The Nightmare Condition
Y2K is coming, ready or not. Right now, mostly not. And despite desperate efforts to correct the monumentally shortsighted failure to program the world's computers and computer chips with complete date codes, some disruption is now inevitable when the clocks tick over at midnight at the end of the year.Most worrisome, because of their vast potential for destruction, are the world's nuclear weapons arsenals and nuclear power plants. For if the network of interconnected systems collapses and cascades into systemic infrastructure failures, power and communications could be lost worldwide. Restoration may be delayed or even impossible in a world where everything else has snapped to a halt. In the chaos and confusion that would follow no one knows what would happen to nuclear bombs and nuclear reactors. In the truly worst-case scenario, accidental nuclear war and/or reactor meltdowns could release enough deadly radioactivity to return the planet to the insects.Probably nothing will happen immediately. All the world's 36,000 nuclear weapons could simply cease to function as the Y2K wave rolls over them. But a newly released report from the respected and independently funded British American Security Information Council (BASIC) warns of the possibility of accidental or mistaken launch of nuclear weapons. The authors acknowledge that this is highly improbable. Most nuclear launch systems require manual activation. But given the existing hairtrigger, launch-on-warning systems on which so many nuclear weapons are still balanced, such a launch, however implausible, could take place within ninety seconds of computer failure in the warning systems. If all military warning, tracking and interception systems were down, bombs could be hitting targets within minutes. The US military is aware of the danger and is working desperately to establish cooperative procedures with Russia, China and other nuclear powers to avert what Deputy Defense Secretary John Hamre has called "the nightmare condition."The greatest danger comes from Russian and Chinese missiles. Currently, at least thirteen Chinese nuclear missiles are thought to be capable of reaching the West Coast of the United States. Until Clinton's visit to China last June, some of the Chinese missiles were reportedly targeted on US cities. As a result of recent understandings, both nations have agreed to de-target their nuclear missiles. But such an agreement is currently unverified and provides flimsy protection, since missiles can be retargeted in ten seconds. As the Y2K digital tsunami moves west from the international date line in the Pacific, China and Russia will become the first nuclear nations to face possible computer failures--almost half a day earlier than the United States. All contact and communications could be lost or disrupted. Launch-site commanders could be left literally in the dark, trying to read the meaning of silence.On a recent visit to Russia, Defense Secretary William Cohen offered to share early-warning information and exchange up to eighty observers, who would be stationed at the Russian and US launch and communications centers during Y2K. Russian Defense Minister Igor Sergeyev rejected the proposal with a bland assurance that "there is no such danger [for nuclear weapons] since in the Strategic Missile Forces we use special technologies."However, according to a number of Russian scientists currently working in the United States, the financially starved Russian military and its dilapidated computer systems are even more prone to Y2K failure than those in the United States. The BASIC report quotes Sergei Fradkov, a former Soviet satellite control technician now working for a Wall Street software developer, who says, "Russia is extremely vulnerable to the Year 2000 problem.... If the date shifts to 0 for a brief moment...that fools the system into thinking there is a high probability of an attack in progress."Russia's nuclear command and control system is linked in what, until recently, was a top-secret program called Perimeter. Although exact details are still not known, Perimeter is reminiscent of the "Doomsday Device" in the sixties black-comedy film Dr. Strangelove, which triggered an automatic massive Soviet retaliation. The US government did not even know of the existence of Perimeter until it was first reported in the New York Times on October 8, 1993. At the time, former Director of Central Intelligence Robert Gates said such a system was "unlikely." However, Jane's Intelligence Review, the world's most authoritative weapons journal, has since confirmed the existence of Perimeter and revealed more details. According to Jane's, if Moscow were to be attacked, or even if there was "interruption of command links to key Soviet leadership," Perimeter would automatically trigger a low-frequency radio signal that would launch a communications missile that would, in turn, transmit to all launch complexes the codes that would launch thousands of Russia's nuclear weapons. The present status of Perimeter is unclear.Like China, Russia has de-targeted its nuclear missiles. But they can be back on target in ten seconds. Whether this could happen as the result of an automatic or accidental computer default is not known. Sites in the United States, of course, would be programmed into the Russian and Chinese computers as primary targets. No doubt also programmed into Russian computers would be target options for sites in China, France, Germany, Britain and all the NATO countries. Already NATO nations have begun cooperative nuclear security arrangements with Russia. The dangers may not be limited just to the Northern Hemisphere. Probably both Russia and China have computer programs to target the United States' biggest offshore communications system: the Pine Gap satellite spy base in the middle of the Australian desert.British Minister of State for Defense Procurement Lord Gilbert says that his government is "not complacent" about the possible impact of Y2K on nuclear weapons aboard British submarines. "We have been in close contact with the US and France over this issue. The year 2000 [problem] has also been raised with Russia and China," Gilbert said. "I can assure you that our procedures for control of our nuclear deterrent are robust enough to preclude any possibility of an accidental launch of a Trident missile through equipment malfunction." According to a BASIC research report, Britain has become the first nuclear power to begin de-alerting its nuclear missiles from the cold war hairtrigger. The time it takes to fire missiles on British nuclear submarines has been moved from "a few minutes" to "several days." According to BASIC this could serve as a precedent and "have important implications for all nuclear forces globally."The US military faces a daunting challenge, for it is dealing with the largest interconnected computer network in the world, with 1.5 million computers and 28,000 automated systems. It utilizes more than seventy different computer languages, some of them so obscure there is no one alive who can even read them. And all military systems are riddled with embedded computer chips. These chips are an especially vexing Y2K problem, perhaps an even greater challenge than the computers themselves. Tens of billions of chips are built into everything from toasters and video players to bombs and missiles, some programmed to shut down if they misread the date. There are probably more embedded chips in the US military system than in any other system in the world.The military continues to offer reassurances that the Y2K problem can be handled. Capt. Allan Toole, who now heads the Pentagon's Y2K Special Weapons Agency, says, "I have a good feeling about Y2K in this agency." A good feeling may not be enough. A more reflective response came from Deputy Defense Secretary Hamre, who admitted last October, "Probably one out of five days I wake up in a cold sweat thinking [Y2K] is much bigger than we think, and then the other four days I think maybe we really are on top of it. Everything is so interconnected, it's very hard to know with any precision that we've got it fixed."Last March the London Sunday Times quoted John Koskinen, head of the White House Y2K conversion council, saying there was concern "if the data doesn't function and [the missiles] actually go off." However, he added, "it's more likely that they won't function." Koskinen now says that since US missiles are launched by humans, they could not be fired accidentally. Diane Shields, vice president of CACI, a government contractor testing nuclear bomb launch systems in US submarines for Y2K problems, told a group of computer experts last year that the systems would fail in their present condition. Hamre warns that the military's concern is not that their computer screens will all go blank on 2000. "That's kind of good news," he said, "because then we'll know we have a problem. Our bigger fear is going to be that the system seems to work fine, but the data is unreliable. That's a far worse problem." Hamre has observed that "the Year 2000 problem is the electronic equivalent of El Nio."John Pike of the independent, nonprofit Federation of American Scientists warns, "The fundamental problem is that we don't know what could happen.... There's a real risk though that we could see the sort of computer malfunctions that we've seen in previous years, where the command and control systems erroneously report that an attack is in progress [and] erroneously direct missiles to shoot at the wrong target." Pike continues, "There is a small, finite risk that this could lead to an accidental nuclear war."Pike says the US military is already starting to classify information to cover up the vulnerability of nuclear weapons to Y2K disruption. According to a Congressional staff member quoted in the BASIC report, "These decisions constitute a concerted effort to censor information on Y2K progress. If there's anything bad, the immediate response is to cover it up, rather than taking care of the problem."In the introduction to the BASIC report, former US disarmament negotiator Paul Warnke concludes: "The only prudent course may be to de-alert or even de-activate those nuclear missile systems where date-related malfunctioning in associated command, control, and communications systems poses even a remote possibility of accidental launch." The BASIC report has formally called for nuclear bombs and missiles to be de-targeted, taken off alert, de-coupled from their launch vehicles and brought under independent international verification.Verification will be the real challenge. The prospects are not encouraging for achieving the unprecedented level of multinational cooperation and voluntary transparency that will be required to secure all the world's nuclear bombs in the next ten months. Belatedly, the United States and Russia have opened talks. On a recent visit to Moscow a top-level Pentagon team discussed establishing a joint missile-warning center to prevent accidental launch of nuclear missiles during Y2K disruptions.Nor do we know what will happen when Y2K strikes the 432 nuclear reactors around the planet. A growing number of experts are concerned that at least some of them will fail, causing a shutdown or, in the worst case, even a meltdown. When the giant three-reactor Oskarshamn utility in Sweden was tested last year, it automatically shut down as soon as the clock reached 2000.In an open letter to President Clinton and the Nuclear Regulatory Commission (NRC), Leon Kappelman, professor of computer science at the University of North Texas and co-chair of the Society for Information Management Year 2000 Working Group, warned that reactors could be a threat to public safety during Y2K. Kappelman wrote, "Although the NRC publicly acknowledges century-date-related computer-processing risks that are profoundly threatening to human lives and the environment, they refuse to require or take any action." When pressed on the issue the NRC admitted, "In a worst case scenario...a plant trip could result in a loss of off-site power and subsequent complications in tracking post-shut-down plant status and recovery due to loss of emergency data collection and communications." This has never happened, and it is not clear how serious it could become.An audit of the Seabrook reactor in New Hampshire released by the NRC this past November found that in this single power plant 1,304 separate software items and embedded chips would be affected by the Y2K bug. Twelve were described as having "safety implications." Another thirteen could cause the reactor to trip off. Of the more than seventy reactor sites under the authority of the NRC, only twelve audits were planned. Nine of these audits have been completed and published. Contingency planning has just begun.Emergency petitions presented by the Washington, DC-based Nuclear Information Resource Service (NIRS) this past December called on the NRC to close by December 1999 any reactor that cannot be proved Y2K-compliant by full testing. In the second petition NIRS calls for additional backup power units to insure a steady and continuing supply of power to the reactors and cooling facilities. The third NIRS emergency petition calls for full-scale emergency response exercises during 1999 to prepare for possible problems. NIRS executive director Michael Mariotte warned, "The unpredictability of how systems may respond to Y2K bugs, questions of the reliability of off-site emergency responders, including telecommunications, fire, police and other officials, all beg for additional training and practice."Most of the world's reactors have large diesel backup systems for emergency power; even if the reactors have been turned off, permanent cooling must be maintained over the reactor cores to avoid meltdowns. Diesels are not ideal backup systems for Y2K problems. Many have embedded computer chips that may fail during the clickover. And if the loss of normal power and support services is prolonged, the supply of diesel fuel could run out. Resupply may be impossible in a world paralyzed by Y2K. Paul Gunter, director of the NIRS Reactor Watchdog Project, reported to the NRC that existing backup systems "frequently don't work and are subject to multitudes of problems." Gunter warned, "This is just the tip of the iceberg, our investigation of these generators is continuing and we are finding they are even less reliable than we had believed."We do know all too well what would happen if normal or emergency power were lost to the high-level atomic waste fuel pools in which irradiated fuel rods from the reactor cores are kept cool. If Y2K brings down the national power grid for even a few days and the cooling systems stop working, the water will boil off and lethal radioactivity will be released. Although most pools are located onsite, near the reactors, many are not even connected to the emergency power systems. Mary Olson, the NIRS radioactive waste specialist, notes, "The NRC currently does not even require that these fuel pools have backup power." Evidently, the NRC has always assumed that in the event of a loss of power there would be plenty of time either to get the powerThis article originally appeared in The Nation (www.thenation.com).