The Lessons of Y2K
John Koskinen examines the impact of IT's biggest challenge.
John Koskinen was the leader of the president's Y2K efforts from February 1998 to March 2000. Dubbed "Y2K Czar," he coordinated federal date change preparations, as well as readiness efforts by local, state and foreign governments and the private sector. After solving what he called the world's biggest management challenge in 50 years, Koskinen turned his attention to local government in the District of Columbia, becoming deputy mayor and city administrator for Washington, D.C.
Q: While you were the federal government's Y2K Czar, you developed a reputation for forging high-level cooperation across multiple jurisdictions. What lessons can be learned from your experience that would help governments continue to move forward in deploying new technology?
One lesson from Y2K is that people are willing and sometimes even anxious to cooperate with the government when it is made clear that it is a real partnership. We made it clear right from the start that we didn't have the time, even if we had the inclination, to try to tell people what to do. So we tried to structure our role as a facilitator to help enable people working together. And once, particularly in the private sector, companies got comfortable with the fact that we were really trying to be participants rather than telling them what to do, we got tremendous cooperation. The same thing happened internationally. We were very careful not to make this a U.S. initiative and worked to create cooperative working relationships at the country level. Obviously, what motivated everyone in this situation, which was different than most problems we [dealt] with, is that Y2K was a problem with the potential for affecting everyone. And it had a clear deadline. For some of the longer-term problems we are dealing with, it is easier for people to procrastinate.
Q: Nevertheless, have you noticed that there is a different level of cooperation now as a result of the Y2K experience?
It's varied. A lot of lines of communication were opened and some of them have continued to operate. I know in some areas of the world, countries that came together to work on Y2K are now continuing to work on other information technology challenges. In South America, Africa and Eastern Europe there are groups of countries that are continuing to work together. We also have about 120 countries that have continued at least to provide focal points, as we call them, for information technology issues. So, there is a network up now of about 120 countries that are online with each other. And these region groupings in different parts of the world, then, are obviously part of that overall umbrella.
Q: The natural inclination to protect one's own turf has traditionally been a barrier to cooperation between different areas or jurisdictions within government. Did Y2K preparations start to erode that tendency?
Well, when you look at issues like information security, people are becoming more and more connected, and there certainly is recognition that nobody is an island anymore. Anyone's failure is your failure. When systems go down or data is corrupted or viruses spread, they are going to affect you. You can't isolate yourself. You can't become separate from the system. One thing Y2K did for people was cause them to focus on how interconnected and reliant they are on others. People are beginning to understand that, while it may be important to protect your own environment, your turf is everybody's turf in some ways.
Q: Would the same thing apply regarding cooperation between government agencies?
When I was deputy director for management at the Office of Management and Budget [from 1994 to 1997], I helped create the legislation that created chief information officers in all the agencies and structured the CIO Council as a vehicle to allow agencies to work together and share information. I think there has been much more of that in the past two or three years than there was historically. And the field of
IT is moving so quickly that the agencies are aware of the fact that there is great risk in not sharing information and not taking advantage of what everyone else is learning. You don't have time to reinvent the wheel yourself.
Q: Is the key to forging better cooperation simply having the open communication lines? If you can get the communication lines functioning, the cooperation follows?
That's right. What we did in all of these working partnerships was get people who are working on the problem communicating with each other. Electronic communication networks allowed people to work horizontally rather than go up the chain of command and over and down again. Horizontal working groups, which I'm a firm believer in, are sort of subversive to turf protection. The ability to create virtual organizations on a horizontal basis is going to increase the level of cooperation and shared information as we go forward. But we ultimately got people to deal with Y2K when whoever was running the organization made it a priority. So whether you are talking about information security, or e-government or whatever else is going to be critical, you won't get a very meaningful partnership if some of the organizations attach a high priority to the issue and others don't. On the other hand, usually the people running systems and operating them understand the nature of the problem. In terms of Y2K, the greatest accomplishment was not in building the partnerships -- although that was critical -- but getting everyone to agree that this was an important matter and a high priority.
Q: So even with horizontal communication, does it still boil down to a question of setting the right priorities?
Yes. We always have a lot of people sounding alarms -- AIDS, running out of energy, global warming or whatever. So, there is always a risk of people thinking, "Someone's always saying the sky is falling." In the case of AIDS, the sky is falling. Those people 15 years ago were right and the people who ignored them were wrong. Perhaps one thing about Y2K was that we did it too well. It went too efficiently. While there were a couple of hundred failures around the world, none were huge. So when a new, urgent crisis arises, there is a risk that people might say, "They said that last time about Y2K, but that really never was a problem." They could miss the middle step, which was a lot of people [spending] a lot of time and money working cooperatively and, most importantly, sharing technical information.
Q: When it comes to IT priorities, is there another crisis looming that is, in some ways, comparable to Y2K?
In my view, information security is clearly a great risk for the world.
I think we are going to become increasingly reliant upon information technology and increasingly interdependent over the next five to 10 years. Therefore, the risks of either purposeful or inadvertent failures, and the impact of them, are going to become greater. But at this juncture, it is one of those problems that people kind of understand, but nothing has really happened yet. To get everyone to the same level of interest and establish the priorities so they will set up the needed cooperative networks, we are probably going to have to have a really major failure where everyone will say, "Gee, we can't let that happen again." Denial of service attacks pass, and people say that these really didn't affect them.
Q: Might it take a real "information warfare" attack?
A: Yes. If a terrorist group manages to shut down half the U.S. power grid, then everybody might say, "We've got to do something about this." That will energize everyone. But in the meantime, a lot of these things will happen one of these days. People working in these areas need to put groundwork and framework in place as much as they can, so when the decision is made that we are all going to work on this or that problem, there is a structure in place that allows you to do that.
By Blake Harris, Contributing Editor