IG: DOD agency's report of 2000 readiness incomplete

Only 25 percent of the Defense Special Weapons Agency’s mission-critical systems
were tested, the IG said in a new report, Management of the Defense Special Weapons Agency
Year 2000 Program.


IG auditors found that the weapons agency did not complete independent testing of three
mission-critical systems before classifying them as ready.


The agency only tested one mission-critical system, the Nuclear Management Information
System, and two of 10 non-mission-critical systems.


But the IG said the agency classified all 13 as 2000-ready.


The weapons agency has since tested two additional mission-critical systems—the
Nuclear Weapons Contingency Operations Module and Nuclear Inventory Management Accounting
Control System—but still needs to test a third system, the report said.


The Defense Special Weapons Agency, which merged with other DOD agencies in October to
form the new Defense Threat Reduction Agency, has managed and tested the department’s
nuclear weapons stockpile for more than 50 years. The agency also verifies U.S. arms
control treaties and agreements.


“DSWA has not documented a process for testing its mission-critical systems and
non-mission-critical systems,” the IG report said. “Documenting a testing
process would provide guidance for personnel required to test systems and would ensure
that personnel test all pertinent aspects of Y2K issues for each system.”


The IG recommended that the agency report systems as ready only after completing
testing, as required by the DOD Year 2000 Management Plan.


George Ullrich, the agency’s acting director, agreed with the IG’s findings
and said the agency will review all systems currently reported as year 2000-ready and
change their status if necessary. Ullrich, however, said his agency had been in compliance
with an early version of DOD’s Year 2000 Management Plan, which did not require
independent testing to verify system readiness.


“Certification was initially done in accordance with guidance in DOD Y2K Plan
Version 1, which did not require testing,” Ullrich said in a letter to the IG.
“Systems could be self-certified with the aid of a checklist.”


The weapons agency is not the only Defense agency reporting its systems as year 2000
ready without proper certification. The IG in a June report, Year 2000 Certification of
Mission-Critical DOD Information Technology Systems, found that only 25 percent of
DOD’s 430 mission-critical systems had been tested before being certified as ready [GCN, June 15, 1998, Page 1].


“Senior DOD management cannot afford to make Y2K program decisions based on highly
inaccurate information,” the IG said.


A recent report from the British American Security Information Council, The Bug in the
Bomb: The Impact of the Year 2000 Problem on Nuclear Weapons, also found DOD’s
nuclear weapons systems and nuclear command and control systems at risk of date code
failures [GCN, Nov. 23, 1998, Page 6].

inside gcn

  • cyber hygiene (Lucky Business/Shutterstock.com)

    Cleaning up cyber hygiene

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group