Pentagon Bungled Y2K Planning, According to Newly Declassified Docs

We now know the year 2000 came and went without missile protection systems or other mission critical government computer systems pausing to question the date. 

But if something had gone wrong as the world entered the new millennium, the Pentagon may not have been prepared for the consequences. 

Key military centers did not check their mission-critical systems for Y2K bugs in time to ensure computer programs would function Jan. 1, 2000, according to a 1998 Defense Department audit -- finally made public on Dec. 11 of this year. 

"2000 is indistinguishable from 1900. As a result of the ambiguity, computers and associated system and application programs that use dates to calculate, compare, or sort could generate incorrect results when working with years following 1999," Robert Lieberman, then the Defense assistant inspector general for auditing, said in the report.

"The Joint Centers need to fully determine the Y2K compliance status for all mission-critical systems to ensure that the warfighting mission will not be adversely affected," he added.

Military IT infrastructure face different unknowns today. What are the consequences of Humvees and refrigerators grabbing data from compromised networks? The government's reliance on Reagan-era computer systems? And hackers who burrow into the power grid?

With daily reports of actual data breaches, it is interesting to look back at the $8 billion worth of planning governmentwide that went into Y2K planning, which turned out to be largely a dud.

At the Pentagon, the deadline for checking and fixing all Y2K issues was exactly one year before the big date. As of August 1998, the majority of vital machines at the military’s Joint Centers had not even been assessed for issues, inspectors found.

The centers neglected to vet 56 of 100 mission-critical systems. And most of the assessments were undocumented.

"Mission-critical systems may unexpectedly fail because they were identified as compliant without being validated," Lieberman said.

At the Joint Command and Control Warfare Center, now called the Joint Information Operations Center, 21 out of 36 mission-critical systems had not been tested.

Lieberman advised the Joint Centers to assess all mission-critical systems for Y2K compliance status and coordinate Y2K efforts with the Joint Staff, among a host of other steps. 

The Government Accountability Office, then known as the "General Accounting Office," went as far as labeling the Y2K problem a "high-risk" area, along with IT issues such as National Weather Service modernization and information security. 

In the end, the dawning of the new millennium merely caused a few operational hiccups.

"For about two hours Friday night, several U.S. spy satellites were blinded by a Y2K computer failure on the ground," CNN correspondent Jamie McIntyre reported on Jan. 1, 2000.

Eventually, a backup system was activated.

"The rest of the U.S. military's 2,100 critical computer systems worked just fine," McIntyre said.

That day, it only was unclear whether office systems would function on Monday.

"There may be some problems there that we don't know about now," John Hamre, then deputy defense secretary, told McIntyre in 2000. "I don't expect any, but there may be."

Flash forward nearly 16 years to the military's continued struggle to adapt to the growing cybersecurity challenge and Y2K looks easy in comparison. 

"This is hard work that's going to take years to get where we need to be and just like we're seeing in the counterterrorism threat area with ISIL and others, this is not a problem set we're solving in years," Michael Rogers, current head of Cyber Command, told New York Times correspondent David Sanger in July.