cyber-"terrorism"?

[Owen Lewis]

----- Original Message -----
From: David Hansen <davidh@spidacom.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: 18 September 2002 16:22
Subject: Re: cyber-"terrorism"?


> On 18 Sep 2002 at 15:13, Owen Lewis wrote:
>
> > Anyone remember Y2K and the army of pundit
> > Jonahs, acres of publicity, endless circulars and idiot questionnaires
> > *that* produced?
>
> One could argue that this was handled well.

I don't think so. I think there was an entire misappreciation of the scale
and, perhaps the nature of the risk.
>
> Those that needed to make changes, typically large organisations, did
> so. The hype encouraged others to think about it who would otherwise
> have gone on in ignorance. This caused one customer to discover that
> a spreadsheet displayed dates in a funny way, but that was the only
> thing I experienced personally.

In terms of hardware, we use PCs only and experienced nil effect.

In terms of software, we might use about three dozen programs or suites of
programs from other manufacturers. We down loaded a Win 95 Y2K patch and
that was that. At that time, we manufactured three software programs. Two
had had Y2K catered for in their design. The third, designed in 1994,
demonstrated under test a small Y2K problem (it would list post 1/1/2000
dates before pre 1/1/2000 dates). Because of the purposes to which that
progam was put this minor glitch was of no consequence and would, anyway,
work its way out of the system within 6 months.  Further more it would not
affect programs taken into use post 1/1/2000.  We opted to ignore it, as
circularising the program's users was impractical. No complaints or requests
for a fix were received.

> Was there too much hype, too many questionnaires? Possibly, but by
> how much and what could have been reduced?

Well, just a couple that come to mind as typical. Every business customer of
every bank received a circular requiring a return to be made to their
bank(s) that nothing dreadful would happen to their business on 1/1/2000.
This was fatuous. Moreover, unless the bank(s) were substantial creditors of
a business it was impertinent. Equally fatuous were the returns required by
the mega-corporates who use our products, requiring an undertaking that
using our product on/after 1/1/2000 would not cause the ruin of their
businesses.

Interestingly, such undertakings were sought by only one govt department
either at home or abroad  and by none of the smaller companies that used one
of our products.

AFAIK, globally, there was no recorded incident of a catastophic system
failure - or even a serious parametric failure - occasioned by Y2K. But
perhaps your experience was different?

Owen