SUMMARY

This report describes lessons learned from the efforts of the United States Air Force (hereafter simply USAF, or Air Force) to address a widely dispersed threat to its information infrastructure. The Air Force’s response to the Year 2000 (Y2K) evolved over more than five years and involved thousands of people throughout the 108 USAF bases, interacting in varying, often nontraditional ways to address perceived threats. In addition, hundreds more people at numerous major Air Force units were active in developing guidance and support packages and in monitoring their implementation.

This report is perhaps the most detailed publicly available case study of the Y2K response in a single organization and the lessons learned from that response. Although a great deal was written about Y2K before the event, surprisingly little analysis was conducted after January 1, 2000 (see Box 1-1). The fact that Y2K did not result in widespread catastrophic failures has led many people, particularly those outside the information and communications technology (ICT) field, to label it a nonevent or even a hoax—and doubtless discouraged extensive analysis after the fact.

However, as this report makes clear, the experience serves as a source of critical lessons for strategic management of ICT and echoes earlier findings of analysts in the field of information systems management. In addition, other sources make it clear that enough problems were experienced in the course of the Y2K rollover to demonstrate the reality of the problem and the importance of remediation efforts (GAO 2000). Serious known disruptions were avoided in the banking and insurance sectors, two NATO nation spy satellites went down for two days, and numerous other documented failures were either avoided or responded to in real time during rollover.

These lessons and related recommendations are described in Chapters 2, 3, and 4, and they cover the management of ICT complexity, aligning organizational and ICT strategies, and minimizing and mitigating ICT risk. A final brief concluding chapter focuses on the general lesson of viewing technology risk within its social and organizational context. Together, these chapters present general implications for large, complex organizations that rely on ICT to achieve their mission in the face of risks in such areas as information assurance, information security, and critical infrastructure protection (CIP). The recommendations, naturally, focus on the Air Force and its context, but they are applicable to other large, complex, ICT-dependent organizations as well.

The fact that Y2K did not produce major sustained disruption for the Air Force or other organizations makes it a more valuable source for long-term lessons for operational and strategic management of ICT systems. Rather than focusing on fundamental flaws and cascading effects, the bulk of this analysis is relevant to the overall strategic management of ICT, including maintenance and modernization, life-cycle management of systems and software, functional interdependency and continuity, guidance policies and certification, system ownership and responsibility, training and organizational roles, and security and information assurance.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K SUMMARY This report describes lessons learned from the efforts of the United States Air Force (hereafter simply USAF, or Air Force) to address a widely dispersed threat to its information infrastructure. The Air Force’s response to the Year 2000 (Y2K) evolved over more than five years and involved thousands of people throughout the 108 USAF bases, interacting in varying, often nontraditional ways to address perceived threats. In addition, hundreds more people at numerous major Air Force units were active in developing guidance and support packages and in monitoring their implementation. This report is perhaps the most detailed publicly available case study of the Y2K response in a single organization and the lessons learned from that response. Although a great deal was written about Y2K before the event, surprisingly little analysis was conducted after January 1, 2000 (see Box 1-1). The fact that Y2K did not result in widespread catastrophic failures has led many people, particularly those outside the information and communications technology (ICT) field, to label it a nonevent or even a hoax—and doubtless discouraged extensive analysis after the fact. However, as this report makes clear, the experience serves as a source of critical lessons for strategic management of ICT and echoes earlier findings of analysts in the field of information systems management. In addition, other sources make it clear that enough problems were experienced in the course of the Y2K rollover to demonstrate the reality of the problem and the importance of remediation efforts (GAO 2000). Serious known disruptions were avoided in the banking and insurance sectors, two NATO nation spy satellites went down for two days, and numerous other documented failures were either avoided or responded to in real time during rollover. These lessons and related recommendations are described in Chapters 2, 3, and 4, and they cover the management of ICT complexity, aligning organizational and ICT strategies, and minimizing and mitigating ICT risk. A final brief concluding chapter focuses on the general lesson of viewing technology risk within its social and organizational context. Together, these chapters present general implications for large, complex organizations that rely on ICT to achieve their mission in the face of risks in such areas as information assurance, information security, and critical infrastructure protection (CIP). The recommendations, naturally, focus on the Air Force and its context, but they are applicable to other large, complex, ICT-dependent organizations as well. The fact that Y2K did not produce major sustained disruption for the Air Force or other organizations makes it a more valuable source for long-term lessons for operational and strategic management of ICT systems. Rather than focusing on fundamental flaws and cascading effects, the bulk of this analysis is relevant to the overall strategic management of ICT, including maintenance and modernization, life-cycle management of systems and software, functional interdependency and continuity, guidance policies and certification, system ownership and responsibility, training and organizational roles, and security and information assurance.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Background of the Project The report grew out of an effort by the National Research Council (NRC) and other groups, such as the Institute of Electrical and Electronics Engineers (IEEE), to observe lessons from the Y2K experience that might be applied to CIP and other areas. The assumption was that there would be a number of critical, highly visible failures. Y2K could be studied as a surrogate for information warfare attacks, with the ultimate goal of making systems more resistant. Planning meetings were organized in mid-1998. In mid-1999 NRC volunteers and staff began working with Air Force personnel from the Information Warfare Defense (a unit attached directly to operations in headquarters) and the Air Force Y2K Office (AFY2KO) to establish the case study. Interviews were conducted at a continental United States (CONUS) base and an outside the continental United States (OCONUS) base before and after the end-of-year rollover. These interviews involved not only base working groups but also policy-making units at the major command (MAJCOM) and headquarters (HQ) levels. Supporting telephone interviews were conducted throughout the project. On April 14, 2000, an all-day Air Force–wide Y2K Lessons Learned Workshop was held in Washington, DC. Staff turnover at the NRC resulted in significant delays in the completion and publication of the report. Notwithstanding the delays, the author and the NRC believe that the insights generated by the project have long-term relevance and merit a wide audience. The Air Force and Y2K: Shifts in Perception ICT is critical to almost all Air Force mission and functional objectives, including maintaining readiness in the face of uncertainty. While information warfare, offensive and defensive, may be a unique element of the military management challenge, the Air Force’s concern that increased functionality and connectivity can lead to increased vulnerability is relevant for any technology-dependent organization. While security risks generally arise from outside threats to systems, threats to information assurance often emerge from internal system complexities. The Air Force encompasses nine major commands and has a complex organization for managing and funding ICT. Responsibility lies in the Chief Information Officer’s office, but as in other large and diverse organizations, there is a wide gap between the executive agency and the distributed, frontline, operational management and use of ICT. Ensuring the availability of experienced ICT personnel also presents challenges. For the Air Force, these include competition with the private sector and regular shifting of personnel (temporary duty, or TDY). As the Air Force is highly dispersed geographically, functional units may face very different environments, funding, and infrastructure, particularly CONUS versus OCONUS bases. A variety of perceptions became attached to the Y2K problem, both before and after. The widespread attention and news coverage linking the event with the new millennium, along with frequent mention of possible catastrophic failures, fostered numerous misconceptions of the problem but was helpful in ensuring that resources were

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K available and that organizations put procedures in place to respond. The coverage also produced anxieties and expectations that, fortunately, were not realized, but they may make it more difficult to appreciate the lessons learned. Within the Air Force, perception and response strategies shifted over time. The Air Force recognized the problem early because computer professionals working on specific systems brought it to light in the early and mid-1990s. By 1997 awareness mushroomed, and the emphasis widened from ICT and electronic data to include embedded chips and traditional infrastructure. There was also a shift from a technological to a mission perspective. It became apparent that the problem was too complicated for any one functional area, including ICT, to handle by itself. The first step was often to conduct an inventory with the goal of determining compliance, but system complexity, definitional uncertainties (for instance, what is “compliance?”), and a lack of clarity about ownership and responsibility complicated this. Early on, the Air Force played a key role in developing government-wide approaches focused heavily on finding, fixing, and testing mission critical systems. Over time, however, it became clear that it would be impossible to test everything in advance of the rollover. Therefore, there was a shift from fixes to continuity planning. By 1999 complex efforts to complete and validate system renovations began to conflict with equally complex efforts to develop and prepare viable contingency plans. Finally, there was a shift in focus from technology to legal and political issues. Early on, the legal staffs of corporations became involved. In July 1998, the Year 2000 Information Disclosure Act was passed, providing liability protection from inaccurate statements made by organizations acting in good faith when sharing Y2K information. Congressional and Government Accounting Office attention was part of the management environment. Lessons for Managing ICT Complexity Participants in the Air Force’s response to Y2K learned more about organizational operation and management than about technology. It became clear that traditional management strategies based on localized response would not be effective and that a more comprehensive approach was needed. For many organizations, including the Air Force, Y2K was the first time they needed to manage a single ICT project that cut across the entire organization. The pervasiveness of the problem and the interdependency of organizations and systems meant that Y2K could not be addressed by breaking the response into discrete components. Interdependency also meant that no single group could fully control the response. The Air Force, like many organizations, created a temporary Y2K office to manage the problem—no existing office could do the job. While common objectives and deadlines across the entire organization made Y2K a unique ICT project, the issues and conditions it revealed are relevant to any strategic ICT project that goes beyond a given functional area. Mergers, deployment of major systems in large organizations, and systems to facilitate interagency coordination are examples of efforts that are often undermined by the failure to fully understand and appropriately address organizational and system interdependencies.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Fortunately, Air Force recognition of the Y2K problem was early and widespread. The perception that everyone would be impacted in the same way at the same time— there was a common enemy and a set deadline—contributed to this heightened awareness. As the Air Force’s approach took shape, it reflected several lessons that are highly relevant to the management of ICT complexity in general. Enterprise-wide ICT management requires broader, more integrated efforts. Early on, it became clear that it would be impossible for individual commands and units to define the problem, set priorities, and track response efforts on their own. For example, commands and units made attempts to stratify response needs by the criticality of the system, the likelihood of an adverse occurrence, local conditions, and optimal response strategies. However, the translation from critical missions to critical systems was not straightforward, and classification schemes could not be developed that translated well across different commands and units. No existing unit had the scope or authority to coordinate a cross-organizational ICT project. The focus of ICT management must shift from hardware and software to data, knowledge, and organizational goals. Over time, it became clear that the key priority for Y2K response was the protection of data as they serve organizational goals—fixing just hardware and software was not sufficient. Once IT professionals recognized this, the focus of the Y2K response shifted to the operational use of data. The organizational information strategy must align ICT and operational goals. As the Air Force response to Y2K took shape, operational and strategic managers who saw themselves on the periphery of ICT were thrust into its center. For the Air Force and others organizations, Y2K represented the first large-scale, formal effort to align ICT management with operational and strategic management. The challenge of integrating ICT and strategic management was perhaps the most significant aspect of Y2K and is covered in more detail in the next section. ICT must be managed cross-functionally. Information in organizations tends to flow along functional lines. The success of the Air Force’s Y2K response depended on overcoming this “stovepiping” tendency. Even at early inventory and assessment stages, it was important to maintain a functional perspective toward ownership and responsibility. This was difficult for several reasons: (1) the need to comply with multiple guidance and unique reporting requirements; (2) the underbudgeting of man-hours; (3) an increased workload for communication; and (4) the need to keep up with directives and changes in directives. Until a temporary cross-functional entity to oversee the Y2K response was established and headed by someone

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K who represented the core value of the organization (in the Air Force’s case, a pilot/general), no unit had the perspective and authority to coordinate this effort. The overall information strategy must center on people, information, and mission. Y2K taught organizational ICT leaders that they needed to develop an enterprise-wide information strategy that would be aligned with the overall organizational strategy. Over time, Y2K caused these leaders to focus less on specific technologies and more on the effective use of information by people in support of overall organizational missions. In doing this, ICT leaders demonstrated the value of an integrated, cross-functional perspective beyond Y2K. Do not return to business as usual. As a cross-enterprise activity, Y2K forced people to grapple with complex issues that were not fully under their control. This is not a particularly comfortable position for most people. With the passing of the crisis, there was a natural tendency to seek a return to more familiar methods and roles. Some changes made in response to Y2K have become part of new business as usual practice, while other changes that were lost need to be rediscovered. Lessons for Aligning Organizational and ICT Strategies Traditionally, the strategic management of organizations and the operational management of ICT in those organizations have displayed significant differences. ICT management tends to focus on short-term needs, is technically based, and occasionally experiences failures as part of the job. Strategic management of an organization tends to be negotiated, focuses on longer-term and wider-range impacts, and can view failure as career threatening. ICT and operational personnel were brought together in new ways by Y2K, as the Air Force example illustrates. Early on, when Y2K was seen as an “IT issue,” resources were hard to come by. Later, attention from higher levels of management resulted in more resources being made available, but that attention also required ICT personnel to take account of a much lower tolerance for risk from upper-level managers. Complete, final alignment between organizational and ICT strategies is not sustainable because the strategic context changes constantly, as does the ICT portfolio. Nevertheless, achieving a dynamic alignment is increasingly important for both sides of the operational-ICT divide. The Y2K experience highlights several key areas of emphasis and underlying tensions in this necessary process. Central management and local execution must be balanced. Both central and local perspectives are “right” and have value, yet they are often in opposition. The Air Force is aware of the desirability and complexity of balancing this tension (for example, “central guidance/local execution”). Designating a single point of

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K contact (POC) is helpful, but that POC must represent the multiple relevant perspectives on each major action or issue in order to achieve a constructive, dynamic balance. Consider evolution of the problem over time. Large ICT projects evolve over time. For instance, Y2K evolved across Air Force organizational layers in two directions: initially, as locally identified problem-solving activities that evolved up into centrally managed initiatives, and later, as a centrally managed initiative that evolved down into locally driven problem-solving activities. The evolution of ICT projects in both directions generates tensions across organizational layers. Clarify ownership and responsibility. Neither local nor central units alone can be fully responsible for a cross-organizational ICT issue. Generally, local units attempt to assert control over the systems they rely on, but during difficult times such as Y2K, central ownership of these shared systems was seen as desirable since it lessened local responsibility for assessing and addressing the problem. One of the important benefits of the Y2K experience was that it forced diverse owners of systems and overlapping system components to communicate with each other in an effort to coordinate responsibility and action. Consider the impact of local diversity. Central owners and maintainers of ICT systems face the confusing task of understanding and managing a complex system of systems that spans significantly different functional and geographical environments. Those who acquire and develop systems may have difficulty anticipating how local conditions impact the fielding of those systems. The Y2K response had to address this diversity of local ICT environments, yielding insights into the ongoing challenge to achieve strategic alignment of ICT. Consider the role of local autonomy. During Y2K, locally developed software was seen as more problematic than commercial off-the-shelf (COTS) software. Several features of Air Force management and funding practices foster local autonomy in ICT. For example, military credit cards for flexible purchases (“impact cards”) allow local users to respond quickly to local demands but can present general system problems (for instance, security). On the other hand, systems and guidance were sometimes pushed from central to local units without dedicated funding in the hopes that the bases would “find a way” to support them. The Y2K response created an environment in which issues involving coordination among central and local units had to be addressed.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Build trust between local administrators and central managers. Another example of a local versus a central issue that arose for the Air Force during Y2K was the perception by local units that central guidance was not appropriate for their local situation, or that central units were using them as a “testing ground” rather than supporting their efforts. It is important that central guidance be delivered at an appropriate level and that mechanisms are maintained to foster stronger working relationships across horizontal organizational boundaries. Strengthen cross-functional relationships across the organization. In addition to issues across the organizational hierarchy, Y2K also emphasized the need for clear mechanisms for coordination and communication across functional organizational boundaries. Specific efforts were employed to overcome the tendency of the organization to operate within functionally organized units. Overcome funding disincentives to working across organizational boundaries. Using funding streams to identify project and system owners can help accounting practice but leads to a piecemeal view of systems, adding to the complexity of tackling a problem. Without specific funding, Y2K was not seen by some local users as their problem. Complications also arose because some parts of the organization work on a fee-for-service basis and others do not. Y2K created a precedent for cross-functional projects to receive significant resources and be managed in more creative ways. Balance the perspectives of central administrators and operational managers. The Air Force Y2K response was characterized by an increased involvement of higher-level administrators in ICT decision making. This was both helpful and burdensome. Strategic ICT management cannot be achieved without the involvement of higher-level management, but the value-added of some new layers of decision making in operational issues is unclear. Y2K demonstrated the need to find an appropriate balance. Address cross-boundary issues in the life-cycle management of systems. The end-to-end testing required for Y2K was complex to design, but the approach gained confidence over time, although it seemed that there was always more to do. Some Air Force ICT managers tried to build on this experience post-Y2K. Yet, maintaining the resource stream and management practices (for example, the use of block release dates) that proved effective during Y2K proved difficult as central management focus shifted to other issues. Y2K emphasized that life-cycle management of systems needs to be part of a strategic, cross-organizational effort.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Tackle the huge informational effort needed to support the management of integrated systems. The first impulse in responding to Y2K was to inventory those systems in place, identify the owners of the systems, and have the owners determine whether there was a problem. However, this is a huge, dynamic body of information that is often not available or not consistently maintained. It is impossible to manage what you don’t even know you have, and maintaining up-to-date information on ICT resources is a huge task. Information of long-term value was created through Y2K, but little time or energy was available to leverage the response effort into an ongoing means of addressing informational needs. Address issues of organizational culture. The Y2K response was often more impacted by informal patterns of communication than by formal directives and guidance distributed through regular channels. Who a communication came from could mean more than what the communication said. Subculture differences, such as those that exist between the acquisitions function and ICT management, also played an important role. This split was reflected even at the top, with the Air Force’s CIO coming from the acquisition side and the deputy CIO the computing side. User cultures also displayed differences, especially CONUS versus OCONUS units. In addition, the Air Force’s “culture of perfection” affected its Y2K response. Empower permanent organizational entities focused on cross-boundary issues. No permanent unit within the Air Force had the scope and authority to manage a cross-organizational ICT project like Y2K. For this reason a temporary unit was created. The Air Force’s Y2K response demonstrated the value of a permanent entity focused on integrating organizational and ICT strategies. The Y2K response enabled personnel to gain experience with crisis management and to build cross-functional teams. A more permanent entity or entities would serve as a focal point for ongoing efforts to manage ICT-related risks, as well as assure a corporate memory in the ongoing balancing act that is strategic management of ICT. Lessons for Managing ICT Risk The experience with the Y2K response, both in the Air Force and in the wider world, provides a number of lessons for how ICT risk management is understood and practiced. These lessons are instructive as organizations develop capabilities in the areas of information assurance and CIP. In general, these tasks have more to do with managing uncertain risks than with fixing things. In addition, it is important to bridge the conceptual gap between external risk from an outside threat and internal risk from system complexity.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Consider the role of perception of risk to appropriate response. The Y2K response was impacted by a changing perception of risk. As the visibility of the Y2K problem increased and senior managers became increasingly involved, the tolerance for risk was dramatically reduced. This occurred across the U.S. government. Local managers sought to prioritize, but central managers were far less willing to accept risk. Understand the limitation of industry assurances. Naturally, ICT managers sought assurance from vendors regarding Y2K compliance. However, industry could not guarantee how products would behave when interacting with other components, so industry statements failed to reduce uncertainties. Recognize the role of political, legal, and media factors. Attention from the political system (most notably Congress), legal factors, and media scrutiny all affected the Y2K response environment. The Year 2000 Information Disclosure Act specified that a “good faith” effort to discover and address potential Y2K problems would immunize organizations from liability. The Air Force adopted a higher, “due diligence” standard. This increased pressure to treat all problems equally. Political and media attention were beneficial in bringing a critical mass of resources to bear on the problem, but press writers did not fully understand the issues, and their coverage encouraged a broad, nonspecific zero-tolerance response. Distinguish non-ICT infrastructure from information systems. The Y2K response was unnecessarily complicated by the inclusion of non-ICT infrastructure like automobiles and alarm systems. The small but legitimate risk from hardwired dates in embedded chips was difficult to locate and impossible to fix. The risk of cascading effects was especially low. Yet this became the public focus of Y2K. Combined with a zero risk tolerance, this issue produced a huge effort with minimal impact. Explore existing risk management mechanisms. The Air Force had preexisting risk management mechanisms, such as continuity of operations plans (COOPs) and operational risk management (ORM), but these were generally not relevant to the Y2K response effort, in part because they did not address the challenges of managing cross-organizational ICT risk. These mechanisms could have been extended and employed more effectively.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K Evaluate the effectiveness and appropriateness of response. Assessing the impact of risk management activities is difficult, but based on the outcome, the Air Force’s Y2K response was found to be effective. Nevertheless, it is very difficult to evaluate the cost-effectiveness of the effort. To mention just one factor complicating such an evaluation, a non-trivial fraction of what was spent on Y2K would have been spent on new systems and upgrades anyway. The Social and Organizational Context of Technology Risk Since Y2K was not an external hostile threat, it did not fit easily into existing categories of information security. Y2K showed that threats can come not only from intentional actions of a conscious enemy but also from the unintentional consequences of our own actions, confounded by the complexities of the ICT system itself, the environments within which this system operates, and our inability to adequately manage these complex interactions. Uncertainties stemming from systemic risk can be as great, or greater, than uncertainties from the risk of hostile enemy attack. Both kinds of risk need to be managed within a coherent strategy. Developing such a strategy involves a variety of trade-offs and expanded perspectives on the nature of technology risk. This case study of the Air Force’s response to Y2K raises several important questions about how our organizations and society can be most effective in a world where dependence on ICT, and the interdependency of ICT systems, is growing. It concludes by focusing on a single critical factor: that technology is socially embedded, existing in the context of people and organizations. Like other aspects of ICT, security, information assurance, and infrastructure protection must be managed from this perspective. This lesson has been demonstrated in many incidents both before and after Y2K. In this sense the experience gained from the response to Y2K reinforces the lessons of the Three Mile Island and Chernobyl nuclear accidents, the Challenger and Columbia shuttle accidents, and the Bhopal disaster. The “decision” (however complex its evolution) to represent calendar years with two digits was human and organizational, not technical; just as the mismatch between metric and English measurement that destroyed the Mars Climate Orbiter in 1999 was a human and organizational error, not a technical or a mathematical one (or a terrorist attack). This report rejects the idea that the Y2K problem was simply one of fixing the technology, recognizing that it was driven instead by a concatenation of institutional, leadership, economic, social, and political factors as well as technical ones. The Air Force’s Y2K experience teaches us about software as a social system. It highlights the limitations and pathologies that typically grow out of social organization, training, and group complexity. Y2K reminded organizations that the ultimate goal of IT is not the continued functioning of local clusters of technology but, rather, the effective use of information in support of strategic missions and goals. It forced organizations like the Air Force to take on the challenges of managing an enterprise-wide ICT project, teaching them that by becoming more process based and less technology based.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K It is reasonable to believe that the lessons described in this report can be generalized, including the conditions that led to or exacerbated the problem, and what factors enabled or interfered with remediation. Systems of all kinds are becoming more interconnected and interdependent. If system architectures focus more on data and interaction and less on execution and specific procedures, if complex technology systems are also understood as components of social systems, then perhaps problems like Y2K can be left to the previous millennium. Eliminating all such risks is not possible, and would not be worth the massive amount of resources required even if it were. Understanding these risks makes risk management and planning for mitigation far more productive. In the end, the Y2K experience helped introduce the Air Force and other technology-based organizations to a human, organizational and social perspective on technology risk. The degree to which these organizations understand this perspective and choose to act on that understanding is a key question for the future.

OCR for page 1
Strategic Management of Information and Communication Technology: The United States Air Force Experience with Y2K This page intentionally left blank.