| What are Embedded Systems? |
|
A microprocessor-based control system which processes a fixed set of programmed instructions in order
to control the operation of electromechanical equipment or machinery belonging to a larger system of
which it forms part. Embedded systems appear in all manner of buildings and manufacturing infrastructure,
and are often difficult to find as they are hidden away in obscure places or buried inside machinery
control cabinets. They usually perform time-critical process control tasks, and are widely found in
manufacturing and process control plant, communications hardware, banking and finance terminal hardware,
medical equipment, transport management systems, building systems and domestic equipment. The heavy
time-dependency of the control algorithms implemented in some of these systems makes them particularly
vulnerable to Year 2000 problems.
What is the Embedded Systems Y2K Problem?
Unlike desktop PCs it is not possible to insert a disk or test program into an Embedded System, as there is no
facility to load new programs or access the existing program code. This is what makes determining Embedded
Systems compliance a very difficult and specialised task.
Embedded Control Systems that perform time-related control functions usually rely on information provided
by a Real Time Clock (RTC) chip. This is the hardware component that keeps the time and date updated, even
when a system is powered off. These chips evolved through the need for power-saving measures in circuitry,
continuity of timekeeping during power failure, and the inability of many older microprocessors to process
multiple tasks in a time critical manner.
The problem is that RTC chips usually hold the year date as a two-digit code, which becomes '00' in the year 2000.
This is miss-interpreted by some software calculations as year 1900 instead of 2000, with sometimes catastrophic
consequences. The desktop PC Y2K problem shares the same origin, but that is where the similarity ends - the difference
with Embedded Systems is that they are programmed to carry out a single task, and the program is fixed or embedded
into a chip (a ROM or EPROM, shown below) which forms part of the system's controlling electronics.
Are You Confident that the Embedded Systems in Your Business are Y2K Compliant?
If your company has done nothing to check its embedded systems you cannot be confident. You must: If your company has implemented an embedded systems programme and relied on vendor statements you must:
What is the best way of testing Embedded Systems?
Systems will only fail if they are performing operations that compare dates. Most systems are tested by changing
the date and witnessing the outcome for a range of pre- and post-2000 dates specified by the IEE and the British
Standards Institute. This is a perfectly good method of testing most I.T. applications and embedded systems where
a date is evident. Software for testing I.T. systems and applications is widely available. BUT, 80% or more of embedded systems do not process dates, making them intrinsically 'millennium safe' but that
is difficult to prove, and dangerous to assume. Without proof of the The Delta-T Probe is the only tool commercially available for use in cases like this. It can attach to and spy
on the microchips that determine whether the system processes a date, and extract the information required to work
out if it will fail. The Delta-T Probe includes an advanced analyser unit connected to a laptop PC, a huge database
of embedded chip types, software that tells the user what chips to connect to and analyse what they are doing, and
two days of training for a technician. A typical test takes a couple of hours, and a positive test outcome may save
tens of thousands of pounds in system replacement or implementation of another contingency plan. The Delta-T Probe
can be also be used in the event of a Post-2000 system failure as a means of rapidly establishing whether a system
failure is due to poor maintenance or due to non-Y2K compliant code.
absence of a date the probability of failure
cannot be properly determined, resulting in a higher risk of failure rating. Vendor statements may help, but are
often not available to too vague to be considered reliable.
The Scale of the Problem
Summary statistics of non-compliance in infrastructure embedded systems (based on a sample of over 150,000 systems
by London-based WSP Group plc) are:
| BMS: | 3% of installed controllers. 34% of head-end PCs. Failures can totally prevent operation. |
| FIRE: | 2% of installed panels are non-compliant to BSI PD2000-1:1998, but none have been found that do not ring the bells in the event of a fire |
| ACCESS: | 3% of access control systems. Cards either no longer work or refuse to expire. Some audit trails are lost. |
| LIFTS: | 0% of lifts. Some remote monitoring centres may be affected. |
| TELEPHONE: | 2% of switchboards require upgrades for billing / call logging features. Call routing does not fail. |
| INTRUDER: | 1% of systems are not compliant to BSI PD2000-1:1998, a smaller percentage fail to work completely |
| CAR PARK: | 1% of car parking ticket validation systems are not compliant to BSI PD2000-1:1998, and do not operate correctly |
| BACK-UP: | 0% of UPS and standby generators. We have not seen any failures to date. |
| CCTV: | 2% of CCTV multiplexers / switches / telemetry controllers and VCRs date-stamp the image incorrectly. |
| HVAC: | 1% of installed controllers (or less). Usually dependent upon BMS control. |
| PLCs: | 1% of process controller-based applications. 30% of SCADA head-end PCs or applications. |
Manufacturing industry shows a similar overall rate of non-compliance in control systems. It is a fair assumption
to say that approximately 1% of embedded control systems in any industry sector are likely to suffer a Y2K (including
leap-year 2000) related problem.
Glitches and failures are inevitable. These statistics do appear to indicate a low failure rate, BUT the rate of
failure increases with the level of integration between embedded systems. AND any of these systems may be part of a
business-critical operation so directors notionally responsible for ensuring corporate Y2K compliance CANNOT IGNORE
THE FACT THAT SYSTEMS MAY FAIL. This statistic gets DRAMATICALLY WORSE if you consider the embedded systems involved
in supply chain businesses for key business processes.
Legal Liability of Directors.
Litigation will occur. That is almost inevitable. For example, the property sector will see post-2000 disputes
arising in various permutations between landlords, tenants, maintenance companies, contractors, consultants and
manufacturers. Litigation may ripple up or down supply chains as a result of trade being lost through goods being
delayed, damaged, destroyed or mislaid. Much of the litigation will be attributed to, but actually nothing to do with, the millennium bug. Many perceived
Y2K failures will be due to poor maintenance of systems. The majority of infrastructure systems will have been in
service for over five years, and many of them contain microprocessor systems with on-board battery backups. Owners
of these systems are sometimes not aware of the existence of the batteries within them. Cases of poor battery or
Identifying a millennium bug problem is not always easy to do. Proving the cause of the problem so that
responsibility for it can be resolved will be even harder to do without the right tools. All companies should
be thinking about minimising unnecessary litigation - how will they identify a Y2K problem when it happens,
and how will they determine the cause of the problem? The Delta-T Probe can help diagnose the cause of embedded
systems failures. Many companies are now issuing statements along the lines of "We at MegaCo X have done all we need to do to
look at the problem. It will be business as usual for us", confident in the knowledge that they have spent time
and money looking at the problem and rectified things that they believe might fail. This often does not take
into account that the business may be affected by outside influences, and in some cases the information used
by their programme to determine compliance of systems is flawed. According to Mark O'Conor of Bird&Bird Solicitors (UK) issuing such a statement is fraught with risk for Directors
because: Failure to adequately demonstrate compliance of high impact systems will not be accepted as a demonstration of due
diligence by lawyers, the Health and Safety Executive (in most countries), or insurers. Insurers WILL ONLY INSURE AGAINST UNFORESEEABLE EVENTS, so in many cases directors will find themselves being held
personally liable for bearing the cost of millennium related claims.
system maintenance will cause the system to lose its program or operating variables during a prolonged power-outage,
which could easily be wrongly attributed as a millennium bug fault should it happen on or around a critical date.
Similar problems will occur in all types of business sectors.
Case Study
Victrex is a global leader in high performance materials technology, production and market development. Victrex plc is the sole manufacturer of a polyaryletherketone high performance thermoplastic, sold under
the brand name PEEK™. The polymer has a unique combination of properties for which Victrex plc holds the
world-wide patents. Testing the weight feeder confirmed that no date was being processed, and as saved Victrex from replacing a
business critical item of hardware. Replacing such an item would otherwise have caused a great deal of expense
and disruption to the business. This finding established compliance where it was in doubt, and could not be
confirmed in any other way. Victrex are now in a position where they can demonstrate that they have used due
care in exercising their embedded systems programme, to their shareholders, staff and customers alike. Year 2000 Project Manager David Barrow said: "We are delighted with the first phase of testing, and estimate we
can now reallocate up to £100,000 which would otherwise needed to have been spent on replacement costs. We are
now extending the testing programme, on-site in the UK and elsewhere." It is the business certainty afforded by the testing which is the key benefit, according to International Product
Manager Andrew Walker.
Victrex have been very proactive in their year 2000 programme work, and have sought compliance statements for
all of their embedded systems. Statements could not, however, be obtained from all of the suppliers, as some were
no longer in business, and others would not respond. One component critical to the manufacturing process, a device
for automatically weighing out raw materials and feeding them into the polymer manufacture process, was a particular
problem. Not only was the supplier, Westerland, no longer in business, but there was no apparent means of testing
the embedded control system by setting dates. Victrex bought a Delta-T Probe diagnostic tool to investigate
the system.
Conclusion
EVERY BUSINESS REQUIRES THE RIGHT TOOLS AND METHODOLOGY TO PROTECT THEMSELVES BOTH PRACTICALLY AND LEGALLY. FOR DEMONSTRATION OF DUE DILIGENCE WITH RESPECT TO EMBEDDED SYSTEMS ONE OF THOSE TOOLS MUST BE A DELTA-T PROBE. Details of how to test embedded systems are provided in the Instruction
Manual, in the Embedded Systems Testing Strategy
section.