; Tel: +44 1536 741519 or Fax: +44 1536 746337.

Computer Law & Security Report Vol. 15 no. 4 1999 ISSN 0267 3649/99/$20.00 © 1999 Elsevier Science Ltd. All rights reserved

259