March 19, 1999 Web posted at: 8:18 a.m. EST (1318 GMT) by Jessica Davis

From...

WASHINGTON (IDG) -- Security and privacy will emerge as the biggest post-year-2000 issues for IT professionals, with "CIOs moving rapidly into the role of generals in guerrilla warfare," said John Gilligan, CIO of the U.S. Department of Energy and co-chair of the Security Committee on the CIO Council.

Gilligan provided that scenario as part of a series of briefings offered by various committees of the CIO Council -- an organization made up of chief information officers of major federal agencies -- at the FOSE show here.

Committees on outreach, interoperability, security, year-2000 efforts, education and training, and capital planning each provided a status report on their efforts, including the work they've done to date and their plans for the future.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
InfoWorld home page
InfoWorld forums home page
InfoWorld Internet commerce section
Get Media Grok and The Industry Standard Intelligencer delivered for free
Reviews & in-depth info at IDG.net
IDG.net's personal news page
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for IT leaders
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

The security committee's major thrusts include awareness and training, improvement of knowledge and use of available security tools, improvement of security administrator skills, and implementation of Presidential Directive 63, a cyber counterterrorism measure.

"PD 63 will replace Y2K as the big issue," said Fernando Burbano, CIO of the U.S. Department of State.

Efforts of the Year 2000 committee, however, are far from completed. By the end of this month, 90 percent of federal agencies' mission-critical systems will be year-2000 compliant, according to an OMB report due for release this week.

But that is just the beginning of what must be accomplished in the home stretch of year-2000 preparations.

John Koskinen, chair of the President's Council on the Year 2000 Conversion, is sending a letter to federal agency chiefs this week that identifies key government services the public depends upon.

"What needs to happen now is we need to ensure that service," said Kathy Adams, assistant deputy commissioner for systems at the Social Security Administration, and co-chair of the CIO Council's Year 2000 committee.

To accomplish that, Koskinen will ask agency heads to identify all the partners in delivering those services and then get together with those partners to conduct testing and to create contingency and business continuity plans.

The focus will shift from mission-critical systems to services and the processes that enable those services, Adams said. For example, the Social Security Administration has conducted joint testing with the Federal Reserve and with the Department of Treasury to ensure that social security checks arrive on time. The administration also plans to provide a testing packet to banks to ensure that they also comply and won't become the single point of failure for the service to some customers.

One area for concern early on came from telecommunications providers, who began their year-2000 work late, said Shirley Malia, deputy chief information officer for the Department of Labor and co-chair of the Year 2000 committee. However, these companies have caught up and now claim that they will be 97 percent compliant in June. In addition, telecommunications companies are planning two testing dates with the federal government, the first scheduled for April 9 and the second later in the year.

Other systems that continue to be vulnerable to year-2000 issues include biomedical equipment such as defibrillators and monitors. Biomedical engineers and manufacturers of the devices have contributed information about the compliance of various devices to the Food and Drug Administration's Web site (see Related Sites link below). The interoperability committee's first task upon its formation was to figure out a universal way to exchange e-mail attachments so that all recipients could read them. In its mixed environment where some users are on Corel WordPerfect and others are using Microsoft Word, the group settled on saving documents as text or as PDFs as the default if attaching them to e-mail.

Another major issue also stems from e-mail -- finding out someone's e-mail address. The committee has a group working on a single X.500 directory for all government workers. The idea of a standard e-mail address format for government workers was rejected because it could make the government vulnerable to spam attacks, according to Neil Stillman, a co-chair of the committee who works with the Department of Health and Human Services. In addition, those who work in sensitive positions, such as FBI agents, may not want their e-mail addresses published to the world.

Jessica Davis is an InfoWorld editor at large based in San Mateo, Calif.