The Crash Next time 

2000 is coming—can Metro survive?

2000 is coming—can Metro survive?

Click.Disconnect. All done. It’s 4:15 in the morning, and a gangly, blond hacker is quietly cleaning up the debris from his night’s work. Carefully, so as not to disturb his sleeping parents, he tosses several dozen cigarette butts out of a dirty gray ashtray. He stuffs his last empty Coke can in with the paper napkins and the take-out pizza box that already crowd his trash can.

Then he smiles to himself. It has been a good night. He’s just spent the last six hours rummaging through the computer files of Metro government.

Just two days before, while he was looking over the shoulder of a Metro employee at the Howard School Office Building, he saw her type in her computer password, the code that gives her access to the computer network of Nashville’s city government. At home, he tried the password himself, using one of several dial-in lines, only to discover that, with a little computer savvy, he could use this one password to gain complete access to all of Metro government.

That first night, he spent nearly three hours toying with various files. At first, he merely browsed. Then, as boredom got the best of him, he began to have a little fun with the information that appeared on the screen before him. The temptation was just too great. Tax records, voter records, employment records—they were all within his grasp.

For the last two nights he’s been obsessed with the game. Now however, he decides it’s time for bed. After all, tomorrow is a school day. He goes to bed, resting easy. He is in control of his world.

The scenario might be a hacker’s fantasy. But it could also become a troubling reality. Metro’s computer system is woefully outmoded, and local hackers say they have found plenty of loopholes that could allow them access to public records. What’s more, as the year 2000 approaches, Metro’s information systems are definitely in line for an upgrade. Unfortunately, with the millennium bearing down upon us, we may not have the money—or the time—to get the job done. On Jan. 1, 2000, Metro’s entire record-keeping system could collapse.

In the 1960s, when Nashville took its first tentative steps into the information age, the world was a different sort of place. Back then, computers were huge, cumbersome, temperamental, and outrageously expensive. Massive steel monoliths, they were not the sort of equipment the average city worker could handle, so their care and maintenance were given over to a specially trained staff, an entire department of Metro government created specifically to serve the hulking computer god.

Virtually no one was computer literate. A few Metro employees could speak the arcane, foreign language of the computer, and all of them worked for Metro Information Systems (MIS). They were slaves to the computer, but to their fellow workers they seemed like gods. At the very least, they seemed like high priests who knew what sort of offerings would keep the frightening computer beast at bay. A simple routine was established: Whenever any department of Metro government needed any computer work done, the request was handed over to MIS.

But that was yesterday. Today, computers sit on almost every desk; they are as ubiquitous in American offices as televisions are in American homes. As a result MIS has suffered an identity crisis, and some insiders have begun to ask questions about its very existence: How much of Metro’s computer activity should one department handle? What can that one department do to keep up with rapidly evolving technology? And, perhaps the most important question of all, how secure are the records of any government if they’re networked together into one vast system?

Security is a major concern in any computer system, but it is often ignored when a new computer system is installed. In computer security, the first line of defense is the lowly password, the sequence of numbers, letters, or symbols that grants the worker access to the system. There are other, more sophisticated defense techniques, including firewalling, address blocking, and encryption, each of which can help make a system even more impenetrable to intruders. Nevertheless, Metro continues to depend on a security system that depends largely on passwords.

Inside the network, there are still other concerns. Because of the way Metro’s system is set up, it is possible, in many cases, to use a single password to access the entire government-wide network. In many cases, insiders say, this password is not difficult to ascertain. Some Metro employees say they are certain that security has been breached.

“A network’s security is only as good as the weakest link on the network itself,” says Dave Tempero, a Nashville-based computer consultant. “If a user can jump around from system to system by just entering one password, it’s very easy to do damage, even if it’s unintentional.”

The weak link in the Metro network may be its duplication of passwords. A local hacker group has discovered several instances in which a number of Metro-owned computers use the same password. A system with duplicate passwords, the hackers all agree, is simply asking to be tampered with.

“All you need is one password,” says one Nashville hacker, who asked that he not be identified, “and if a person chooses a password that’s identical to another user’s, it’s even easier to get in.” What’s more, the hacker says that in one instance, he did determine one Metro employee’s password, simply by watching as the employee typed it in. Using that one password, the hacker says, he was able to compile a list of passwords that are commonly used to access the entire Metro network. The hacker insists that he did not use the passwords to infiltrate Metro’s network. What matters, he says, is that he could have.

Meanwhile, Twila Brent, who serves as interim director at MIS, maintains that security on Metro’s internal computer networks is sufficient. “Network-user password security is in place at the network-user level,” she says.

Metro Mayor Phil Bredesen says he is not troubled by the prospect of citizen hackers intruding into the government’s database. After all, he says, it’s already legal for citizens to examine public documents. “All records stored on Metro systems are already public record,” the mayor says. “All that anyone has to do is file a request for it, and they can look at almost any computer records we have.”

It isn’t merely reading the records that is problematic. Trouble would arise if a private citizen should try to change them. Once a hacker made it into Metro’s network, he might be able to change or delete records belonging to a number of government departments.

A curious hacker might be an irritation. A disgruntled Metro employee could wreak havoc with the entire system.

The possibilities for a malicious attack are many and varied. With access to voter records, a person could manipulate the entries, creating trouble for a would-be candidate hoping to qualify for office. For example, a disgruntled employee, angry at an elected official, could simply delete that official’s voting record from the computer. As a result, the official would be ineligible to hold office, because it would appear that he or she was not a registered voter. Eventually, it would be possible to detect that the records had been deleted. But the official would already have suffered the tortures of a public-relations nightmare.

It might be even harder to catch a discreetly modified record. Given illegal access to tax records, a hacker—or an unscrupulous employee—could give one taxpayer undeserved credit on his account, or the taxpayer could discover that he suddenly owed exorbitant taxes on a piece of property. If such power were to be misused, a property owner could find himself unexpectedly on the brink of bankruptcy.

MIS’s Twila Brent says that, so far, no malicious breaches of the Metro system have been reported. On the other hand, one of the hackers contacted by the Scene refused to say whether or not he knew of such attacks on the Metro computer network. He would only admit that such attacks are “not only possible, but they are within the grasp of several other hackers I know.”

Not all Metro Information Systems’ problems are self-made. MIS is the one department charged with the task of maintaining Metro’s computer equip-ment. That does not mean, however, that MIS is responsible for every computer in Metro. Some departments operate their own computer systems, independent of MIS, and often at the behest of the Mayor’s office.

Bredesen says that, when he took office, Metro was “like a caricature of a corporation. There was too much reliance on large systems attended by ‘priests.’ ”

To update Metro’s computer operations, Bredesen, himself a former mainframe programmer, has begun to reduce MIS’s responsibilities. Other departments have been allowed operate their own machines if they choose to do so. With the mayor’s blessing they’re permitted to set up what he calls “guerrilla operations.” By decentralizing Metro’s computer operations, the mayor says he hopes to increase the efficiency of city government.

The Office of the County Clerk was one of the first departments to take Bredesen up on his offer. Faced with a major paper jam while processing license-plate information, the department desperately wanted to set up its own computer system. After lengthy negotiations with MIS, the mayor finally gave the green light for the clerk’s office to purchase its own IBM mainframe. Bredesen admits that his decision caused tempers to flare at MIS. “We had a knock-down drag-out,” the mayor says.

Still, Bredesen argues that computer systems “are tools that are best used by individual departments.” What’s more, he says, the clerk’s office insisted that staff positions could be eliminated if the office was computerized. “In the end, it was a financial boon for the city,” Bredesen says.

Meanwhile, each of Metro’s independent computer systems has its own set of operating rules—and its own method of maintaining and repairing equipment. Such autonomy could turn out to be dangerous—especially when Metro needs to upgrade all its systems at one time.

Take, for example, the looming specter of the year 2000. Most older computers, like most of those operated by MIS, were designed for a limited lifespan. A mainframe purchased in 1960 was intended to operate for about 20 years. After that time the manufacturer fully expected to sell his customer an upgrade or, perhaps, an entire new system. What’s more, even though mainframes were huge, their memory space was limited.

Thus, when it came to listing dates, computer programmers tried to use as little space as possible. For example, the year 1977 was usually listed simply as “77,” thereby saving two valuable chunks of memory.

Giving little thought to the then-distant future, programmers forged ahead, writing software that used two-digit dates rather than the full four digits. To make matters worse, programmers discovered that it was easier for computers to sort database entries by date if they were simply listed with the year first, followed by the month and then the day. Thus, any date could be listed as six figures. Mar. 24, 1977, for example, could be entered as “770324.” According to that system, higher numbers indicated more recent entries, while lower numbers indicated older ones. Searching for documents was efficient. It was easy to distinguish Feb. 18, 1980 (“800218”), from Oct. 12, 1972 (“721012”).

This method of sorting worked well—and it will continue to work fine until the end of the millennium, when older computers will have to list the year 2000 as “00.” Unfortunately, the old software will read that “00” listing back as if it indicated the year 1900. Some very old computers may just shut down completely.

That’s the situation with MIS. Several of the older systems under the department’s supervision will have no protection against the “Year 2000 Bug.” Two systems—the one that calculates property-tax revenues and the one that keeps track of voter registration—will almost inevitably be affected.

The mainframe that handles voter registration is an IBM model 3038, built in the late ’70s. It is, by all accounts, the oldest water-cooled mainframe still running in Tennessee. According to public records obtained by the Scene, this computer is running operating software (MVS/XA 2.2) that was withdrawn from circulation by IBM about four years ago.

According to Bob Kasper of IBM Technical Support, Metro’s version of the MVS/XA 2.2 software is so old that IBM has not offered technical support for it “for the past year at all.”

To make matters worse, most of Metro’s custom-tailored software is written in one of two outmoded computer languages, either FORTRAN or COBOL, neither of which can handle dates beyond 2000. Kasper says even newer versions of these software packages don’t support the extended date format because “no one programs in those two languages much anymore.”

Another of Metro’s mainframes is in even worse shape. The Burroughs B-300 was once used almost exclusively in the banking industry. The Burroughs Corp., which built Metro’s computer in 1966, is now defunct. A representative of Unisys Corp., which is now responsible for maintaining older Burroughs equipment, describes the B-300 as “ready for the junkpile” and predicts that it will “probably not make it past the year 2000.”

MIS uses its B-300 to compute property taxes. The Burroughs mainframe was scheduled for retirement in 1987. Now, in 1997, the manufacturer can’t support it, replacement parts are hard to find, and experts say that, two years from now, its software may simply stop working.

The impending crash of either the IBM 3038 or the B-300 could spell disaster for Metro’s record-keeping system. The probable impact on the average Nashvillian, however, remains wildly unpredictable. The crash of Metro’s antiquated Burroughs system could, in fact, result in a financial windfall, albeit an emphemeral one, for the taxpayer.

According to Dave Tempero, the B-300 will not know how to calculate property taxes once the calendar flips to 2000. It might, he suggests, “show a credit on each person’s bill—99 years of credit.” On the other hand, he suggests, it’s just as likely that the B-300 will bill everyone for 99 years’ worth back taxes. With older equipment, Tempero explains, it’s just hard to tell.

“Governments face the largest risk with the year 2000 bug,” says Tempero, since they store such huge volumes of information. He notes that “the IRS, also affected by the bug, began to change over their systems years ago, and they’re still doing it today.”

Bredesen says Metro is taking steps to forestall the potential problems from its outdated systems, which, he says, “will be phased out soon.” According to the mayor, “Many critical systems have already been moved off the mainframes already.”

Several departmental systems, however, are still functioning on older equipment. According to officials, the Burroughs software is not scheduled to be included in Metro’s upgrade plan.

The idea of a quick changeover sounds good, but many experts believe there will be no simple fix for the 2000 problem. Tempero says that, in corporate computer systems, it usually takes “three to five years” to correct this sort of glitch. “For a government to change the entire format of large databases in the two years we have remaining before 2000 is next to impossible,” he predicts.

What’s more, the changeover is not going to be cheap. When it comes to making the switch to the year 2000, experts quote a standard cost of $1 per fix. If that estimate holds true, the arrival of the millennium could cost Metro millions.

But these two aging mainframes share another problem—one that could cause trouble even before the year 2000. Newer computer systems have battery backups that help keep them running when there are power outages. This sort of backup power is essential for a computer, since it must have time to shut itself off safely. According to informed sources, who asked to remain anonymous, when the B-300 and 3830 were purchased many years ago, battery backups were not installed. Today, the backups are still missing. Consequently, these machines—central to Metro’s record-keeping—are hopelessly vulnerable, not just to power outages but to brownouts as well.

Because they are so old, the B-300 and the 3830 are particularly vulnerable during sudden shutdowns. “On current hardware, a power outage would be no problem,” Tempero says. On newer machines, he explains, the “hard disks” (essentially spinning platters that store volumes of information) are protected by “voice coils, which pull the heads away from the spinning platter quickly if they lose power.” But older computers like the B-300 and the 3830 do not have voice coils. Thus, in the case of a power outage, “the heads simply drop onto the platters and damage them.” The resulting fiasco is known as a “head crash.”

Several sources within MIS say that Metro’s mainframes, which are housed in the basement of Howard School, have already experienced several head crashes. Each time, the sources say, damaged information had to be restored from a copy that had been kept on tapes, a time-consuming process.

Fortunately, the damage done by the power outages has been minimal. However, an extremely severe power outage could damage a hard disk beyond repair. In the case of an old system like the Burroughs, for which no replacement parts are readily available, one strike could mean the death of the machine—and the loss of any information stored on it.

Still, Bredesen says the issue is not whether Metro’s mainframes are vulnerable, but whether, at this point in their lifespans, they are worth the trouble and expense. “Battery backups for mainframes are extremely expensive,” he says. “I can’t justify spending the money on a machine which is obsolete anyway.”

Perhaps it’s time to reexamine how Metro runs its computer systems. MIS, a department with years of experience, operates with equipment that, in the modern world of computers, is little more than scrap iron. What’s more, MIS was once responsible for coordinating the work of a number of large computers; now the depart-ment is responsible for the functions of more and more smaller computers. Meanwhile, the concept of computer networks is only now reaching its maturity.

In the past, Metro has delayed buying new computer systems as long as its older systems have handled the work load. As a result of this procrastination, Nashville is on a two-year countdown. For the moment, Metro’s computer systems seem safe and healthy, but their future is highly uncertain.

Any day now, an adventurous hacker could cause the city a minor headache. For that kind of problem, Metro can find a quick fix. Meanwhile, the year 2000 approaches. Although it may not bring the Apocalypse, it may bring its own kind of doom—a doom that brings a new kind of meaning to the word “disconnect.”


Subscribe to this thread:

Add a comment

Recent Comments

Sign Up! For the Scene's email newsletters

* required

More by Joel Moses

All contents © 1995-2015 City Press LLC, 210 12th Ave. S., Ste. 100, Nashville, TN 37203. (615) 244-7989.
All rights reserved. No part of this service may be reproduced in any form without the express written permission of City Press LLC,
except that an individual may download and/or forward articles via email to a reasonable number of recipients for personal, non-commercial purposes.
Powered by Foundation