FRAMINGHAM (02/28/2000) - After the denial-of-service attacks this month on several major Web sites, it turns out that the Internet is far more fragile than anyone in the computer industry had been willing to admit. There are real, substantial problems with security and stability that should have been addressed years ago. But they weren't. Why? Because everybody was focusing their time and energy on a largely fictional problem: the so-called Y2K bug.
I'm not saying that there weren't some two-character date fields that needed fixing. However, it's clear that the Y2K problem was nowhere as big as the hype suggested. The new year arrived without any significant problems, even in countries like Russia, Bulgaria and Vietnam, where next to nothing was spent on the problem. International Data Corp. conservatively estimates that as much as $19.9 billion worldwide was wasted on contingency planning and that salaries for extra New Year's weekend staffing alone cost $6.5 billion. That money represents manpower that could have been devoted to something useful, like retooling Web sites to make them more secure.
The Y2K mania was fueled by fundamentalists hoping for the end of the world, authors trying to sell Y2K self-help books and radio talk-show hosts hawking overpriced gold coins. As each piece of misinformation was published or republished on the Web, Web sites built connecting links, creating an entire cyber subculture with a self-reinforcing world view. The U.S. government added to the problem by launching "fact-finding" groups stuffed with self-proclaimed experts who published speculation as fact, giving it instant credibility. One government Web site, for example, stated that "most computer programs" had the Y2K bug - an absurd exaggeration. The mainstream press, from Business Week to USA Today, swallowed the story hook, line and sinker.
The computer industry, seeing an opportunity to make big bucks, simply played along with the hoax. Market research firms kept the furor going, even as their predictions about pre-Y2K problems never materialized. Hardware and software vendors were aware that Y2K was basically a no-op but weren't willing to pass up a seemingly irrefutable reason for companies to upgrade their systems. As for the IT services vendors, they had their snouts so deep in the trough that the last thing they were going to do was say anything that might keep customers from hiring more Y2K-related help.
What's deeply troubling to me is that the IT community - which should have known better - didn't stand up and cry foul.
Most of us knew, long before the fateful date, that Y2K was mostly hype. As early as last spring, a blind survey of 1,100 IT managers conducted by Addison Whitney revealed that only 8% of them considered Y2K an issue worthy of keeping them awake at night. And yet very few IT managers were willing to stand up and admit that spending more on Y2K would simply be throwing good money after bad.
The simple fact about Y2K is that a hell of a lot of money was wasted, partly because the IT community didn't have the courage to stand up and say, "We've got more important things to do!" And now we're stuck with a real problem - hacker attacks that threaten e-commerce. We'll scramble and no doubt eventually fix the problem, but only after some companies and bottom lines have taken it on the chin. And that's a damn shame, because it didn't have to be this way.