Abstract: A complete guide for understanding the Year 2000 computer problem in the electric industry. The target audience is both people inside the electric utilities industry, and consumers of electricity.
Keywords: book review, current_events, year2000, survival, power and light, year 2000 bug, y2k computer crisis, electric utilities, public utilities, nuclear power, fossil fuel power, SCADA, supervisory control and data acquisition..
Title: Electric Utilities and Y2K
Author: Rick Cowles
Publisher: Rick Cowles
Date Published: 1998
Pages: 153
Bibliography: 8
Figures: 9
|
Click below to buy the book
[Book price/availability varies]
|
To Buy This Book
Barnes and Noble does not carry this title. To purchase a copy, please
contact the author
Rick Cowles
directly.
Since I have spent some time in the electric power industry as a
programmer
on a Supervisory Control and Data Acquisition (SCADA) project, as well as
done some work with simulations,
I read Rick Cowles' book with great interest.
I was well rewarded. Everything which Rick had to say resonated very well
with my own experience, and enlightened me in a number of new areas.
I highly recommend the book to anyone in the electric power industry who is
(should be) concerned with the year 2000. It should also have considerable
utility to people in other industries which rely on embedded computer systems
Introduction: Watt's the Problem?
The author (hereafter "Rick") suggests that
this book is written both for persons within the electric utility industry who
are (or should be!) addressing the potential year 2000 computer bugs within their
system, as well as businesses and individuals who are dependent on electric
service. I would further expand the scope of interest to government officials
who are (or should be!) concerned about maintaining the infrastructure of
society, and to persons within other industries which utilize embedded control
systems.
Chapter I: The Dependencies: An Interlocking Puzzle
All aspects of the electric utility industry are susceptible to disruption
due to year 2000 computer bugs:
- Corporate (billing, customer service, regulatory reporting, etc.)
- Power Generation
- Power Distribution
- External entities (fuel delivery, parts suppliers, etc.)
While most industries are aware of problems within their corporate Information
Systems (IS), and in many cases have well-developed plans for upgrading their
IS systems, the problems within production and distribution are less well
recognized, and potentially harder to deal with, especially as regards
embedded systems.
Chapter II: Scoping the Problem: Y2K Impact on Business Systems and Embedded Controls
Embedded logic and real-time control systems are major components of today's
power generation and distribution facilities. Evidence indicates that there are
hundreds of thousands of programmable logic controllers (PLC's) deployed
world-wide which are believed to be not year-2000 compliant, or which will
require special work-arounds to make them compliant. [It is not clear from
the information presented whether these numbers are for all industries which
use PLC's, or just for the electric utility industry].
Testing which has already been done indicates that in some cases, these
flawed PLC's can indeed cause power generation facilities to shut down come
January 1, 2000. Remediation efforts are slow and costly. In one case,
fifteen man-months was required to analyze (inventory, risk assessment,
and problem identification) just the boiler-control subsystem
of one power generating plant. Additional time will be required for
remediation.
Chapter III: Makin' Bacon: Power Generation and Y2K
Nationwide, 20% of the power generated comes from nuclear power plants. Some
parts of the country get as much as 70% of their power from nuclear plants.
Rick makes a good case, quoting from the Nuclear Regulatory Commission (NRC),
that the conservative rules of the NRC will likely shut down all or
most of the nuclear power plants prior to January 1, 2000.
While optimists may speculate that there are no significant year 2000 related
bugs in the nuclear power plants, Rick points out that
in the world of nuclear energy, "not knowing"
is the same as assuming the worst will occur.
I will only add that it is much harder to prove the
absence of problems than it is to say "I can't
think of any potential problems."
Anyone curious about why the NRC takes such a hard stance regarding staying
within fully analyzed operating conditions may find the discussion of the
failure modes which lead to the Chernobyl disaster in the book
The Logic of Failure to be of interest.
Chapter IV: To Market We Go: Electricity Distribution Systems and Y2K
The Energy Management System (EMS) of many utilities is highly automated
and therefore susceptible to year 2000 bugs. Failure of the EMS can result
in a very 'dirty' power outage, in which line voltage surges and brown-outs,
variation in line frequency and phase can lead to damage to both power company
equipment and customer devices.
Such problems have already been demonstrated during year 2000 testing.
If the NRC feels that such problems may affect the off-site power grid
to which a nuclear plant is connected, it is likely to order the plant shut
down until all concern regarding the stability of the power grid has been
resolved.
Chapter V: Follow the Money: Business Issues and Y2K
The Securities and Exchange Commission (SEC) and Federal Reserve Board (FRB)
have already expressed their concern (as illustrated by the documentation which
Rick provides).
To minimize legal exposure, utilities must take a number of steps to communicate
an honest appraisal of the status of their year 2000 readiness. However,
contrary to Yourdon's suggestion,
a year 2000 bug is not likely to cause people's electricity to be turned off
for non-payment.
Chapter VI: The Selling of the Industry: Deregulation and Y2K
Deregulation of the power industry is encouraging many public utilities to
divest themselves of power generating facilities (an overhead expense) and
to instead buy power on the "spot market" from the lowest bidder.
There is some concern that the purchasers of the power generation facilities
will not be as driven by the traditional industry ethic to
"keep the lights on at all costs." Their MBA's may instead
decide that it is more cost effective to temporarily make a planned shut-down
at the turn of the century and restart the systems after they have leisurely
tested and fixed their systems.
Chapter VII: Blackout 1: Corporate Y2K Contingency Planning
Among professionals working on the year 2000 problem, there does not appear to
be much optimism that their mission-critical systems will be ready for the
year 2000. Contingency planning is necessary.
Year 2000 failures require different contingency plans than other failures
(for which contingency plans and drills do exist), because year 2000 failures
are common-mode and systemic, rather than independent random failure events
that most contingency plans address.
If systems have to fall back to manual mode operation, are there enough
trained personnel available to handle the wide-spread systemic failures?
Rick argues that there are not.
The need for training simulators is discussed in a white paper by Dick Mills,
which is included in this book.
Another potential area of power generator shut-downs is an inability to monitor
and log plant emissions as required by the Environmental Protection Agency
(EPA). Emergency waivers may be necessary to keep the lights on, although
hard-core environmentalists will likely scream that it is far better to
freeze to death in the dark than to allow a temporary increase in air pollution.
Chapter VIII: A View From the Trenches: Y2K Experiences From the Field
Various problems have already come to light, including software which was
year 2000 compliant running on hardware which wasn't, and control system algorithms
which depend on integration over time that fail when the control interval spans
midnight of January 1, 2000.
Just inventorying the embedded systems in use is a formidable problem, and
good project management skills are necessary to avoid
"analysis paralysis."
Power plants will have to be taken off-line top do year 2000 testing, and
this will reduce available online capacity before the year 2000. Power
shortages may well develop just due to year 2000 testing and maintenance
activities, especially during peak summer cooling and winter heating times.
It is my opinion that government officials should consider whether it might
be in the best interests of the public to temporarily relax pollution standards
during these times so that older power plants which are being retired to meet
ever-more stringent anti-pollution standards will be available to pick up
the load in the event of power shortages. Again, hard-core environmentalists
will likely argue that protecting scenic views at the Grand Canyon is more
important than providing electric power necessary to prevent heat-related
deaths in the desert southwest or cold-related deaths in the northern parts
of the U.S. [No, I am not arguing in favor of dirty air, I am arguing for
a sane cost-benefit analysis in which the welfare of the citizens is placed
above the desires of special interest lobbys].
Chapter IX: Industry Status -- The Y2K Scorecard
Many utilities look like they will have trouble meeting the year 2000
deadline, especially rural co-ops.
Chapter X: Blackout 2: Personal Y2K Contingency Planning
Consider all the things which require electricity that you depend on
in the dead of winter. Even if you heat with natural gas or oil, will
your furnace work without electricity? (Probably not). How would you
survive a prolonged power outage, especially if it leads to civil unrest
and looting?
This chapter has various suggestions for contingency planning. Problems
can arise as early as January 1, 1999. A Backup Power Generator FAQ is
included. CAUTION: backup generators produce carbon
monoxide, and people have died during power outages because they ran
their backup generators inside their homes. For more things to consider
when deciding what kind of contingency plans you should make,
I recommend that you refer to the book by noted computer industry expert
Ed Yourdon and his daughter Jennifer Yourdon,
Time Bomb 2000 and perhaps even
the fictional account of a collapse of society
TEOTWAWKI (The End of the World as We Know It)
Chapter XI: A Future History of Y2K
A quarter-by-quarter projection into the future of a number of different
social and technical indicators -- follow along as the future unfolds
to compare reality with projections.
Chapter XII: And Where Do We Go From Here?
Rick concludes with:
Don't rely on government, at any level, to play a significant role in
mitigating the impact of Y2K.
....
Lastly, be aware that no matter how much you know about Y2K, many of your friends
and family will think you're riding the edge of the lunatic fringe when
you go spouting off about Y2K!
Ignore them.
Despite Rick's pessimism regarding the efficacy of government in dealing with the
year 2000 problem, he still recommends that you express your concerns to
your elected representatives, and that you also ask some very pointed
questions of your local electric utilities. I echo Rick's sentiments, and
especially believe that much good can come of pointedly asking your
Congressional Representative and Senators to pro-actively develop National
contingency plans. Remember, if the government doesn't have a good
contingency plan already in place, Bill Clinton will be the person
trying to "wing-it".
Appendix A: Joint Meeting, NRC/NEI, 10/07/1997
Appendix B: A Suggested Process for Embedded Controls Identification
By Ron Strem and Mike Smith in association with TransAlta Utilities,
Alberta, Canada. This is a white paper which suggests a systematic approach to
identifying year 2000 bugs in embedded systems. This discussion is applicable
to any industry, not just electric power.
Appendix C: A Suggested Inventory / Assessment Process
By Bill Barker, Duke Energy. This is another white paper which suggests a
systematic approach to identifying year 2000 bugs in embedded systems,
and is also applicable to any industry.
Appendix D: NRC Report -- Computer Based Digital Systems Failures -- 12/96 to 12/97
Appendix E: Recommended Reading
Copyright © 1998
Orville R. Weyrich, Jr.