Collegiate Emergency Management

Ever since attending college at SUNY Oswego and serving as chief of our campus ambulance (the first and longest-serving all student-run college ambulance – SAVAC) I’ve had a completely different perspective than most students on the community that is a college campus.  This experience resonated with me through my emergency management career.  As a result, I’ve paid special attention to colleges and universities; helping university police, college public safety entities, and other campus partners to be better prepared by providing training, supporting exercises, and reviewing plans.  I’m fortunate to have friends and colleagues around the nation who are emergency managers for their colleges as well as those who are involved in emergency management degree programs which further the professionalism of our field.  All these folks have worked hard to enhance their colleges’ preparedness through efforts not only targeting college faculty and staff, but also students – which can be a challenge with this regularly changing population.  I’ve seen training offered to students ranging from CPR and First Aid courses, to Campus CERT (community emergency response team), to EMT training.  These types of courses, offered to students, are certainly an investment, but one that can pay off not only for the campus community but beyond the campus when these students graduate.

Colleges and universities have a tremendous amount of resources.  These resources allow a certain measure of self-sufficiency.  I was reminded of this by a recent article about Tufts University working to keep their campus operational after Nemo.  Campuses are truly communities, with hundreds or thousands of residents, hundreds of commuters, and an infrastructure to support it all including roads, facilities, healthcare, and food.  Not only must they have emergency plans in place, but also business continuity plans.  Largely, their number one hazard is fire – and colleges take fire safety very seriously – but they all have their own unique hazard profile which they must address just like any other community.

I have always encouraged colleges to work with their local communities and vice-versa.  There are a number of case studies out there, certainly of local communities aiding campuses during fires, shootings, and other emergencies and disasters.  But there are also instances of colleges helping the local communities.  Not only do campuses have public safety resources (these encompass the entire range of law enforcement – from security guards, to peace officers, to police), but they also have some public works resources, and a vast number of potential volunteers that can all be deployed to aid a local community.  Depending on the education the college provides, these volunteers can range from general labor, to those being trained as social workers, medical providers, veterinarians, and other professions which can provide direct assistance under the supervision of an experienced professional.  This is not only a huge force multiplier to aid the community but also provides real, hands-on experience to the students.  Likely an experience they will never forget.  We’ve also seen colleges and universities provide assistance to local communities on-campus.  Campuses have served as shelters (both in dorms and other facilities, such as gymnasiums) and feeding facilities through their dining halls.  When off term, campuses have massive potential to serve as incident bases, supporting the needs of a larger incident by providing services for incident personnel and resources (remember your ICS training?) through their lodging and feeding capability, medical facilities, loading docks, garages and maintenance facilities, and even just their open spaces.

Colleges and universities have to ensure their own preparedness just like any other community, but they should also work with their local communities and even their county emergency manager on cooperative emergency management relationships.  Local responders should be familiar with the campus, its hazards, facilities, and the people who operate it.  The campus can further relationships by hosting training programs for area responders and emergency managers and should include area responders in any preparedness exercises they conduct.  Engaging the student population in preparedness efforts will have great impact on the campus’s emergency program and will provide skills that the students will carry with them forever.

The Leading Edge of CyberSecurity… Where is it?

Tim RieckerI finally had a chance to read through Homeland Security Today’s publication of The Leading Edge Today.  The January edition was focused on cyber security.  The Producer’s Corner article (i.e. letter from the editor), cites a study and report compiled by Verizon and other entities from around the globe, including the US Secret Service.  This report, called the 2012 Verizon Data Breach Investigations Report, is staggering.  They cite 855 confirmed cases of enterprise data loss and say that most entities that are hacked aren’t aware of it for weeks or months – and are usually notified by someone else of the incident (i.e. law enforcement or an enterprise internet security firm).  The remainder of the publication offers some good information and insight on trends and prevention activities in the realm of cyber security.

Obviously The Leading Edge Today was published prior to the President’s signing of the cyber security executive order just a couple of days ago.  All reports so far indicate that the executive order really has no teeth.  It’s not law and only provides recommendations, although it does call for the establishment of a Cyber Security Framework (perhaps to parallel the National Response Framework?) and calls for the NIST to establish the standards of this framework.  DHS is charged with sector-specific outreach to engage the private sector.  It’s not the full package of what our nation needs, but it’s a start.  It’s apparently a political throwing-down of the glove to challenge Congress to promulgate and pass a cyber security bill.

I’ve not had the chance to do any research on it, but what are other nations doing?  I imagine that there must be countries out there who have not dragged their feet as much as we have on this matter; and hopefully they have been able to implement not only strategic plans that outline progress, but have also implemented tighter defenses.  This may also be an opportunity for a global defense against cyber crimes – particularly in consideration of the perpetrators and the victims often times being from around the world.  In my eyes, this cyber terrorism needs to be viewed as an attack on our sovereignty, on our economy, and on our personal and corporate privacies.  To fight it is to wage war against those who perform it and those nations who sponsor it – just like any other act of terrorism.

Critical Infrastructure Dependencies

Homeland Security Today published an article recently on the FCC’s examination of wireless network issues post Hurricane Sandy.  While the article speaks mostly on the need to bolster the wireless telecom infrastructure, it does mention the obvious dependencies that wireless has on our energy infrastructure.  These types of dependencies can be seen throughout all our critical infrastructure, linking them intimately, and demonstrating how fragile we really are without proper preparedness efforts and redundancies.  The illustration below outlines eight (of eighteen) of our critical infrastructure sectors: Fuel, Communications, Water, Banking, Electric Power, Transportation, Emergency Services, and Government Services.  I take no credit for the graphic, which was simply found on Google Images, but it is a great example depicting a number of the linkages (i.e. dependencies) that each of these sectors has on one another.  Like dominos, multiple sectors can be made to topple by exploiting vulnerabilities in one or more of them.  We’re not just talking about terrorism here, although preventing the intentional interference with critical infrastructure is obviously a major concern, but we’re also looking at natural hazards.

Critical Infrastructure Dependencies

Critical Infrastructure Dependencies
















We’ve seen from real life on multiple occasions what damages to our infrastructure can cause.  Our electrical infrastructure is perhaps the most fragile, but is also the one linked to every other sector – no wonder there is so much attention paid to preparedness and mitigation efforts to make this sector more resilient.  The above graphic shows, not accidentally, the electrical sector being in the middle of all others.

There has been further attention brought to the matter recently by the National Infrastructure Coordinating Center (NICC).  In this article by Homeland Security Today, it was announced that the National Infrastructure Coordinating Center will be hiring contractor support as a force multiplier in their monitoring activities.  Last week FEMA just released IS-913, their Independent Study course on Critical Infrastructure Protection: Achieving Results Through Partnership & Collaboration.  This course compliments other critical infrastructure protection-oriented training programs of FEMA’s.  FEMA Independent Study courses are free and open to all US citizens.  I would strongly encourage that you explore what they have to offer if you haven’t already.

Critical Infrastructure Protection (CIP) is an important topic spanning all of emergency management and homeland security.  Additional information on CIP can be found from the DHS CIP website and other sources.

The Emergency Manager as a Consultant

Lately I’ve gotten into watching these reality consulting shows like Bar Rescue and Restaurant: Impossible.  Both of these shows use a similar model, providing a prolific expert (Bar Rescue’s Jon Taffer and Restaurant: Impossible’s Robert Irvine) in their respective fields to aid a failing business.  These consultants are supported by a team of specialists and often a construction crew to remodel the business.  Sometimes it’s a just a few tweaks of the menu that’s needed, other times it’s a whole new way of thinking on the part of owners, management, and employees.  These are some of the best shows out there displaying conceptually some of the things consultants can do, albeit in a compressed and slightly dramatic mode.

Robert Irvine, the Consultant with Restaurant: Impossible

Robert Irvine, the Consultant with Restaurant: Impossible

That said, as many of my readers know, I work as an emergency management and homeland security consultant.  I’ve worked in the ranks of emergency management and public safety now for nearly 19 years.  Through this time, I’ve had the pleasure of working with a multitude of emergency management professionals at many levels; including counties and local jurisdictions and corporations.  These emergency managers, I’ve found, often play the part of a consultant.

While other department heads in county and local governments or corporations often make recommendations to CEOs (in this case Chief Elected Officials or Chief Executive Officers) these usually only impact their own department or have minimal impact on other parts of the organization.  Emergency managers make recommendations that often times impact the entire jurisdiction or organization – be they recommendations on mitigation, preparedness, recovery – and especially response.  Sometimes, unfortunately, the emergency manager doesn’t report to the CEO on a daily basis – which I think is a major mistake.  While others may be primarily concerned with saving their own operations in the event of disaster, the emergency manager’s goal is to preserve as much of the jurisdiction or organization as possible – with the priorities being life safety, incident stabilization, and property conservation.  These three tenants, preached mostly in Incident Command System courses, are applicable to both government and the private sector.  In both sectors, these priorities lead us logically to business continuity, ensuring that we minimize our losses and are able to continue operations.

As the profession of the emergency manager continues to evolve, including myriad training opportunities, education up to and including Ph.Ds., and professional certifications, the emergency manager is viewed more and more as a specialist and subject matter expert.  Emergency managers are expected to provide expert advice and guidance.  The emergency manager needs to stay current and up to date with the profession; not that the ‘science’ of emergency management changes much, but there are certainly new best practices, trends, and legal and regulatory requirements that need to be kept up on.  Whether an organization calls upon the emergency manager as an employee or brings in an actual consultant, this person is providing expert recommendations that impact the jurisdiction or organization as an enterprise system, not just a name or a spot on a map.  Just like in Bar Rescue or Restaurant: Impossible, the emergency manager may make recommendations that some people don’t like; but they called upon the emergency manager for their expertise.  The emergency manager is the consultant that can save your organization!

States Rushing to Limit the Use of Drones by Law Enforcement

Tim RieckerInspired by this Washington Times article.  I must say I don’t understand why people are protesting the use of drones (aka unmanned aerial vehicles or UAVs) domestically.  Yes, they fly; and they have cameras with telephoto lenses.  Their use, however, from a law enforcement perspective is largely no different from that of helicopters or small fixed-wing aircraft – except at a much lower cost and no danger of physical harm to individuals, such as pilots or crew, which occur far too often – mostly with helicopters.  I think portions of the public have greatly overreacted to what they have seen of the military versions of these drones by way of mass media.  They certainly do have great capability in that theater, but use domestically is vastly different – especially being that they aren’t armed with hellfire missiles and the like.  Now with politicians weighing in, the over-reaction continues, and at a detriment to public safety.

I truly hope that a compromise can be found with people realizing that the use of drones, within all current standards of surveillance, warrants, etc., is not a threat to their privacy.  It is, in fact, a demonstration of smart government, leveraging technology to enhance capabilities at a lower cost and increased safety.  In aerial surveillance, drones can be used for nearly anything a helicopter or small fixed-wing aircraft could be used for; including rapid deployment after a shooting or robbery to look for a subject, or to find an Alzheimer’s patient gone missing.  These are noble and proper efforts that I hope won’t be impeded by knee jerk reactions based upon misinformation.

What are your thoughts?  Am I missing something here?

NY Times Allows Cyber Attacks for the Sake of Research

Timothy RieckerJust read a very interesting article about the New York Times falling victim to cyber attacks from China – and allowing it!  As the article states, the Times took a gamble for a period of four months, allowing these hackers to repeatedly penetrate their servers and steal information.  This was a calculated decision by the NY Times, however, made with the assistance of a cyber security firm, and with the intentions of analyzing patterns to build better defenses.  Essentially, it seems, the cyber security firm used by the Times would deftly parry certain attacks by the hackers, allowing some blows through their defenses and letting a bit of blood.  Slowly, as the patterns of attack were recognized, the firm would tighten up their defenses until they shut down the attack completely.  A dangerous gamble, given the information the NY Times may have on its computers, but seemingly worthwhile.  An interesting bit of information from the article was that the hackers installed 45 pieces of custom malware over this period of time, with only one of them being recognized and stopped by their Symantec antivirus software.

I commend the NY Times for this effort, but certainly don’t recommend it!  It’s a heck of a gamble and a great deal of damage could have been done.