Some Water & Sewer Plants May Not Be Y2K Compliant

Thabenksta writes "According to a Reuters News Article, over half of the United States' water treatment plants may not be y2k ready. This may result in backed up sewers, and undertreated water."

Re:Fearmongering bastards.

[wconrad]

My job for over 10 years was computerizing fresh and waste-water treatment plants. Based upon my experience, I'm not terribly worried. I am certain there will be problems, but I think they will be little noticed by the public.

A computer-controlled water plant generally has 3 tiers: (1) the master control computer, (2) remote controllers, (3) manual controls. The master control computer communicates with the remote controllers, which do the actual work of monitoring and controlling the plant. The signals from the remote controllers are routed through manual controls (switches) to the various pumps and valves.

The master control computer (could be computers, in the case of a redundant system) is usually some kind of microcomputer. We put a fair number of Gateways, Dells, and other name-brand PC's in plants.

The remote controllers are usually some form of embedded system. The most common remote controllers are purpose-built for the task and are called PLC's (Programmable Logic Controllers).

The manual controls usually (I'll get to the exceptions) exist as regular old mechanical switches in the electrical path between the remote controllers and the pumps and valves. A typical manual control is a switch with three positions: "auto" leaves the remote controller in command, "man" forces the device to be on/open, no matter what the controller says, and "off" forces the device to be off/closed, no matter what the controller says.

Also, the remote control computers are usually programmed to operate independently of the master control station. Whenever the master control station goes down (a fairly routine occurance in most plants), the remote controllers keep the plant running based upon their pre-programmed control algorithms and upon the last instructions ("Keep the tank level between 12 and 15 feet") that they received from the master control station.

Every water plant I computerized in my career had this 3-tier architecture: master, remote, manual-overrides.

Because the remote controllers can carry on for some time (hours, at least), in the absense of the master computer, failure of the master -- say, to reboot it after a Y2K-induced freeze -- is not a big deal. And because of the manual-overrides, the plant can be run manually even if the remote controllers fail or start issuing goofy commands.

The real risk for a computerized plant experiencing y2k problems is not that you won't receive fresh water or have your sewage treated -- it's that the city will be paying large amounts of overtime for the extra staffing it takes to run the plant manually. If a city is dumb enough to not have the staff on call during that critical period, then it IS possible for y2k problems to become visible to the public in some way more dramatic than an increased personnel budget. Also, I worked on a few plants where the engineers were so insanely stupid that they allowed the manual overrides to be built into the remote controllers, not independent of them. I always lobbied hard to have such insanities corrected and was usually successful. Those plants without independent manual overrides are the ones in true danger. But I gotta tell you, the plant designed by such intellectual giants are in serious trouble *without* y2k.

All in all, I'm not worried -- I expect to get water and flush the toilet on the 1st without causing the collapse of civilization.

Wayne Conrad

As of JUNE. Give me a break.

[the+eric+conspiracy]

There are several aspects to this story that make it highly dubious. The first is that the last report was conducted in June. Few industries, ANYWHERE had completed their Y2K preparations as of June. The second is that even if the Y2K preparations are not complete there is no great likelihood of serious failure. Few industrial control systems are particularly date sensitive. Only the supervisory/accounting systems are. Finally these systems always include multiple levels of redundancy right down to manual override in case of primary control element failure.

This is going to be just another Y2K Chicken Little story drummed up by panic mongers.