Professional Documents
Culture Documents
Planning For The Worst, Bringing
Planning For The Worst, Bringing
the Best?
Lessons from Y2K
Kevin Quigley
Dalhousie University, Canada
abStract
Organization theorist Lee Clarke (2005) argues when policy makers plan for disasters, they too often think
in terms of past experiences and “probabilities.” Rather, policy makers, when planning to protect the
infrastructure, should open their minds to worst-case scenarios; catastrophes that are possible but highly
unlikely. Underpinned by a precautionary principle, such an approach to the infrastructure would be more
likely to produce “out of the box” thinking and in so doing, reduce the impact of disasters that occur more
frequently than people think. The purpose of this chapter is to consider the utility of Clarke’s worst-case
planning by examining Y2K preparations at two US government agencies, the Bureau of Labor Statistics
(BLS) and the Federal Aviation Administration (FAA). The data concerning Y2K come mostly from official
US government sources, interviews, and media analysis. The chapter concludes that the thoroughness of
worst-case planning can bring much needed light to the subtlety of critical complex and interdependent
systems. But such an approach can also be narrow in its own way, revealing some of the limitations of such
a precautionary approach. It potentially rejects reasonable efforts to moderate risk management responses
and ignores the opportunity costs of such exhaustive planning.
Copyright © 2008, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
Planning for the Worst, Bringing Out the Best? ers is how do governments protect these fragile and
interdependent critical infrastructures?
Organization theorist Lee Clarke (2005) argues that
when policy makers plan for disasters, they too often
introduction think in terms of past experiences and “probabilities,”
that which is calculable. Problems are often structured
Critical Infrastructure Protection (CIP)—activi-ties that by existing bureaucratic interests and routines rather
enhance the physical and cyber- security of key public than by the prob-lems themselves. To Clarke, the
and private assets—is the focus of urgent attention approach is too limiting since it is the unimagined and
among Western governments in light of recent power the events considered “low probability” that often
failures, computer viruses, natural disasters, epidemics wreak havoc on society. Policy makers, when
and terrorist attacks, both threatened and realised (GAO, planning to protect the infrastructure, should therefore
2005). Gov-ernment studies and popular analyses note open their minds to worst-case scenarios, catastrophes
the complex, interdependent, and fragile make-up of that are possible but highly unlikely. Clarke ar-gues
these infrastructures and the technologies that underpin such an approach, ideally underpinned by a
them; one small failure can have a massive and precautionary principle1, is more likely to “stretch
unpredictable cascading effect. Consider the 2003 North the imagination,” produce “out of the box” thinking,
American power outage: overgrown trees in Ohio and in so doing, reduce the likelihood of these all-too-
helped trigger a power failure that affected 50 million frequent catastrophes.
people and cost the US economy anywhere from $4 Clarke champions US reaction to Y2K (the Year
billion to $10 billion (US-Canada Power System Outage 2000 computer bug), the date-related com-puter bug
Task Force, 2004). One critical question for policy mak-
that threatened to bring systems down around the world
at the turn of the century, as an
0
Planning for the Worst, Bringing Out the Best?
Anticipating countless disasters—worst-case thinking twenty-first century entries (e.g., Would “01” be
—Clarke notes is a precautionary ap-proach to CIP. treated as “1901” or “2001”?). Such ambiguity, it
For Clarke, a precautionary ap-proach means more was feared, would result in systems failing or
than simply a slow and careful plan. He writes, “the producing inaccurate information. At the very
precautionary principle is a tool that can sometimes least, it made information unreliable.
be used to make some of those interests consider From the early nineteen nineties (when the first
worst-case possibilities. It can push policy makers to popular article about Y2K appeared) to the late
be explicit about the values they are pursuing, to nineteen nineties, the date-related computer
specify the uncertain-ties in their decision processes, glitch rose from relative obscurity to regular
and to imagine alternatives that they might otherwise headline news. Between 1997 and 2000, for
ignore” (Clarke, 2005, p. 180). instance, three major American newspapers ran
Specifically, the possibilism and counterfactu-als (“what collectively over 500 articles on Y2K. In 1997,
if” scenarios) of worst-case planning offer the promise and prior to any significant government
of four outcomes: creativity, empowerment, executive intervention in the economy, the tone
effectiveness, and equity. Clarke argues the process of the media coverage was overwhelmingly
empowers individuals to think “outside of the box.” It alarming (Quigley, 2005). 1997 estimates of
disrupts routine thought patterns, stretches the the worldwide cost of fixing Y2K-related
imagination, and poten-tially produces creative solutions problems ranged from $300bn to $1 trillion3.
that reveal the true interdependence of systems and in so The Congress and the General Accounting Of-fice
doing, allows us to make them more resilient. Moreover, (GAO; now the Government Accountability Office)
the large scope and concern over protecting all systems were particularly aggressive in seeking out
rather than those that serve an economic elite make it a information about Y2K. IT consultants and Y2K
more socially just approach (Clarke, 2005, pp. 143-144). specialists appeared before congressional com-
For Clarke, the Y2K operations embodied just such a mittees frequently to testify about the potential
strategy. We will consider the extent to which the FAA consequences of the bug. Between 1996 and 1999,
and BLS achieved the outcomes Clarke anticipates. congressional committees and subcommittees held
First, we will recall the case. over 100 hearings on the subject and the GAO
issued 160 Y2K reports and testimonials. Bruce
Hall of Gartner, a leading Y2K/IT consult-ing firm,
y2k recalled testified to a congressional committee: “we must
accept that risk exists in any technology that was
Y2K, or the “millennium bug,” referred to the fact that ever programmed by a human, examine such
in computer programmes created in the 1950s and technology for possible failures, and form
onwards, most year entries had been identi-fied in two- remediation strategies” (Hall, 1997; original em-
digit shorthand, 1965, for instance, was entered as “65.” phasis). Gartner advised “plan not to finish” and
Initially this shorthand was adopted to save on advocated “active prioritisation and technology
expensive computer memory. Through time, it simply triage.” Gartner predicted that 50% of organi-sations
became a commonly used practice. As the year 2000 would not finish their Y2K plans. Ann Couffou,
approached, however, anxiety grew that systems would Managing Director at Giga Year 2000 Relevance
be unable to distinguish between twentieth century Service, testified to Congress in 1997: “anything
entries and with an electronic component should be suspect.
The rule should be guilty until proven
innocent”(Coffou, 1997; original emphasis). She
noted the following systems were susceptible
Planning for the Worst, Bringing Out the Best?
The FAA started to open itself up. Agency staff held occasion, the strife between the external auditors
meetings with key players and industry rep-resentatives and the BLS staff was such that senior staff from the
as part of the US government’s Y2K working group on DOL had to come in to mediate the dispute. In
transportation. The intention of the meetings was not to another example, one director at the BLS recalled
dictate plans to industry, but rather to allow people to being pressured by the DOL into developing a work
share information about what their organisations were schedule that “showed progress.” That is, that each
doing. The FAA also started having more press quarterly report would show marked progress over
conferences and inviting its critics to visit the FAA and the previous quarter. The staff member at DOL
discuss its plans for compliance. suggested that such a report would satisfy
In sum, what started in both agencies as a large-ly internal Congress’s expectations. The director noted that he
operation transformed into something much more fluid, advanced the anticipated completion date in order to
both horizontally and vertically. Guidelines were generated meet the DOL’s (and OMB’s) request. When the
externally and were issued as top-down commands. The system was not ready in time, the BLS found itself
importance of supply chains meant that both agencies had criticised in the quarterly OMB report. Relations
to consult extensively with external parties to ensure their between the BLS and the DOL became strained, and
operations would be fully compliant. Moreover, the need to eventually the head of the Y2K project at the DOL
convince others, such as the lead department, OMB, GAO, was replaced.
and Congress, that the agencies were indeed compliant To a certain extent, the professionalism of the IT
meant that these normally independent agencies had to staff at the BLS was undermined not only by
open themselves up to allow external parties to test and external auditors and staff at oversight agencies, but
validate the agencies’ Y2K operations. Under considerable even executives within their own agency. The staff
pressure from external parties, the FAA concentrated its felt that their advice frequently fell on deaf ears.
Y2K authority into its Y2K team. The BLS, on the other One interim strategy IT staff proposed was that they
hand, followed the directives of the DOL, but maintained a would focus Y2K efforts exclusively on those
highly decentralised approach within the agency. systems that were required to produce reports in
January 2000. All other systems would be
Style considered non-critical. (Many BLS reports are
issued quarterly or semiannually.) This ap-proach
Style overlaps with the other two descriptions of would have allowed BLS staff to delay any Y2K
management. It can be conceived of in two ways: (1) work on non-critical systems until after January 1,
how far regulation is rule bound or discretionary; and 2000, and then only if the system failed. BLS IT
(2) the degree of zeal the ac-tors show in pursuit of staff felt this was a balanced approach: fix those
policy objectives. With style, culture and attitudes are systems that were required for January 2000
important (Hood et al, 2001, p. 32). outputs; and “wait and see” with the rest. In
There was a considerable amount of conflict between BLS September 1998, the DOL informed the BLS it
staff and staff from outside the agency. The BLS staff would be judged by the GAO guidelines, which
noted repeatedly that the systems were too complex for made no such distinction, and therefore it was back
outside auditors to understand and audit in a matter of to “audit, fix and test everything” by the deadline. In
weeks. On one another example, one of the interview subjects for
the International Price System noted that the system
had been upgraded in 1995 and made Y2K
compliant at that time. Despite making this point
known within his chain of command, he was still
directed to perform the Y2K audits. He estimates
Planning for the Worst, Bringing Out the Best?
that a good part of 1 full year for him and his tor, and the press to all the events. The FAA also
team was spent exclusively on Y2K, with little invited its most severe critics to its offices, Y2K
ever being found that was not compliant. management gurus such as Ed Yardeni and Peter
The intervention of Congress at the FAA marked a De Jager, to explain what the FAA was doing to
significant shift in style at the agency. mitigate the risk. (DeJager eventually agreed to
Administrator Garvey started having weekly fly on a plane during the changeover, as did
meetings specifically on Y2K with the Executive Administrator Garvey.) With respect to the avia-
Committee at the agency. Garvey told the Y2K tion industry, one interview subject noted that
office that they should report to her directly, and organizations had been working in silos. By the
insisted that they name individuals responsible if end of 1998, the FAA was sponsoring industry
progress slipped. One interview subject noted it got days and having leading players in the industry
some people angry and created some friction but the present their Y2K plans to others; it helped to
message was clear: people were going to be held to foster a cooperative spirit in the industry.
account. The entire approach to the problem In sum, neither agency at the operational level,
changed. One interview subject noted, “it was initially, took the problem as seriously as the
removed from the realm of the IT geeks and moved oversight offices eventually did. Many were loath
to every corner of top management.” It was also to break from their regular work routines. This
characterised as a political problem. The Deputy resulted in false starts, inconsistent report-ing, and
Secretary at the DOT informed his staff that if there delayed progress. As “outsiders” (i.e., OMB,
were shortcomings it would make the President look GAO, OIG) began to infringe on their space—
bad at the start of an election year in which the prescriptive orders, timelines, templates, audits—
“Technology” Vice President would be standing for IT agency staff became aggravated. Y2K work
election. was often boring, detailed, and tedious,
There was a sense of urgency that empowered area supplemented by (sometimes) weekly detailed
specialists to make decisions. According to every reporting requirements. In some cases, staff were
interview subject, money was not an object. The confident either there were no Y2K-related
person that coordinated the FAA financial requests problems or they could fix them as part of their
simply had to call the OMB and request the money. normal processes, yet these observations went
The FAA was never refused. One middle manager unheeded, particularly at the BLS. Like it or not,
noted how, on one occasion, he signed personally staff were corralled into large Y2K operations
for a $15 m upgrade during the 1998/1999 period, where risk management meant risk elimination.
something that would have been unthinkable and Eventually, the FAA IT staff thrived in such a
organisationally unjustifiable a few months earlier. context; the BLS staff did not.
When the FAA started to open itself up it was not
simply a question of “structure” but also one of
“style.” The FAA wanted to show Congress, the worSt-caSe planning at the faa
media, and any other detractors that it was taking and blS
their criticisms seriously. Throughout 1999, it ran
multiple “end-to-end” tests, “war game scenarios,” Clarke argues that worst-case planning encour-
and on one occasion simulated the “December 31- ages creativity, empowers participants, renders
January 1” date change in real time. The FAA effective solutions, and achieves equity in those
invited the GAO, the Office of the Inspector solutions.8 The definition for each of these terms
General (OIG), the FAA’s Administra- is subject to considerable negotiation. We offer a
provisional, context-sensitive understanding
Planning for the Worst, Bringing Out the Best?
of each term, and consider the extent to which worst- Y2K staff confronted agency executives at Y2K
case planning at these agencies embedded these planning meetings when they failed to meet Y2K
qualities. deadlines; Y2K staff authorised considerable
Where it existed, Creativity, unconventional, “out of the spending on Y2K projects; they briefed members
box” ideas, tended to include either clever “work- of Congress and the media. Many from the team
around” solutions (e.g., how opera-tions would recover describe Y2K as the highlight of their careers.
in the event of failures) or lucid explanations as to why Ostensibly, both departments were equally effective.
certain systems were not vulnerable to Y2K-related All systems were identified, fixed, tested, and
failures despite claims that all systems had to be audited. No systems failed as a result of the Y2K
checked. On the balance, however, the executives in bug. Insofar as this was the goal, both agencies
neither agency encouraged creativity in operations. In accomplished their missions. From a project
fact, the opposite is true. Straying from GAO guidelines management standpoint, however, there is again a
almost inevitably led to negative reports from auditors distinction between the BLS and the FAA. The BLS
and unfavourable exposure within Congress. Staff at started earlier than the FAA but became bogged
BLS in particular had alterna-tive solutions dismissed by down with conflicts between themselves and
executives within the agency because of anxieties over external agents. The FAA, on the other hand, started
relations with DOL, OMB, and Congress. late but accomplished its mission in a relatively
If we understand empowerment to mean giv-ing quick 18 months. The profile of Y2K, support from
someone influence and authority, then BLS IT staff lost the Administrator, and strong sense of mission
power over the Y2K issue by early 1998. What seemed within the team had considerable impact at the
like its reluctance to cooper-ate with central Y2K agency. The Y2K staff worked long hours; they
directives led to power and influence seeping away to developed stretch targets; they celebrated together
external parties. BLS staff note that despite having an when they met them; and they felt a sense of
excellent track record for maintaining their systems (a collective defeat when they missed them. Because
point corroborated by many external interviews), their they were never refused funding, they never got
advice was frequently ignored. Conflicts with external bogged down in tedious budget debates; they got
auditors sent in by DOL were common place. what they wanted, when they wanted it. Indeed, they
Ultimately, detailed and regular reporting requirements felt they were doing important work. The BLS staff
ensured IT staff never strayed from OMB/GAO central did not.
directives. Staff were not em-powered; rather, they If we broaden our understanding of effec-tiveness to
became at times combative; at times demoralised. include value for money, however, evaluating Y2K
The FAA Y2K office was working under the same efforts becomes much more problematic. Anything
guidelines as BLS, yet the FAA IT staff felt empowered by that might moderate the response, cost-benefit
them. The Y2K team had consider-able support from an analyses, probability risk assessments, and arguably
active Administrator who put Y2K at the top of the list of even professional judgement, were rarely
agency priorities. This support empowered the team to incorporated into Y2K projects systematically in
employ tactics in achieving Y2K compliance that would, either agency. Indeed, the only limitation on efforts
under other circumstances, be considered inappropri-ate was the fixed dead-line. As one FAA Y2K team
and perhaps career limiting. For instance, the member estimated, only about one in five systems at
the FAA required Y2K-related work, but given the
climate, it was simply not possible to tell Congress
and the media that the FAA would not be looking at
four fifths of its systems. Clearly, this approach
increased
Planning for the Worst, Bringing Out the Best?
the cost considerably with little or no discernible significant overlaps in the form of mandatory
benefits from a systems standpoint. third-party audits and contingency plans.
Viewed through one lens, the Y2K plan seems to However, the agencies did not adopt, convinc-ingly,
have achieved a sense of equity: all systems were the style of behaviour that Clarke attributes to
checked and, if necessary, fixed, and therefore, all worst-case planning. One agency was led through
systems were treated equally. If one assumes that the process by strong and persuasive leadership,
different people depend on different services and whereas the other was pitch-forked into doing its
therefore, would prioritise systems differently, then, job, insulted and demoralised. Clarke’s anticipated
indeed, the Y2K plan did not serve some people’s qualities of worst-case planning, cre-ativity,
interests over others. empowerment, effectiveness, and equity, were only
Again, however, if we assume a broader un- achieved occasionally and largely at the FAA.
derstanding of equity that views the Y2K project Somewhat ironically, this difference had little
as only one initiative in agencies with limited impact on either agency’s capacity to achieve its
resources and numerous competing projects, then goal of becoming fully compliant. Hence, while one
the equity achieved within the agencies can be might conclude that worse-case planning is possible,
challenged. For over a year, Y2K projects were one cannot conclude that such planning would
given a privileged status within govern-ment: necessarily result in the organizational dynamics
reporting requirements were exhaustive and that Clarke predicts.
inflexible and there were virtually no limits on The second question is more contentious: is worst-
Y2K funding. The effort absorbed consider-able case planning desirable? The absence of any
resources and in so doing, neglected other moderating measures risks driving up costs and
priorities. As one IT manager at BLS noted, the marginalizing the role of professional judgement.
opportunity cost of the project was rarely con- To start, Clarke skirts the issues of cost-benefit
sidered. One BLS executive went further: he felt analyses and refutes the notion of probability risk
Y2K diverted so many resources that it should be assessments, even as heuristic devices. In the case
described a “failure of leadership, a derelic-tion of Y2K, there seemed to be few constraints acting
of duty.” on Y2K project teams other than organizational
inertia and the fixed timeline, and therefore, with all
the available funding and the pressure to be-come
concluSion compliant, it was easier at the operational level
simply to check and fix everything. As a result,
To finish, we will recall two central questions relatively unimportant systems, as well as those that
established at the outset of the chapter: First, did showed no discernible date-related risk, were
the US government’s response to Y2K, as subject to expensive, resource-intensive Y2K
demonstrated at the BLS and the FAA, constitute treatment. There were alternatives. Rather than
worst-case planning? Second, is worst-case plan- simply measuring the extent to which systems were
ning an effective and desirable risk management going through the standard process, more feedback
strategy? loops could have helped detect the extent to which
The answer to the first question is almost certainly problems/failures were actually being identified, for
yes. The processes that supported the government’s instance. A more proactive effort at prioritisation of
Y2K objective of “no disruption to service” were systems could also have helped focus efforts and
largely the same in both agencies, slow, detailed, limit resource expenditure.
and exhaustive. There were also Clarke also contends that probabilism protects the
interests of the powerful. Again, he is not en-
Planning for the Worst, Bringing Out the Best?
tirely persuasive. One might argue, for instance, that alone are likely to detect. As always, the art is
probabilism protects the majority, which is not in finding the appropriate balance, which is
necessarily impractical in a world of limited resources always the subject of power and negotiation.
and unlimited potential for crises. In any event, it is
unlikely that a precautionary approach would lead to
addressing economic and social injustice. Powerful future reSearch directionS
interests can just as easily manipulate precautionary
approaches to ensure existing power structures are The prevalence of disasters caused by the
perpetuated, if not reinforced. Indeed, while there may failures of complex systems keeps the normal
have been inertia among many organizations not accidents/ high reliability organizations debate
wanting to act on Y2K-related problems, the Y2K fresh and meaningful. This chapter has
initiative was hardly a challenge to the status quo. In attempted to con-tribute to an aspect of this
many respects, it was the opposite. EO 13073 directed literature by examining the case of Y2K. Three
agencies to ensure there would be no disruption to broad and related sets of questions could
federal government programs. It also directed benefit from serious scholarly research.
government departments to work with industry to help
ensure the same standard. Y2K was a threat to “business Question one: learning from
as usual”; the government worked to ensure stability. disasters
Clarke’s precautionary approach is in fact selective in the
reality it portrays. While in some ways he encourages First, how do we learn from disasters? What
policy makers to open their minds in fact, he institutional arrangements are in place to gather
simultaneously offers a very narrow view of the problem. information, set standards, and modify behaviour in
Cass Sunstein (2005) astutely argues in his criticism of the light of past failures? Who interprets the fail-ures?
precautionary principle that if one chooses to invest in Ironically, government Y2K postmortems tend to
mitigating the risks associated with one problem one reinforce starting assumptions rather than question
almost certainly neglects other risks. How much spending them. After Y2K passed without incident, the UK
on Y2K was too much spending? What projects went government concluded, for instance, first, that its
unfunded or under-resourced because of the insatiable reaction to Y2K was an unqualified suc-cess, and
appetite for Y2K work or the unwilling-ness to live with second, that Y2K brought to light the significant
inconsequential failures? There are no answers to these extent to which economies depend on IT (Cm 4703,
questions, but that they were hardly considered is 2000). Few, if any, Y2K postmortem note the
disconcerting. Clarke is silent on the drawbacks of such variation in dependence on IT across sectors or
overreactions and the lack of transparency potentially at countries; nor do they note the ability of
work in the process he advocates. organisations and people to respond with flex-ibility
These problems do not lead to a complete indictment of and creativity to system failures. Rarely (if ever)
worse-case planning. Whereas Sunstein alerts us to the does one see a serious investigation of the
trade-offs inherent within precautionary approaches, considerable resources allocated to minimizing the
Clarke alerts us to the landmine of potential low impact of the Y2K bug.
probability/high con-sequence disasters that Y2K is one of the only preventative, pan-eco-
precautionary approaches nomic CIP initiatives on record. Many aspects of
the initiative were successful. If we are going to
learn from events such as Y2K, we have to look
seriously at the assumptions that underpinned the
planning and think more carefully about the
Planning for the Worst, Bringing Out the Best?
extent to which it was a success and a failure and rorism, for instance. Does this make a difference
integrate those lessons into future planning. By in their strategising about CIP? Many developing
this measure, Clarke’s book is a valuable countries experience systems failures regularly.
contribution. Does this inform how they prepare for and react
to disasters? By the same token, if the levees in
Question two: cooperation New Orleans had been sabotaged by an act of
terrorism rather than resulted from a hurricane,
Second, given the perceived interdependence across would the US government’s reaction have been
sectors and political jurisdictions, how do different (better)? Would the American public
governments and industries work together on these have been more forgiving? We could benefit from
issues? 9/11, the 2003 power failure, and the 2005 serious scholarly investigation into these matters.
tsunami, for instance, had significant global
impacts. They necessitated cooperation across
borders. While these crises require global referenceS
collaboration, there are several technical, eco-
nomic, cultural, and political barriers that prevent Blitz, J., Hope, K., & White, D. (1999). Mediter-
cooperation. In times of uncertainty, governments ranean trio see millennium bug as problem for
and industry can be reluctant or unable to disclose manana. Financial Times, November 12.
potentially sensitive information. Moreover, when
Bowen et al (1999), Low tech culture may
governments do wish to cooperate, as many have
prove region’s Y2K saviour. Financial Times,
since the advent of the “war on terror,” how read-ily
transferable is information? To what extent is Novem-ber 30.
information shaped by the institutional arrange- Clarke, L. (2005). Worst cases: Terror and ca-
ments within each country? So, for instance, when tastrophe in the popular imagination. Chicago:
the US government, representing a largely pluralist, University of Chicago Press.
federalist system, exchanges informa-tion with the
Cm 4703. (2000). Modernising government in
UK government, representing a largely unitary,
action: Realising the benefits of Y2K. London:
corporatist system, are they really exchanging the
same types of information? Can these differences
HMSO.
lead to incompatibility? How is this addressed? Couffou, A. (1997). Year 2000 risks: What are
What are the implications? the consequences of technology failure?
Statement of Hearing Testimony before
Question three: implications of Subcommittee on Technology and Subcommittee
differences on Government Management, Information and
Technology. March 20. Washington DC: GPO.
Third, if one anticipates different types of fail-ures
General Accounting Office. (1998a). FAA com-
or one defines the critical infrastructure differently,
puter systems: Limited progress on year 2000
how does this affect planning for and reaction to
issue increases risk dramatically. GAO/AIMD-
failure? What constitutes the critical infrastructure
98-45. January 30. Washington, DC.
may seem universal at first blush, but it is almost
certainly context sensitive: it is embedded in a General Accounting Office. (1998b). Year
specific geographic, cultural, eco-nomic, and 2000 computing crisis: Progress made at
political setting. Many countries are more labor, but key systems at risk. GAO/T-AIMD-
concerned about natural disasters than ter- 98-303. September 17. Washington, DC.
0
Planning for the Worst, Bringing Out the Best?
Government Accountability Office. (2005). Critical
infrastructure protection: Department of Homeland
Office of Management and Budget. (1999c).
Security faces challenges in fulfill-ing cybersecurity
Progress on year 2000 conversion.
responsibilities. GAO-05-434. May. Washington DC.
Washington, DC: GPO. December 14.
Hall, B. (1997). Testimony to Government Man-
Perrow, C. (1999). Normal accidents: Living with
agement, Information and Technology Subcom-
high-risk technologies. Princeton: Princeton
mittee. March 20.
University Press.
Hoffman, T. (1999). Y2K failures have hit 75% of US
President’s Council on Year 2000 Conversion.
firms. Computerworld, August 16, 33:33.
(2000). The journey to Y2K: Final report. Re-
Hood, C., Rothstein, H., & Baldwin, R. (2001). The trieved October 2004, from http://www.y2k.
government of risk: Understanding risk regulation gov/docs/lastrep3.htm
regimes. Oxford: Oxford University Press. Quigley, K. F. (2005). Bug reactions: Consider-
Jack, A. (1999). Level of Russian IT lessens year ing US government and UK government Y2K
2000 fears: Moscow has been late in putting to-gether operations in light of media coverage and public
some moderate Y2K defences. Financial Times, opinion. Health, Risk & Society, 7(3), 267-291.
November 26. Sagan, S. (1993). The limits of safety: Organiza-
Kheifets, L. Hester, G., & Banerjee, G. (2001). The tions, accidents and nuclear weapons. Princeton:
precautionary principle and EMF: Imple-mentation Princeton University Press.
and evaluation. The Journal of Risk Research,
Smith, R., & Buckman, R. (1999). Wall Street
4(2),113-125.
deploys troops to battle Y2K: Command
La Porte, T. R., & Consolini, P. (1991). Working in centre, jets, extra toilets are at the ready. Wall
practice but not in theory: Theoretical chal-lenges of Street Journal, December 22.
high reliability organizations. Journal of Public
Sunstein, C. (2005). Laws of fear: Beyond the
Administration Research and Theory, 1, 19-47.
precautionary principle. Cambridge:
Manion, M., & Evan, W. (2000). The Y2K problem and Cambridge University Press.
professional responsibility: A retrospective analysis.
Suzman, M. (1999), World is mostly ready for
Technology in Society, 22(3), 361-387.
Y2K. Financial Times, December 30.
Office of Management and Budget. (1997). Prog-ress
US-Canada Power System Outage Task Force.
on Year 2000 conversion. Washington, DC: GPO.
(2004). Final report on the August 14 2003
November 15.
black-out in the United States and Canada:
Office of Management and Budget. (1998a). Causes and recommendations. Published
Progress on Year 2000 conversion. Washington, DC: jointly by the US Government and the
GPO. May 15. Government of Canada. Retrieved October
Office of Management and Budget. (1998b). 2005, from http://reports. energy.gov
Progress on Year 2000 conversion. Washington, DC: United States Senate Special Committee on the
GPO. August 15. Year 2000 Technology Problem. (2000). Y2K
aftermath – A crisis averted (Final Committee
Report). Retrieved October 2004, from http://
www.senate.gov
Planning for the Worst, Bringing Out the Best?
Vaughan, D. (1996). The Challenger launch deci- Jaeger, C., Webler, T., Rosa, E., & Renn, O.
sion: Risky technology, culture, and deviance at (2001). Risk, uncertainty and rational action.
NASA. Chicago: University of Chicago Press. London: Earthscan.
Weik, K., & Roberts, K. (1993). Collective mind Kheifets, L. Hester, G., & Banerjee, G. (2001).
in organizations: Heedful interrelating on flight The Precautionary Principle and EMF: Imple-
decks. Administrative Science Quarterly, 38(3), mentation and evaluation. The Journal of Risk
357-381. Research, 4(2), 113-125.
La Porte, T. R., & Consolini, P. (1991).
Working in practice but not in theory:
additional reading
Theoretical chal-lenges of high reliability
organizations. Journal of Public
Beck, U. (1992). Risk society. London: Sage.
Administration Research and Theory, 1, 19-47.
Bellamy, C., & Taylor, J. (1998). Governing in
Margetts, H. (1999). Information technology in
the Information Age. Buckingham: Open
government: Britain and America. London:
University Press.
Routledge.
Clarke, L. (2005). Worst cases: Terror and ca-
National Institute of Standards and
tastrophe in the popular imagination. Chicago:
Technology. (2001). Risk management guide
University of Chicago Press. for information technology systems. Special
Cm 4703. (2000). Modernising government in Publication 800-30. Washington DC: GPO.
action: Realising the benefits of Y2K. London: Neustadt, R. E., & Fineberg, H. (1983). The
HMSO. epidemic that never was: Policy-Making and
Finkelstein, A. (2000). Y2K: A retrospective the swine flu scare. New York: Vintage Books.
view. Retrieved from Perrow, C. (1999). Normal accidents: Living with
http://www.cs.ucl.ac.uk/Staff/ A.Finkelstein, high-risk technologies. Princeton: Princeton
originally published in Comput-ing and Control
University Press.
Engineering Journal, 11(N4), 156-159.
Power, M. (2004). The risk management of ev-
Heeks, R. (1999), Reinventing government in the
erything. London: Demos.
Information Age. London: Routledge.
President’s Council on Year 2000 Conversion.
Hood, C. (1996). Where extremes meet: SPRAT
(2000). The journey to Y2K: Final report. Re-
vs. SHARK in public risk management. In C.
trieved October 2004, from http://www.y2k.
Hood and D. Jones (Eds), Accident and design.
gov/docs/lastrep3.htm
London: UCL.
Quiggin, J. (2005). The Y2K scare: Causes,
Hood, C., Rothstein, H., & Baldwin, R. (2001). The
costs and cures. Australian Journal of Public
government of risk: Understanding risk regulation
Admin-istration, 64(3), 46-55.
regimes. Oxford: Oxford University Press.
Quigley, K. (2004). The Emperor’s new computers:
House of Commons Library. (1998). The millen-
Y2K (re)visited. Public Administration, 82, 4.
nium bug. Research Paper: 98/72. London.
Quigley, K. F. (2005). Bug reactions: Consider-
ing US government and UK government Y2K
Critical Infrastructure Protection: Activi-ties that Inspector General (Office of the Inspector
enhance the physical and cyber-security of key public General): The President appoints and Congress
and private assets. approves Inspectors General for each government
department. The Inspector General Act (1978)
gives the Office of the Inspector General (OIG)
autonomy to audit the department (and related
agencies) for which the Inspector General is Planning for the Worst, Bringing Out the Best?