"Y2K - Private Sector Intelligence & Media Hype"

[William Knowles <wk () C4I ORG>]

http://www.comlinks.com/mag/psimh.htm


"Y2K - Private Sector Intelligence & Media Hype"

by Alan Simpson
President, Communication Links, Inc.


Today, knowledge management, and business intelligence show companies
what color tube of toothpaste, a 35 year old white male, with a BA,
driving a Honda Accord, prefers to buy in Aisle 7 of a supermarket in
Pittsburgh. You would expect therefore the same companies to have no
problem with the simple question, we asked back in 1996 and 1997,
"Will your Computers work on 1st January 2000?"

We knew that Y2K was a serious problem unless solved in time, and when
we had the first panel here at CSIS in June of 1998, we were amazed
that many companies still couldnt answer that question. Most
companies, and government departments, didnt know how much critical
software they had, what it did, or why it was there. They had never
given any thought either to would happen if the power failed, or to
the vulnerability of their supply chain.

Those same corporations knew to the cent, the size and value of their
physical inventories, yet through evolution, the enormous value of
software, and essential IT systems just hadnt been counted. The effect
on the enterprise of a wholesale failure of those same IT functions
was lost on management. The attitude being that IT will always be
there, moaning, complaining and delivering its projects late, and
above budget! Keep in mind the success rate of IT projects is around
14%.

The first casualty of Y2K wasnt technical, it was the communication
links between the enterprise, its suppliers, and their customers.
Lawyers demanded "No Comment" be the response to any questions. That
famine of information quickly turned to a feeding frenzy.

During 1999 every major corporation was slowly sinking under the sheer
weight of compliance demands. Intelligence, even common sense was
replaced by Lawyers.

Faced with that legal assault most corporations took their Counsels
advice and said nothing! At the same time, on the same Counsels
advice, they circulated volumes of demands for compliance information,
they themselves were unwilling to give. The traditional PR and company
spokesperson functions were deadly silent. Their well oiled machine
for propagating information was reserved for good news, and news which
had a measurable positive impact on the bottom line.

Both Governments and major corporations played the information game as
they had for hundreds of years. "When we are ready we will let you
know!"

Unfortunately the Internet had put an end to that era, and that means
of managing information. The Internet has created an insatiable
appetite for instant answers. If we do not instantly satisfy this
thirst for answers, the surfing public tend to invent conspiracy
theories as to why the information they seek is not there. They create
a virtual void in cyberspace, which they perceive to contain the
answer. Then they search the Information resources of the web to find
a piece of information, or discussion thread that will fill that void.
With Y2K we saw the first effects of the InfoVoid

"Information will be found on the Internet to fill the InfoVoid,
regardless of source, or accuracy, if it conveniently, and plausibly
fits the InfoVoid"

The case of Critical Infrastructure is a prime example. During 1998
industry criticized governments for not providing hard facts about the
power grids, or telecoms. The information was out there if you knew
where to look. Yet lack of immediately available public information
was taken to mean disaster was looming, with martial law, and months
without power a distinct probability. The authorities were silent.

Driving this doomsday scenario from 1998, was the hoopla surrounding
embedded chips, or more correctly embedded systems, slated as the
reason power, water and the phone system would collapse.

Talking to power engineers around the country, it became like a scene
from a Monty Python sketch, with them asking "Pssst know where theres
any embedded chips?" They could not find the billions of hidden
embedded systems, with rogue date functions, because they did not
exist! But yet the academics, and doomsayers had a field day in
declaring the enormous scope of the problem. There was no intelligence
available to give the correct figures. The figures were known to
Pacific Rim semiconductor manufacturers, but they were keeping quiet,
and watching the US squirm.

Instead of the hearings on embedded systems being conducted in the
Senate, they should have been done on eBay! 20,billion, 40 billion, 60
billion, 80 billion, any advance on 80 billion!

This hysteria was driven by a whole army of Y2K Experts . Any Chicken
Little who wanted to predict Apocalypse 2000 would get airtime. TV
News loved them. I got this first hand. Producers called to ask if I
would be prepared to come on TV or Radio shows and talk about the
forthcoming collapse of the critical infrastructure, with months
without water, power or telephone. When told that this would not
happen, and 1/1/2000 would be a smooth transition, the conversation
invariably ended with either a curt thank you, or a request for the
names of anyone who would appear and satisfy the thirst for
sensational information and entertainment. Talk radio has a lot to
answer for, with Y2K.

The government, and power companies did not act quickly enough to fill
the InfoVoid, and satisfy the nervous public. It was the Rabid
Religious Right that seized upon this shortfall and created a whole
industry of Y2K misinformation. The majority of misinformation can be
directly traced back to a handful of websites, newsletters, and their
academic supporters.

Incidentally the misinformation peaks coincided with the falling sales
of newsletters, Y2K books, Y2K seminars, survival rations, and Gold.
This panic was manufactured, not coincidental, and as I pointed out in
papers on the GSA website, the "First World InfoWar".

We have learned a lot from this carefully crafted, and effective
misinformation. We have been amazed at the reactions of the public,
and the number of sane people who were driven to fear the worst. It is
also amazing how many legitimate organizations took this hearsay and
created reports, and predictions based on the hype and hoaxes.

Probably the first hoax we tracked was the Cadillac recall notice.
This ricocheted around the Y2K mailing lists, chat rooms and Y2K
sites, as proof that a serious embedded systems threat existed.

After several weeks the original surfaced, and was circulated as proof
and evidence of a major disaster looming. It was immediately
recognized as a hoax. A badly scanned logo from a brochure, no
address, telephone number, or name of any officer. Close examination
would have stopped this hoax earlier for it declared the recall, for
computer failure, of all Cadillacs from 1972 till 1998. 1972??????

Learning from this crude hoax, the next one dispensed with
incriminating pieces of paper. This was the Nuclear Power Plant
Catastrophe. Several of these surfaced, all from a "reliable source"
who dare not give his name, "because his job would be in jeopardy."
This spoke of embedded systems buried deep in the nuclear pile which
contained dates, whose existence the regulators were covering up. A
Chernobyl meltdown would occur when the chips failed, causing the
Boron rods to drop, and a subsequent reactor meltdown.

Problem, dropping Boron Rods slow down and eventually halts a nuclear
reaction, and as any electronics engineer would have pointed out,
nuclear reactor piles fry off-the-shelf embedded chips. They have to
be kept well away from radiation.

Again learning from having too many facts in a media scare, the
misinformation crowd created the Chemical Armageddon. Here the same
"reliable sources" with no name, whose "job again would be in
jeopardy" leaked to a friend, who told an acquaintance, who was
overheard in a bar, mention that major refineries, and chemical works,
were set to explode at midnight on December 31st, 1999, and cause
massive chemical spills, and environmental disaster. They claimed that
the government was paralyzed at the thought of panic, and FEMA was
preparing plans to have millions of cardboard coffins ready for the
holocaust. No reassuring from the major chemical companies could quell
the enthusiasm of the "Headless Chickens" to spread the bad news.
People still believed it.

By mid-summer 1999, the majority of the public were getting a little
tired of Y2K, and so even more outlandish plots had to be created to
sell doomsayer books, seminars, survival rations, and other
"investments". The newsgroups and mailing lists had been completely
taken over by survivalists, doomsayers and religious zealots convinced
that TEOTWAWKI, The End of The World As We Know It would occur on the
strike of midnight.

The misinformation campaign probably reached its zenith in July
/August 1999, when the secret "Pentagon Y2K Report", from the Navy was
unveiled. According to one version of the myth a Chief Petty Officer
supposedly handed the report to a "Y2K Expert", in a Car Park. He
immediately created a web site in Tonga, that secure bastion of
sensitive information.

Tonga was chosen because the combined efforts of the CIA, NSA, and FBI
were scouring the USA with Black Helicopters searching for this report
and the report recipient feared for his life. ( Incidentally I believe
the server for the Tonga .to websites is in Florida, which makes the
rationale somewhat suspect.) This made the last hooray of Y2K
Doomsayers suitable for a James Bond movie, should the situation
arise.

This Secret Report, which was claimed to be easily identified as to
source, could not be released, or even seen by mere mortals for many
weeks, less they would be captured and assassinated by government hit
squads.

Millions swallowed this, and believed this hoax, and of course ran out
to buy the books and survival kits!! It was spread by the wire
services, mailing lists, and doomsayer newsletters, and was picked up
by newspapers around the world. John Koskinen even made statements
about the hoax, saying it was "An outdated report, at least 8 weeks
old." The official handling of the rebuttal was weak to say the least.

A well known TV program called me and asked if I was worried about
Orlando, in light of the damming report from the Senior Naval
Commander, at the Navy Base.

The fact that the Navy Base had been closed for several years had been
missed. The report also quotes the population of Orlando as 165,000,
which is about half the number in Magic Kingdom, EPCOT and Pleasure
Island on New Years Eve. My suggestion was that they check the list
with their local affiliates, which later confirmed that many of the
bases in the report had been closed, some for a very long time.

Regardless of how we look back at these hoaxes, or misinformation,
they were believed by millions, and thousands purchased generators,
survival rations, and expected to spend 2000 without power or critical
infrastructure. They fitted the InfoVoid, of worried cyberparents, and
those least able to dig deeper for accurate information.

It wasnt just the public who were drawn into the hysteria. Presented
with all this "evidence" crafted to fit the scenario, and with the
suspicions of the public, and enough emotion and intrigue to make it
entertaining, the mass media eagerly embraced the misinformation, and
fulfilled their objectives, entertainment first, and news second. The
worst predictors of doom and destruction were surprisingly enough the
religious broadcasters, who appeared at times to be reveling at the
thought of Armageddon.

TV Networks, in their defense, did call the CEOs and CIOs of industry,
and government, and posed the same question I used to open this
presentation. "Will the computers Work?"

The answer was "We dont know?"

Facing a need to fill the InfoVoid they gave airtime to the self
styled "Y2K Experts" who predicted doomsday, except of course to those
who bought their books, attended their seminars, or purchased their
investments.

But that was not the only goal of many of the doomsayers. Behind this
Chicken Little mantle there was a serious message.

Many openly preached the end of fractional banking, the collapse of
the economy, and of Wall Street. Many openly advocated armed
resistance, and thousands of handguns and rounds of ammunition were
purchased specifically for Y2K. Not everyone prophesying the doomsayer
side of Y2K were doing it for the sake of book sales!

In the end Y2K was fortunate, it ended on a bang, on a known date,
with no more opportunities to create chaos, and with a spectacular
firework display. The finite point that had been the dread of Y2K
turned out to be its blessing. On January 2nd it was all over in the
eyes of the public. They enjoyed the fireworks, enjoyed the
entertainment, and were bracing themselves for the winter storms. The
IT departments said "We have found and fixed most programs, and those
bits we missed, we will fix when they become a problem." There was no
way anyone could extend the misinformation campaign.

Throughout industry many CEOs are beginning to question the amount
spent on Y2K. Many believe it was all a hoax, and many believe there
should be inquiries into the doomsayer predictions. Already lawsuits
are being filed against Consultants, claiming misleading hype. They
forget the huge reengineering leap that Y2K has achieved, and the
level of cooperation created between industry, local and central
governments. Y2K was a serious problem, and through hard work has been
fixed, for now. We still have to tell the majority of computers that
it really isnt 1972, but that is a long way off.

What have we learned from Y2K:

1. Private Sector Intelligence is more than analyzing toothpaste sales
on Aisle 7. A corporation must constantly examine the relationship it
has with suppliers, and the support infrastructure, essential for
business continuity. It must be aware of any threat, external and
internal, to its ability to operate.

2. Corporations must have well developed contingency plans, and these
contingency plans must cater to multiple failures at the same time.
Just planning to use the same backup service as everyone else, is not
a good practice.

3. Utilities, financial institutions, and major corporations need to
critically examine their external information systems, and the
procedures they adopt to give out bad news, as well as glowing
promotional publicity releases. Customers are critical and should be
kept in the information loop.

4. Trade Associations must be able to accurately asses the numbers,
impact and scope of any computer threats or events on their industry.
No more guessing at numbers.

5. Governments need to overhaul how they manage information, as well
as improving economic and infrastructure intelligence. The Information
Age is Real Time as regards information, and the old techniques of
in-depth analysis of potential problems, highly classified, and
compartmentalized, no longer work. Unless an immediate, informed
response is available, the public will search to fill the InfoVoid,
from the most plausible source, that is readily available. In times of
serious crisis that could lead to significant damage to the
government. Manipulated it could undermine a stable Information Age
government. It is easier to do billions of dollars economic damage to
a country, than it is to do millions of dollars of military damage.

And what about the threat from Hackers. The Hackers, unlike the FBI,
had read Sun Tzu, The Art of War, and declined to attack the enemy
camp, when he knew the exact time, and place of their attack, had all
defenders on alert, all traffic reduced to a minimum, and anti-virus
safeguards in place. Unfortunately this as resulted in a false sense
of security and invincibility, in many System Administrators offices.
There are still many unanswered questions concerning offshore
remediation, and armies of unknown consultants combing through
critical code.

Finally, beware of the InfoVoid! Governments and Corporations need to
quickly provide the answers the public seeks and deny external
organizations the opportunity. If allowed to multiply it is the first
Weapon of Mass Destruction of the information Age!


==

ISN is sponsored by Security-Focus.COM