Many IT executives will be tempted to plead that there's no such thing as a sure software fix. After all, not even Bill Gates can get software to function in a public demo.

But executives, regulators and litigators aren't ready to accept the software fallibility defense. You can't plead that you are blameless if the risks are known and well-documented.

Contingency plans and contingency rehearsals are mandatory. You can't claim year 2000-readiness unless you have prepared contingency plans, rehearsed their implementation and demonstrated how your organization would cope.

But how do you come up with a reliably tested plan? There's an entire discipline built around testing software, but nothing similar exists for proving that your contingency plans don't have a fatal flaw.

Year 2000 risks have similarities to the situations one encounters when trying to neutralize national security threats. The best way to check out how the military copes with disabling situations is to learn from cases in which contingency plans worked and from those in which they failed. What national security organizations call "war gaming" develops knowledge on how to prepare to cope with threats before they become disasters. All year 2000 contingency plans involving critical services — especially where there's potential loss of life — should be subject to such gaming exercises.

In such a game, the "white hats" would be the year 2000 management team. The "black hats" would be experienced professionals with industry-specific experience, who would try to wreck the neat assumptions in the contingency plan. The black hats must think of all the improbable combinations that could happen coincidentally, making systems fail on a massive scale.

To stage a year 2000 war game, the white hats must disclose their plans to the black hats. The game is then played in eight-hour rounds, assuming a start at midnight on Dec. 31, 1999. For starters, the attackers would confront the defenders with a failure scenario for which there is no preplanned solution. It would then be up to the year 2000 management team to demonstrate, in less than 30 minutes, how it would get out of that situation. At the end of each round, a referee would judge which side prevailed. Such an exercise could be completed in a day and would generate a survival rating about the organization's prospects of coping with problems during the first week of 2000.

Much has been written about year 2000 as being a technical — as well as an organizational — problem. But hardly anything has been said about how to make contingency plans verifiable. It's time to explore conceivable scenarios that soon may be encountered as real predicaments. If a year 2000 management team can survive the challenges of independent black hat professionals, that alone may be adequate proof of "due diligence," even if some improbable mishap ends up in litigation.