WEDNESDAY 24 NOVEMBER 1999

MR DAVID ROWLANDS, MR ROY GRIFFINS AND MR DAVID COOKE

  100. They were not too happy with it in October.
  (Mr Rowlands) I believe that it was declared blue on the 17th of this month.

  101. So it is all getting a little bit hairy really, is it not? Why was this assessment delayed?
  (Mr Rowlands) As I say, my understanding is that perhaps Metrolink operators were rather slower than some at perhaps getting to grips with the problem. They were encouraged, if I can put it like that, to speed up. It is a little bit later perhaps than people might have hoped or expected but the condition is now satisfactory.

  102. Coming to the bus sector, it is supposed to be blue after an assessment of the five companies that provide 60 per cent. What assessment has been made of the readiness of smaller companies who make up the 40 per cent of the remaining services?
  (Mr Rowlands) As I understand it there has been no assessment as such of the smaller companies. That is really based on the position of looking at the bigger companies. Buses are basically very low technology in relation to millennium compliance. The buses will still work. They have rather more sophisticated ticketing systems than used to be the case, but in the event of a ticketing system failure you can always go back to manual tickets. Buses are a robust system in terms of millennium compliance. That is what looking at the big five demonstrated and by extension it is reasonable to expect that to be the position of the smaller operators as well.

  103. Can we come to our friend the DVLA, God forfend. The Department actually said that "testing will continue on business critical systems up to and during the New Year Bank Holiday". Does that not rather imply that they are a little bit tardy in their efforts?
  (Mr Rowlands) No, it implies that they are working very hard. Remember I said that the vehicle system, which is the bigger of the two systems, was non-compliant and had to be replaced. That system is in place, the old legacy system was switched off last month. The last time I checked it had handled about ten million transactions, many of which are now including dates that go beyond 1 January 2000 because of the nature of the documentation that DVLA issues. It is rather like when we were speaking about Eurotunnel. The final live test in real time can only take place, just to make sure there are no unexpected problems, once you get on to 1 January. Effectively what they are doing is although they are confident about their system and it is functioning, as I say it has processed an awful lot of transactions, it is sensible to use the holiday close down period from 1-4 January just to finally double and triple check.

  104. By which time it will be a little bit late, will it not, Mr Rowlands?
  (Mr Rowlands) I have no expectation of problems with DVLA given, as I say, it has already handled ten million transactions on the new system, including transactions involving dates beyond 1 January.

  105. I had not realised what optimisitc people we had in charge of the Department of Transport, this entire afternoon has been a revelation. You said there has been some slippage in the dates of your own preparations for non-critical information systems. Can I ask you what systems and activities are covered by non-critical information technology?
  (Mr Rowlands) I think they are genuinely non-critical. There are four systems and three of them are building entry control systems, one to our office down in Hastings and the other two are two of the three headquarters buildings here in London, Eland House and Ashdown House. They are expected to have new software fixes in place next month but in the event that the building control systems do now work we just switch them off and we have a security guard examining the passes of people as they come in rather than swiping them on their way through a turnstile.

  106. I do not want to go into this in any great detail. This is not the moment to have a problem with systems like this, is it.
  (Mr Rowlands) The fourth system is that there are about 25 PCs out of several thousand in the central department which are not compliant which will be replaced next month.

  107. Why has it taken so long?
  (Mr Rowlands) I do not think it is a problem they have "taken so long", as you put it, it is a question simply, I guess, of ordering these things from manufacturers and getting delivery and replacing them. In the event they are not replaced, there is no great problem, they are not critical.

  108. Are you satisfied the transport sector has given sufficient energy to guard against attack from computer viruses?
  (Mr Rowlands) That, I guess, is an issue which could arise at any time.

  109. Yes, but particularly over the millennium period.
  (Mr Rowlands) Let me give you an honest answer. The honest answer is, I cannot answer your question because I do not know the information on which to base an answer. The Action 2000 programme has been about millennium compliance, not about guarding against individual hackers. That is an issue for the IT departments of any, not just transport operator, company, including my own department I suppose, with IT systems. Any big user of IT will have in place virus protection systems, they will have in place fire walls, the only issue is whether the hacker is smarter than the smart people working on virus protection systems, which are regularly up-dated, and fire walls to protect you against rogue e-mails.

  110. You are assuring yourself that in fact all that kind of protection exists in the system already?
  (Mr Rowlands) There is no longer in this country, and it is not just transport, anybody who is a significant IT user who does not have something like Dr Solomon's Virus Protection System which is regularly up-dated. In a sense, it is a non-issue and one would not check for the obvious. It is like asking if these people have a switch board with fuses in for their electricity supply system. Everybody has them. The only issue will be is the hacker or the virus spreader smarter than the people trying to protect the systems and that, to be genuinely honest with you, takes me into a domain in which I am not an expert and on which I could not give you a sensible answer.

  111. Mr Rowlands, can I just make it clear that we are absolutely agreed that you are going to send us details of the countries and the carriers which have not provided satisfactory answers about millennium compliance?
  (Mr Rowlands) Indeed, and I think I also undertook in writing to you to set out in effect the timetable. I imagine we will not see the transcript in time to reply to you this week but if the Committee clerk has any other points he feels we ought to reply to, we will attempt to cover those in the letter as well.

  112. If that information is supplied to us on a confidential basis we will nevertheless, even if we accept that initially, expect this information to be made available to the general public.
  (Mr Rowlands) Indeed.

  113. We will want from you some indication of the time that you would accept.
  (Mr Rowlands) Yes, that is why I said in writing to you we will cover the timetable as well.

  114. I just want to lodge a reservation about that. Clearly it will depend on the timescale involved and I know it has been recorded but I still underline that once that information is with us then, confidential or not, that puts a responsibility or a potential responsibility on this Committee. I think our judgment in terms of timescale and balance with the public interest is one that Mr Rowlands should understand.
  (Mr Rowlands) I do understand the point.

  Chairman: Mr Rowlands also understands that if he does not publish it by a time we think is useful, then we certainly will. We are grateful to you and your colleagues. Thank you very much.