[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: P2 and the Y2K "Bug"

Peter Moulton (Peter.T.Moulton@state.me.us), in a 12/23/98 response to Mike
Callahan's question about "real life examples of Y2K related problems"
indicated that he hadn't seen any responses "...that even remotely addresses
your question."

Peter --

I don't know if you missed it, or overlooked it, but in my
characteristically rambling response (dated 12/11/98) to Mike's question, I
EVENTUALLY got around to citing three specific examples (each documented) of
process plant failures which stem from failure of date logic in process
control or supervisory control software/hardware.  Two of these actually
originated from the failure to correctly deal with the 1996 leap year event
(thus were not strictly speaking Y2K issues, but result from the same sort
of root causes); the other was a consequence of Y2K testing "dry run" at a
fossil fuel power plant in the UK.  All point out that however remote the
chain of events leading to plant upsets might seem, that there is a
non-trivial probability that such oversights in software will lead to
process control "events" which result in environmental consequences (as did
2 of the three exampled I cite).

Based on these few examples and review of Y2K documents from several control
system vendors and systems integrators, it appears that the "weakest link"
in many systems is the supervisory systems/intelligent control systems,
which manage data from several control loops and often perform some higher
level control integration (e.g., providing feedback/feedforward signals from
one loop to another) and data logging duties.  Failure modes in these
systems are various, but a couple of common ones are: failure of validation
routines (some of these systems attempt to "validate" process data from
individual PLC's before acting upon them; in some cases they will reject
data on the basis of invalid date information that the PLC sends);
differentiation/integration errors (for more responsive or smoother control
(respectively), some systems provide a portion of the control signal based
on time derivatives of process info, or based on time integrals of process
info.  In either case, the discontinuity of the time function at the Y2K
boundary can result in unpredictable behavior -- the powerplant example
cited above is such an example.

My hunch is (and the sparse anectodal data seem to back this up) that the
many control systems that are running legacy "custom built" third party
control and data integration software applications are most vulnerable,
since the individuals and/or firms that developed them are often too small
to have the resources to do exhaustive validation of legacy applications.
Foxboro, among other control solution providers, makes this observation as
well in their corporate Y2K position paper

I've since updated the Y2K article to incorporate the examples I mention
above, including the references back to original news or other
documentation.  You can find the article by stopping off at
http://www.chemalliance.org and following the Y2K link from the home page.

If you still believe this response doesn't address Mike's question, please
drop me a line off-list, as I'd be interested figuring out how I could be
misunderstanding the question so completely.


Scott Butner (rs_butner@pnl.gov) 
Senior Research Scientist, Environmental Technology Division
Pacific Northwest National Laboratory
4000 NE 41st Street, Seattle WA   98105
(206)-528-3290 voice/(206)-528-3552 fax
http:// www.chemalliance.org/	

> -----Original Message-----
> From:	Moulton, Peter T [SMTP:Peter.T.Moulton@state.me.us]
> Sent:	Wednesday, December 23, 1998 10:19 AM
> To:	Butner, Robert S; Callahan, Mike
> Cc:	P2Tech
> Subject:	RE: P2 and the Y2K "Bug"
> Mike,
>  I am still waiting, along with you, for your request to be filled.
> So far I have seen 4 responses to Robert Butner's email message, but only
> 1 (the locked door that no one had a key to) that even remotely addresses
> your question.
>  ----------
> From:  Callahan, Mike[SMTP:Mike.Callahan@Jacobs.com]
> Sent:  Friday, December 11, 1998 7:18 PM
> To:  'Butner, Robert S'
> Cc:  'P2Tech'
> Subject:  RE: P2 and the Y2K "Bug"
> Robert,
> I would be interested in knowing if anyone has identified a "real"   
> problem
> with Y2K.  All of the articles I have read to date, including the CEP
> article, are vague in providing actual problems. For example, where would
> you need to control a process based on the year and not the second,   
> minute, or hour ? Can someone give me an actual process control example   
> of where the assumption of 19XX instead of 20XX matters ?  With all the   
> money being spent to address this problem, we should be flooded with   
> concrete examples of how potential upsets and releases were averted.  So
> far, all I have seen are urgent cries to spend more money reviewing code
> and replacing controls for what is an assumed problem.
> Mike.callahan@jacobs.com
> > ----------
> > From:  Butner, Robert S[SMTP:butner@battelle.org]
> > Reply To:  Butner, Robert S
> > Sent:  Friday, December 11, 1998 1:35 PM
> > To:  p2tech@great-lakes.net
> > Subject:  RE: P2 and the Y2K "Bug"
> >
> > Folks --
> >
> > Some time ago, a P2TECH subscriber (I think it was Catherine Dickerson
> > from
> > PPRC) asked about the potential P2 implications of the "Y2K" bug.
> > I thought it was one of the more interesting questions I'd seen on   
> > in
> > some time, but candidly spent little time thinking about it at the   
> time.
> >
> > Recently, though, a co-worker and I spent some time looking at material
> > specifically related to the relationship between Y2K and the process
> > industries, and the potential for unplanned releases due to failure of
> > process plant equipment, monitoring equipment, etc.  We've collected a
> > number of references and links to online papers on the topic, along   
> with a
> > really well done piece from EPA-OW staff, and posted them to the
> > ChemAlliance site:
> >
> >
> >   
> http://www.chemalliance.org/Columns/Regulatory/Will_the_Y2K_Bug_Put_You_Ou
> > t_
> > Of_Compliance.htm
> >
> > (Yeah, I know it's a ridiculously long URL )
> >
> > Though the emphasis of the article is on the impact of potential
> > date-related glitches on compliance, I think that technical assistance
> > providers working on P2 will find a lot of value in some of the tables.
> > These include a list of common pieces of process equipment which are
> > likely
> > to have embedded microprocessors (and hence be susceptible) and a list
> of
> > "other" Y2K dates (besides Jan 1, 2000) which are likely to lead to
> > problems.  So I thought I'd pass this along, as food for thought for   
> those
> > of you who are working with the process industries.
> >
> > Hope this helps.  Happy Holidays.
> >
> > Scott
> >
> > Scott Butner (rs_butner@pnl.gov)
> > Senior Research Scientist, Environmental Technology Division
> > Pacific Northwest National Laboratory
> > 4000 NE 41st Street, Seattle WA   98105
> > (206)-528-3290 voice/(206)-528-3552 fax
> > http://www.seattle.battelle.org/P2Online/
> > http://www.chemalliance.org/
> >