CIA downplays Russia Y2K risks

Report concludes that Russia's nuclear missiles and warheads are not seriously threatened by Y2K.

A secret report commissioned by the Central Intelligence Agency on the Y2K bug concludes that Russia's nuclear missiles and warheads, the focus of much worried speculation, are not seriously threatened by the problem. However, the report, obtained by NBC News, ranks Russia last among 23 nations surveyed in its preparedness and raises concerns about the country's many nuclear power stations.

While the report, prepared by the MITRE Corp. for the CIA, downplays the potential for accidental nuclear war, it states that there is a significant risk related to the nation's electrical grid, including its nuclear power plants, primarily because of a late start in addressing or even acknowledging the problem by the agencies responsible.

Overall, the unclassified report, "International Issues Associated with the Year 2000 Problem," contends Russia is two to three years behind the United States in remediation efforts. Moreover, the report states many Russian economic sectors -- including nuclear power -- do not intend to deal with Y2K issues until after Jan. 1, 2000.

The MITRE Corp. is one of the CIA's most frequently used contractors.

Commenting generally before the Senate Armed Services Committee Wednesday, Air Force Gen. John A. Gordon, the CIA's deputy director, said the fear of an accidental nuclear war is overblown.

"I want to be clear that while local problems are foreseeable, we do not see a problem in terms of Russian or Chinese missiles automatically being launched or nuclear weapons going off, because of computer problems arising from Y2K failures. In fact, we currently do not see a danger of unauthorized or inadvertent launch of ballistic missiles from any country due to Y2K problems."

Risk to rockets, warheads low
Dealing with the issue of nuclear missiles, the report suggests that the Russians claim their strategic rocket forces "use their own computer language," which is simpler than COBOL, the computer language most vulnerable to the Y2K problem.

The report quotes Russian defense officials as saying, "Russia's ICBMs cannot be triggered by Y2K-related problems because 'special computer technology is used' in these systems." Still, the report notes, there is little independent corroboration for those statements.

Moreover, the report states that even the Russian military admits that tracking nuclear weapons in the nations inventory is one issue not yet addressed:

"While they anticipate no problems with the targeting system, problems could arise with the systems responsible for tracking the location and alert status of nuclear weapons." Russia has more than 20,000 nuclear weapons of all types. Surprisingly, the report mentions problems with early warning systems only in passing.

Nuclear stations a focus
The power plant problem is a different story, the report states, in part because the energy sector and particularly the Ministry of Atomic Power has not addressed the problem, while the Ministry of Defense has. Describing the lack of information about the Russian energy sector in general as "disturbing," the report quotes a November 1997 press report of a discussion of the Y2K issue by the top computer officials at Unified Energy Systems, the huge company controlling Russia's electricity grid:

"The main computer center director at Unified Energy Systems claimed he had seen a paper on the Y2K problem and believed the problem would be solved. One of his colleagues, however, directly responsible for the company's thousands of computers, said that he had neither heard of the bug nor of any plans to solve it."

Concerning the possibility of "nuclear meltdowns" at the nuclear power plants, the report stated the principal risks are to "control room displays, radiation monitoring and emergency response mechanisms" -- all essential to controlling a nuclear accident.

Worried neighbors
Finnish authorities, the report adds, had recently asked Russia for assurances that two nuclear power plants near Helsinki were Y2K safe, fearing that a nuclear accident would affect much of Finland. Russia, the report notes, told Finland there would be no problems but did not provide "any supporting facts."

It is not just the Finns. Other neighbors of Russia, too, have expressed concern, as have former Soviet allies such as Bulgaria, the Czech Republic and former Soviet states such as Ukraine and Belarus, all of which operate Soviet-designed nuclear plants themselves. Given the central government's difficulty even paying workers or controlling local governors in its far-flung jurisdiction, some countries clearly are worried.

Indeed, the Atomic Energy Ministry said last July that it will wait until 2000 to fix any computer glitches arising from the Y2K problem, claiming the plants "do not depend exclusively on computers.... Instead, the plants are controlled manually and automatically for greater reliability." Moreover, the Ministry has said, the report notes dryly, "the sector employs 'the latest hardware and software'."

In the private sector, the report predicts that while first-tier companies will probably survive while smaller and medium sized firms will do less well. It cites a recent Coopers and Lybrands survey which showed only one third of Russian firms are even aware of the problem. A sector where there is a particular dicotomy is the banking sector, the report claims. Larger banks, it noted, "seem to have leap frogged stages of technology at which Y2K is a problem. On the other hand, most smaller banks are using very old technology."

On the other hand, even those sectors where the problem has been acknowledged are often incapable of understanding the complexity of the issue. The report states that MITRE was able to obtain a copy of the Russian Telecommunications Committee's program to fix the telephone system prior to 2000.

"Unfortunately, the methodology is weak and does not consider alternatives ... which are less intrusive and faster, an important consideration with only one year to go. The report does not consider troublesome dates like September 9, 1999, the leap year and others. Certification criteria and validation and verification elements of the program are also noticeably absent."

In fact, the report notes a spokesman for the State Committee cited a software research company report saying "a final resolution [of telecommunications issues] would take half a century."

Finally, the report estimates the total cost of fixing Russia's problem at $32 billion, roughly 10 times what Russia has asked the West to come up with.