Learning from the 2009 H1N1 Pandemic Response (Guest Post)

Another great article from Alison Poste. Please be sure to check out her blog – The Afterburn – at www.afterburnblog.com.

I’m looking forward to reading about the adaptations to ICS she references in this article.

-TR

~~

Learning from the 2009 H1N1 Pandemic Response

The ICS model remains a universal command and control standard for crisis response. In contrast to traditional operations-based responses, the COVID-19 pandemic has required a ‘knowledge-based’ framework. 

A fundamental element of ICS is the rapid establishment of a single chain of command. Once established, a basic organization is put in place including the core functions of operations, planning, logistics and finance/administration. In the face of a major incident, there is potential for people and institutions to work at cross purposes. The ICS model avoids this by rapidly integrating people and institutions into a single, integrated response organization preserving the unity of command and span of control. Support to the Incident Commander (the Command Staff) includes a Public Information Officer (PIO), a Liaison Officer and a Safety Officer.

In a study done by Chris Ansell and Ann Keller for the IBM Center for the Business of Government in 2014, the response of the U.S. Center for Disease Control and Prevention (CDCP) to the 2009 H1N1 Pandemic was examined in depth. In examining the response, a number of prior outbreak responses were reviewed. Prior to the widespread adoption of ICS, “the CDCP viewed its emergency operations staff as filling an advisory role rather than a leadership role during the crisis” (Ansell and Keller, 2014). This advisory function was the operating principle of the 2003 SARS outbreak response.

ICS was created to coordinate responses that often extend beyond the boundaries of any individual organizations’ capacity to respond. Considering the 2009 H1N1 pandemic response, the authors outline three features complicated the use of the traditional ICS paradigm:

  • The overall mission in a pandemic response is to create authoritative knowledge rather than the delivery of an operational response;
  • The use of specialized knowledge from a wide and dispersed range of sources; and 
  • The use of resources to manage external perceptions of the CDCP’s response.

In response to these unique features, the authors of the study have advocated seven adaptations to the ‘traditional’ ICS structure. These adaptations will be examined in depth in a future post.

Notwithstanding the unique challenges of a ‘knowledge-based’ response, the ‘traditional’ ICS structure is well-equipped to adapt and scale to the needs of any incident. While it is true that a ‘knowledge-based’ response differs from an operational one, this is not inconsistent with the two top priorities of the ICS model: #1: Life Safety and #2: Incident (Pandemic) Stabilization. The objectives of the incident will determine the size of the organization. Secondly, the modular ICS organization is able to rapidly incorporate specialized knowledge and expand/contract as the demands of the incident evolve. Finally, assigning resources to monitor external communications will remain the purview of the PIO as a member of Command Staff.

When the studies are written on the use of ICS in the COVID-19 pandemic, what do you think will be the key take-aways? As always, I’m interested to hear your thoughts and ideas for future topics.

Reference

Ansell, Chris and Ann Keller. 2014. Adapting the Incident Command Model for Knowledge-Based Crises: The Case of the Centers for Disease Control and Prevention. IBM Center for the Business of Government. Retrieved August 16, 2020 from http://www.businessofgovernment.org/sites/default/files/Adapting%20the%20Incident%20Command%20Model%20for%20Knowledge-Based%20Crises.pdf 

How BC is Acing the Pandemic Test (Guest Post)

I’m excited and honored to promote a new blog being written by Alison Poste. Alison has led major disaster response and recovery efforts in Alberta, Canada, including the 2013 floods and the Fort McMurray wildfires, and currently works as a consultant specializing in business continuity, emergency management, and crisis communications. Her new blog, The Afterburn – Emergency Management Lessons from Off the Shelf, takes a critical look at lessons learned and how they are applied.

I’ve pasted her first post below, but also be sure to click the link above to follow her blog. I’m really excited about the insight Alison will be providing!

– TR

~~

The pandemic has upended how those in the emergency management field have seen traditional response frameworks. Lessons learned from the pandemic response will be useful to governments and the private sector alike in the coming years.

The ICS framework for emergency response is well equipped to address the unique needs of any disaster, including a global pandemic. The rapid scalability of the structure allows the response to move faster than the speed of government. It provides the framework for standardized emergency response in British Columbia (B.C.).

The B.C. provincial government response to the coronavirus pandemic, led by Dr. Bonnie Henry, the Provincial Health Officer (PHO) has received international acclaim. It is useful therefore to learn from the best practises instituted early on in the pandemic to inform future events. 

In February 2020, the Province of B.C. published a comprehensive update to the British Columbia Pandemic Provincial Coordination Plan outlining the provincial strategy for cross-ministry coordination, communications and business continuity measures in place to address the pandemic. Based on ICS, the B.C. emergency response framework facilitates effective coordination by ensuring the information shared is consistent and effective. The Province of B.C. has provided a daily briefing by Dr. Henry and Adrian Dix, the B.C. Minister of Health as a way to ensure B.C. residents receive up to date information from an authoritative source.

While we may consider the COVID-19 pandemic to be a unique event, a number of studies have provided guidance to emergency response practitioners of today. The decisive action taken by the B.C. PHO on COVID-19, has focused on the twin pillars of containment and contact tracing. Early studies regarding the effect of contract tracing on transmission rates have seen promising results, however the tracing remains a logistical burden. As studies indicate, these logistical challenges have the potential to overwhelm the healthcare system should travel restrictions be relaxed, leading to the possible ‘importation’ of new infections. 

B.C. has instituted robust contract tracing mechanisms to reduce the spread of COVID-19 in alignment with best practises in other jurisdictions. When instituted methodically, contact tracing, consistent communication, and Dr. Henry’s mantra to “Be calm. Be kind. Be safe.” remain critical tools to ensure limited spread, a well-informed and socially cohesive population.

How has your organization helped to slow the spread of COVID-19?  As always, I welcome your feedback and suggestions for how to improve the blog.

Preparedness in the Pandemic Age

Planning, training, and exercises, as the foundational activities of preparedness, shouldn’t be stopping because of the pandemic. Preparedness is an ongoing activity which needs to forge ahead with little disruption – and there is always plenty to do! What must we do, though, to accommodate necessary precautions in the age of the Pandemic?

Let’s talk about planning first. The biggest relevant issue for planning is the conduct of stakeholder meetings. These may be larger group meetings to discuss and get buy-in on broader topics, or detailed small-group meetings to discuss very specific topics. Information, sometimes sensitive, is exchanged, presentations are given, and documents are reviewed. I’ve mentioned in various posts through the years the importance of properly preparing for meetings. Even for traditional in-person meetings, there are important things to consider, such as:

  1. Do you really need a meeting?
  2. Developing an agenda
  3. Having the right people in attendance
  4. Ensuring that all speakers and presenters are prepared
  5. Ensuring that all attendees are prepared to discuss the subject matter
  6. An adequate meeting space and support (technology, dry erase boards, etc)

All of these rules still apply in a virtual world, perhaps with even more emphasis. While we’ve obviously had video meeting technology for a long time, we’ve discovered this year that many people haven’t used it much or at all until earlier this year. The surge in use has also brought attention to the plethora of tools which can be facilitated through video conference platforms. While the simple sharing of video supports most of our meeting needs, we can share screens, conduct presentations, and use collaborative tools such as whiteboards and shared documents. Pretty much everything we do in an in-person meeting can be accomplished through video conference platforms – but those who arrange the calls need to take the time to become familiar with the tools and functionality; and if there is anything that needs to be done by participants (some of which are likely to be less tech-savvy) you need to be able to coach them through it. Some of these tools require integrations of other technology, such as cloud document storage or various apps. Remember that meetings should be interactive, so encourage people to use chatrooms to help queue up questions for presenters. If any documents or information are sensitive, be sure you are taking the appropriate precautions with how the meeting is set up, how participants are invited, and how documents are shared.

My tip… read reviews to determine which platform will best suit your needs and watch some tutorials on YouTube.

When it comes to remote training, so much of what I mentioned for stakeholder meetings will apply here. Being interactive is still incredibly important, as is the ability to integrate other technologies, such as videos, PowerPoint, and shared documents. When designing training that will be delivered remotely, if it helps, don’t think about the platform first – think about how you would do the training in person. Would you have breakout sessions for group work? That can be easily accomplished on video conference platforms, but it takes some preparation. Would you put things on a white board or chart paper? That can also be accomplished. Giving an exam? Having participants complete a survey or feedback form? Yes and yes. It can all be done, but preparation is key. Some instructors, especially in public safety, have gotten too used to simply showing up and delivering their material – not because they are lazy, but because they have done it dozens or hundreds of times. They have a routine. If you want participants to get a similar, or perhaps even better learning experience, some deliberate thought and preparation is required. Also, make sure you simply don’t become a talking head. Break things up and be dynamic. It’s easy for our own demeanor to elevate disinterest. I often stand (using a variable height standing desk) when giving presentations and conducting training. Being on my feet helps me push more energy into what I’m doing.

Tip… remember to give people breaks, just as you would in face-to-face training.

Lastly, exercises. A lot of this is a combination of the information I gave for planning and training. Exercise planning meetings need to be conducted, and every exercise has some extent of presentations, with discussion-based exercises having more emphasis on this obviously. To answer the big question – yes, most exercise can be conducted remotely! Obviously, discussion-based exercises are generally the lower-hanging fruit, so they can and should be happening remotely. Remember that exercises are supposed to be interactive experiences, so your exercise design absolutely must account for identifying the means and methods of engagement in the virtual environment. All the things I’ve mentioned already are prime options for this, such as breakout groups, shared documents, live polling, etc. Facilitators and evaluators can be assigned to specific breakout rooms or have access to all of them, allowing them to float from room to room.

What about operations-based exercises? Yes, there are options for conducting operations-based exercises remotely. First, we do need to acknowledge the obvious challenges associated with conducting drills and full-scale exercises via remote environments. Is it impossible? No, but it depends on what the focus of the exercise is. Something like a cyber-security or intelligence exercise may be more naturally brought into a virtual environment, depending on the exercise objectives or tasks. Games may be fully integrated into digital platforms already, which helps, but if they aren’t, these may need to be re-imagined and developed in a virtual environment. This can get expensive, so it really needs to be a properly thought through. Functional exercises, such as the typical command post exercise or emergency operations center (EOC) exercise, can absolutely be performed virtually. Many jurisdictions successfully ran their EOCs virtually during the height of the pandemic (many still are). If the actual activity can be performed virtually, it can (and should!) be exercised virtually. Again, preparation is key to ensuring that participants can do what they would normally do, while controllers and evaluators still have full access and visibility. Simulation Cells can be virtually integrated and most EOC management platforms are web-based. With some thought, we can bring most exercises into a virtual environment and still make them effective experiences while also meeting all HSEEP requirements.

Tip… For a virtual functional exercise, unless the time period of your exercise is set after the initial response, consider including an objective for the participants (and the tech support of their agencies, as needed) to set up everything that is needed in real time during the exercise – just like they would in real life. This would include all their video, file share, data tracking, etc. That set up is a considerable challenge of running a virtual EOC. If you didn’t want that activity to distract from your exercise, it’s also a great drill. Don’t let it just be tech support personnel, though, as EOC personnel should be expressing their needs.

Remote work environments have helped many organizations overcome challenges associated with the pandemic. Some organizations were better prepared than others to make it happen, but most seem to have achieved effective operational continuity. Hopefully your preparedness programs haven’t stalled out because people feel these activities can’t be done in a virtual environment. We also can’t use the excuse that we’re too busy because of the pandemic to not be preparing. While some niche organizations might still be quite busy, the pandemic response, for most, has become an integrated job duty for the medium term. We can’t let things fall to the wayside or we will never get back on track. The time is now!

I’d love to hear how you are using tech platforms to support preparedness efforts.

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

When the Solution Becomes the Problem

Ever think a problem was fixed just to find that the solution was really more of a problem or a totally different kind of problem. While this can certainly happen in our person lives, I see this happen a lot in my professional life, and I’m sure you do as well. Through my tenure in emergency management, I’ve seen a lot of ill-informed assessments, poorly written plans, misguided training programs, bad hires or contracts, unwise equipment purchases, and exercises that could really be called damaging. Not only is the time, money, and effort put into developing these a waste of time (aside from learning how not to do them), they can have ramifications that cause issues to be solved in the short term or down the road.

Poorly conducted assessments can result in a lot of problems. If the data, the analysis, or conclusions are wrong, this can have considerable consequences if that assessment was intended to inform other projects, such as plans, construction, hazard mitigation efforts, staffing, and more. I’ve seen people point to reports with the assumption that the data was complete, analysis was unbiased, and conclusions are correct, and with something akin to blind obedience. When an assessment is used to justify spending and future efforts, we need to ensure that the assessment is carefully planned and executed. Similarly, we’ve all seen a lot of decisions based on no assessment at all. This can be just as dangerous.

Bad planning is a problem that has always, and I fear will always, plague emergency management. Of course, there are some really stellar plans out there, but they seem to be the exception. There are an abundance of mediocre plans in existence, which I suppose are fine but in the end aren’t doing anyone any favors because while the plans themselves may be fine, they tend not to include much useful information, specifics on procedure, or job aids to support implementation of the plan.

Here’s an example of how disruptive bad plans can be: A few years ago, my firm was hired by a UASI to design, conduct, and evaluate a couple of exercises (one discussion-based, the other operations-based) to validate a new plan written for them by another firm. Being that the exercises were to be based on the plan, I took a deep dive into the plan. I honestly found myself confused as I read. I forwarded the plan to a member of our project team to review and, quite unsolicited, I received a litany of communications expressing how confounded he was by the plan. At the very best, it was unorganized and poorly thought out. The subject matter lent itself to a timeline-based progression, which they seemed to have started then abandoned, which resulted in a scattering of topic-based sections that were poorly connected. After conferring with that team member to develop some very specific points, I approached our client for a very candid conversation. I came to find out that the planning process recommended and established by CPG-101, NFPA 1600, and others, was not at all used, instead the firm who built the plan didn’t confer with stakeholders at all and delivered (late) a final product with no opportunity for the client to review and provide feedback. This is a firm that gives other consulting firms a bad name. Working with the client, we restructured our scope of work, turning the tabletop exercise into a planning workshop which we used to inform a full re-write of the plan, which we then validated through the operations-based exercise.

Having been involved in training and exercises for the entire duration of my career, I’ve seen a lot of ugly stuff. We’ve all been through training that is an epic waste of time – training that clearly was poorly written, wasn’t written with the intended audience in mind, and/or didn’t meet the need it was supposed to. For the uninitiated, I’ll shamelessly plug my legacy topic of ICS Training Sucks. Possibly even worse is training that teaches people the wrong way to do things. Similarly, poorly designed, conducted, and evaluated exercises are not only a waste of time, but can be very frustrating, or even dangerous. Don’t reinforce negative behavior, don’t make things more complex than they are, don’t put people in danger, and DO follow established guidance and best practices. Finally, if you are venturing into unknown territory, find someone who can help you.

Equipment that’s not needed, has different capability than what is needed, is overpurchased, underperforms, undertrained, poorly stored and maintained, readily obsolete, and not used. Familiar with any of this? It seems to happen with a lot of agencies. Much of this seems to stem from grant funding that has very specific guidelines and must be spent in a fairly short period of time. Those who have been around for a while will remember the weapons of mass destruction (WMD) preparedness program that started prior to 9/11 and was bolstered by post-9/11 program funding. The centerpiece of this program was equipment purchases. While there was some good that came from this program, I witnessed a lot of wasted money and mis-guided purchases for equipment that wasn’t needed, for jurisdictions that didn’t need it or couldn’t sustain it, and supporting training and exercises to teach people how to use the equipment and keep them proficient. A lot of this circles back to poor (or non-existent) assessments used to inform these purchases, but the real culprit here is the ‘spend it or lose it’ mentality of grant surges like this. Foundational aspects of this program, such as defined need, sustainability, and interoperability were often skewed or ignored in favor of simply spending the funds that were thrust upon jurisdictions. I really blame the poor structuring of this program at the federal level on the poor implementations I saw and heard of at the state and local levels.

There are so many other examples of poor implementations that cause problems. Poorly built infrastructure, misguided hazard mitigation projects, and even poor responses. In the realm of response, I’ll draw on another example that I was involved in. Large disasters really do need to draw on a whole-community approach, which often leads to agencies who aren’t used to large-scale and long-duration incident operations going in over their heads. In one large disaster, I had been hired to help lead a team assembled to fix just such an occurrence, charged with rescuing a functionally necessary program that had been managed into the ground by a well intentioned but overly bureaucratic agency with high degrees of micromanagement. The time, money, and effort exerted to support saving this program from itself was fairly extensive, and, in implementation, challenging given the layers and nuances created by the agency that built it. In the end, the biggest issues they had were not listening to subject matter experts, some of which were in their own agency, and, ultimately, a failure of executives to deal with very apparent problems.

Most emergency management agencies operate on very slim and limited budgets. Being efficient and effective is of great importance. Don’t waste limited money or limited time of limited staff. Sometimes the things with greatest impact are simple, but if executed poorly the consequences can be high. Think things through and consult the right people. It makes a difference.

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

What Makes an Emergency Manager?

Over the weekend I posted a question on Twitter that prompted a fair amount of discussion with my EM colleagues. What I asked:

Does simply working in emergency management make you an emergency manager? (Even with my ego) it took several years of working in the field before I was comfortable calling myself an emergency manager.

The resulting discussion brought up considerations of time on the job, job responsibilities and titles, education, professional certifications, standards, and other relevant topics. I fully admitted to my own biases, initially directed toward myself and my own career trajectory, but that I honestly have a tendency to carry over to others who might be new to an emergency management job; certainly, with no intent to belittle anyone or gatekeep the profession. The discussions over the weekend on Twitter led me to realize that part of my bias came from what roles I performed early in my career. My primary being a training technician, helping to prepare for and conduct training courses – certainly not managing the program until a few years later. Similarly, early in my career, any emergency deployments or taskings were at the ‘doer’ level, not anywhere near the actual supervision or management responsibilities that came a few years into my career. All of this was appropriate for early in my career. Certainly, I felt that I worked in the field of emergency management, but not that I was a true emergency manager. Not until I was given responsibility and authority, both in my primary job and emergency assignments, that I felt that I was an emergency manager.

I’d also suggest that I was influenced by my own impressions of many of the people I worked with and worked for. I was fortunate enough to learn and be mentored by some really incredible emergency managers (both in their primary and emergency roles). I was awed by their knowledge, their talent, and their ability to coordinate some very diverse groups of people and resources into a unity of effort. In my early years I couldn’t yet do that. I had a lot to learn and respect to garner before I felt I could call myself an emergency manager.

Certification is an interesting thing. While there are certifications in many professions, these fall into two significant types: Those that require experience and those that do not. I think they each have their place and are often appropriate to the profession which they are in. Standards are a related yet still different matter, especially since, in emergency management and related professions, there are several ‘certifications’ that can be obtained. The ideal is to have a standard in the profession. I think standards are something to be explored further, and I give a shoutout to friend and colleague Ashley Morris (@missashes92) who has a lot of thoughts about where standardization should go in emergency management. Personally, I think one standard of practice should be internships or mentorships. These are required by certain professions and I think that, when structured well, they are a great way to gain the proper kind of experience necessary.

Education was another topic that has relevance but also a lot of nuance, as it also has ties to job duties, certification, and standards. I don’t feel that someone having a degree at any level can simply call themselves an emergency manager. There is a lot of consideration for what degrees are applicable, and that’s a challenge given how broad emergency management is. Despite so many of us beating the drum that emergency management is not just response, we still see so many emergency management job postings listing experience requirements as a first responder. It’s a challenge for us to identify as a unique profession when so many jurisdictions simply appoint a police officer or fire fighter to an emergency management job because it’s “close enough” (given no other screening or qualifications). We all know emergency management is so much broader than response applications yet, as a profession, we tolerate that crap. Emergency management has so many niche functions within, many of which are supported by their own unique education standards: engineers, finance and grants, technology, communications, public and/or business administration/management, instructional design, human services, public health, and so much more. Think about all the business units within a large emergency management agency, or a ‘day in the life’ of a one-person emergency management shop. Recovery, mitigation, preparedness, response, grants, volunteer management, community engagement, interagency coordination, logistics, etc. None of that is one skillset. Yet many education programs in emergency management will just talk history and theory. Others will focus on response. Few seem to do it right, giving a good, comprehensive picture of it all. Depending on where they will work, some practitioners need to know about a lot of different things, while in others they can specialize.

Is someone who just does grants management any less of an emergency manager than someone who only does mitigation or someone who only does training? To even put a bit more of a curve on this, how about someone who is an academic, or a researcher, or a consultant? What boxes need to be checked to be labeled as an emergency manager?

The discussion on Twitter to my one question lasted a couple of days, with a lot of really interesting thoughts and insight. Everyone that contributed had very valid perspectives, and it seemed that many agreed that there is no simple answer.

As always, I’m interested in the thoughts of my readers. What do you think is makes an emergency manager?

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

The Universal Adversary Mindset

Some of you are probably familiar with the concept of the Universal Adversary (UA). From previous Homeland Security Exercise and Evaluation Program (HSEEP) doctrine, UA is “a fictionalized adversary created by compiling known terrorist modifications, doctrine, tactics, techniques, and procedures in live, virtual, and constructive simulations. The UA is based on real realistic threats … providing participants with a realistic, capabilities-based opponent.” UA is often executed by a Red Team, which serves as an exercise-controlled opposing force for participants.

Over the past few years, I’ve heard less and less of the Universal Adversary concept. DHS used to have a UA Program supporting terrorism-based prevention and responses exercises, dating back to the early 2000s, but lately I’ve neither seen or heard anything about the continuation of the program or capability. (can any readers confirm the life or death of this capability?)

Regardless, the concept of UA offers a fair amount of opportunity, not only within the Prevention Mission Area, but across all of exercise design and perhaps other areas of preparedness – yes, even across all hazards. Of course, I recognize the difference between human perpetrators and other hazards, but just stick with me on this journey.

The fact of the matter is that we so often seem to have, as the 9/11 Commission Report made the phrase infamous, a failure of imagination in our preparedness. I’m not saying we need to go wild and crazy, but we do need to think bigger and a bit more creatively – not only in the hazards that threaten us, but also in our strategies to address them.

The UA concept is applied based on a set of known parameters, though even that gives me some concern. In the Prevention world, this means that a Red Team will portray a known force, such as ISIS, based upon real intel and past actions. We all know from seeing mutual fund commercials on TV that past performance does not predict future results. While humans (perpetrators and defenders alike) gravitate toward patterns, these rules can always and at any time be broken. The same can be said for instances of human error or negligence (see the recent and terrible explosion in the Port of Beirut), or in regard to someone who we have a love-hate relationship with… Mother Nature. We need to be ever vigilant of something different occurring.

There is the ever-prolific debate of scenario-based preparedness vs capability-based preparedness. In my opinion, both are wrong and both are right. The two aren’t and shouldn’t be set against each other as if they can’t coexist. That’s one mindset we need to move away from as we venture further into this. We need to continue with thinking about credible worst-case scenarios, which will still be informed by previous occurrences of a hazard, where applicable, but we need to keep our minds open and thinking creatively. Fundamentally, as the UA concept exists to foil and outthink exercise participants, we need to challenge and outthink ourselves across all areas of preparedness and all hazards.

A great example of how we were foiled, yet again, by our traditional thinking is the current Coronavirus pandemic. Practically every pandemic response plan I’ve read got it wrong. Why? Because most pandemic plans were based upon established guidance which emergency managers, public health officials, and the like got in line and followed to the letter, most without thinking twice about it. I’m not being critical of experts who tried to predict the next pandemic – they fell into the same trap most of us do in a hazard analysis – but the guidance for many years has remained fairly rigid. That said, I think the pandemic plans that exist shouldn’t be sent through the shredder completely. The scenarios those plans were based upon are still potentially valid, but Coronavirus, unfortunately, started playing the game in another ball field. We should have been able to anticipate that – especially after the 2003 SARS outbreak, which we pretty much walked away from with ignorant bliss.

It’s not to say that we can anticipate everything and anything thrown at us, but a bit of creativity can go a long way. Re-think and re-frame your hazards. Find a thread and pull it; see where it leads you. Be a little paranoid. Loosen up a bit. Brainstorm. Freeform. Improv. Have a hazard analysis party! (I come darn close to suggesting an adult beverage – take that as you will). We can apply the same concepts when designing exercises. Consider that in the world of natural hazards, Mother Nature is a Universal Adversary. Any time we hope to have out-thought her, she proves us wrong, and with considerable embarrassment. We also try to out-think the oft stupidity and negligence of our fellow humans… clearly, we’ve not been able to crack that nut yet.

“Think smarter, not harder” is such an easy thing to say, but difficult, often times, to do. So much of what we do in emergency management is based on traditional practices, most of which have valid roots, but so often we seem reluctant to think beyond those practices. When the media reports that a disaster was unexpected, why the hell wasn’t it expected? Consider that many of our worst disasters are the ones we never thought of. Challenge yourself. Challenge others. It is not in the best interests of this profession or for the people we serve to stay stuck in the same modes of thinking. Be progressive. Break the mold. Do better.

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Failures in Preparedness

In May the GAO released a report titled “National Preparedness: Additional Actions Needed to Address Gaps in the Nation’s Emergency Management Capabilities”. I encourage everyone to read the report for themselves and also reflect on my commentary from several years of National Preparedness Reports. I’ll summarize all this though… it doesn’t look good. The National Preparedness Reports really tell us little about the state of preparedness across the nation, and this is reinforced by the GAO report as they state “FEMA is taking steps to strengthen the national preparedness system, but has yet to determine what steps are needed to address the nation’s capability gaps across all levels of government”.

First of all, let me be clear about where the responsibility of preparedness lies – EVERYONE. Whole community preparedness is actually a thing. It’s not FEMA’s job to ensure we are prepared. As also made evident in the GAO report (for those who haven’t worked with federal preparedness grants), most preparedness grants are pretty open, and as such, the federal government can’t force everyone to address the most critical capability gaps. Why wouldn’t jurisdictions want to address the most critical capability gaps, though? Here are some of the big reasons:

  • Most or all funding may be used to sustain the employment of emergency management staff, without whom there would be no EM program in that jurisdiction
  • The jurisdiction has prioritized sustaining other core capabilities which they feel are more important
  • The jurisdiction has decided that certain core capabilities are not for them to address (deferring instead to state or federal governments)
  • Shoring up gaps is hard
  • Response is sexier

The GAO report provided some data to support where priorities lie. First, let’s take a look at spending priorities by grant recipients:

While crosscutting capabilities (Operational Coordination, Planning, and Public Information and Warning) were consistently the largest expenditures, I would surmise that Operational Coordination was the largest of the three, followed by Planning, with Public Information and Warning coming in last. And I’m pretty confident that while these are cross cutting, these mostly lied within the Response Mission Area. Assuming my predictions are correct, there is fundamentally nothing wrong with this. It offers a lot of bang for the buck, and I’ve certainly spoken pretty consistently about how bad we are at things like Operational Coordination and Planning (despite some opinions to the contrary). Jumping to the end of the book, notice that Recovery mission area spending accounts for 1% of the total. This seems like a poor choice considering that three of the five lowest rated capabilities are in the Recovery mission area. Check out this table also provided in the GAO report:

Through at least a few of these years, Cybersecurity has been flagged as a priority by DHS/FEMA, yet clearly, we’ve not made any progress on that front. Our preparedness for Housing recovery has always been abysmal, yet we haven’t made any progress on that either. I suspect that those are two areas, specifically, that many jurisdictions feel are the responsibility of state and federal government.

Back in March of 2011, the GAO recommended that FEMA complete a national preparedness assessment of capability gaps at each level of government based on tiered, capability-specific performance objectives to enable prioritization of grant funding. This recommendation has not yet been implemented. While not entirely the fault of FEMA, we do need to reimagine that national preparedness system. While the current system is sound in concept, implementation falls considerably short.

First, we do need a better means of measuring preparedness. It’s difficult – I fully acknowledge that. And for as objective as we try to make it, there is a vast amount of subjectivity to it. I do know that in the end, I shouldn’t find myself shaking my head or even laughing at the findings identified in the National Preparedness Report, though, knowing that some of the information there can’t possibly be accurate.

I don’t have all the answers on how we should measure preparedness, but I know this… it’s different for different levels of government. A few thoughts:

  • While preparedness is a shared responsibility, I don’t expect a small town to definitively have the answers for disaster housing or cybersecurity. We need to acknowledge that some jurisdictions simply don’t have the resources to make independent progress on certain capabilities. Does this mean they have no responsibility for it – no. Absolutely not. But the current structure of the THIRA, while allowing for some flexibility, doesn’t directly account for a shared responsibility.
  • Further, while every jurisdiction completing a THIRA is identifying their own capability targets, I’d like to see benchmarks established for them to strive for. This provides jurisdictions with both internal and external definitions of success. It also allows them an out, to a certain extent, on certain core capabilities that have a shared responsibility. Even a small town can make some progress on preparedness for disaster housing, such as site selection, estimating needs, and identifying code requirements (pro tip… these are required elements of hazard mitigation plans).
  • Lastly, we need to recognize that it’s difficult to measure things when they aren’t the same or aren’t being measured the same. Sure, we can provide a defined core capability, but when everyone has different perspective on and expectation of that core capability and how it should be measured, we aren’t getting answers we can really compare. Everyone knows what a house is, but there is a considerable difference between a double wide and a McMansion. Nothing wrong with either of them, but the differences give us very different base lines to work from. Further, if we need to identify how big a house is and someone measures the length and width of the building, someone else measures the livable square footage of a different building, and a third person measures the number of floors of yet another house, we may have all have correct answers, but we can’t really compare any of them. We need to figure out how to allow jurisdictions to contextualize their own needs, but still be playing the same game.

In regard to implementation, funding is obviously a big piece. Thoughts on this:

  • I think states and UASIs need to take a lot of the burden. While I certainly agree that considerable funding needs to be allocated to personnel, this needs to be balanced with sustaining certain higher tier capabilities and closing critical gaps. Easier said than done, but much of this begins with grant language and recognition that one grant may not fit all the needs.
  • FEMA has long been issuing various preparedness grants to support targeted needs and should not only continue to do so, but expand on this program. Targeted grants should be much stricter in establishing expectations for what will be accomplished with the grant funds.
  • Collaboration is also important. Shared responsibility, whole community, etc. Many grants have suggested or recommended collaboration through the years, but rarely has it been actually required. Certain capabilities lend themselves to better development potential when we see the realization of collaboration, to include the private sector, NGOs, and the federal government. Let’s require more of it.
  • Instead of spreading money far and wide, let’s establish specific communities of practice to essentially act as model programs. For a certain priority, allocate funds for a grant opportunity with enough to fund 3-5 initiatives in the nation. Give 2-3 years for these programs to identify and test solutions. These should be rigorously documented so as to analyze information and potentially duplicate, so I suggest that academic institutions also be involved as part of the collaborative effort (see the previous bullet). Once each of the grantees has completed their projects, host a symposium to compare and contrast, and identify best practices. Final recommendations can be used to benchmark other programs around the nation. Once we have a model, then future funding can be allocated to support implementation of that model in other areas around the nation. Having worked with the National Academies of Sciences, Engineering, and Medicine, they may be an ideal organization to spearhead the research component of such programs.
  • Recognize that preparedness isn’t just long term, it’s perpetual. While certain priorities will change, the goals remain fundamentally the same. We are in this for the long haul and we need to engage with that in mind. Strategies such as the one in the previous bullet point lend themselves to long-term identification of issues, exploration of solutions, and implementation of best practices.
  • Perhaps in summary of all of this, while every jurisdiction has unique needs, grant programs can’t be so open as to allow every grantee to have a wholly unique approach to things. It feels like most grant programs now are simply something thrown at a wall – some of it sticks, some of it falls right off, some might not even make it to the wall, some slowly drips off the wall, and some dries on permanently. We need consistency. Not necessarily uniformity, but if standards are established to provide a foundational 75% solution, with the rest open for local customization, that may be a good way to tackle a lot of problems.

In the end, while FEMA is the implementing agency, the emergency management community needs to work with them to identify how best to measure preparedness across all levels and how we can best implement preparedness programs. Over the past few years, FEMA has been very open in developing programs for the emergency management community and I hope this is a problem they realize they can’t tackle on their own. They need representatives from across the practice to help chart a way ahead. This will ensure that considerations and perspectives from all stakeholder groups are addressed. Preparedness isn’t a FEMA problem, it’s an emergency management problem. Let’s help them help us.

What thoughts do you have on preparedness? How should we measure it? What are the strengths and areas for improvement for funding? Do you have an ideal model in mind?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

The Future of NFPA 1600

NFPA 1600: Standard on Continuity, Emergency, and Crisis Management is a standard I often reference. The contents of the standard, applicable to all organizations including government, non-profit, and private sector; compliments other standards and doctrine well, and is regularly updated to integrate new practices. The latest editions have gained even more value with what can be collectively referred to as implementation notes, which really help support putting the standard into action. The NFPA has also been releasing ‘Handbook’ editions of their standards, with even more professional commentary to support implementation. There is news, though… NFPA 1600 is going away – but don’t worry!

Last year, the NFPA announced the Emergency Response and Responder Safety Document Consolidation Plan. This is part of a larger movement within the NFPA to pull together a variety of similar codes and standards. NFPA 1600 will be combined into a new consolidated standard, NFPA 1660. NFPA 1660 will consist of the present NFPA 1600, NFPA 1616 (Standard on Mass Evacuation, Sheltering, and Re-Entry Programs), and NFPA 1620 (Standard for Pre-Incident Planning). The respective scopes of each of these documents are very complimentary and it absolutely makes sense for them to be in a combined edition. I appreciate that the combined editions will better allow readers to connect the dots of the continuity of activity.

The new NFPA 1660: Standard on Community Risk Assessment, Pre-Incident Planning, Mass Evacuation, Sheltering, and Re-entry Programs is in a public input period for the first draft through November 13, 2020; with a second draft scheduled for release in 2021; and a final draft by the end of 2022. So, don’t worry, NFPA 1600, or the other two standards it is being combined with, are not yet ‘obsolete’, but these standards on their own will no longer be updated.

For many years, NFPA 1600 has been available free digitally. I’m hoping the new combined standard will also be available for free as it will be an even more valuable resource and reference for a very broad range of emergency management and business continuity professionals, as well as students of these professions. I certainly expect the new NFPA 1660 to include new or modified standards as the result of lessons learned from the Coronavirus pandemic.

Is there anything you would like to see in the new standard?

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

NIMS Guidance – Resource Management Preparedness

Last week FEMA issued a national engagement period for updated NIMS guidance on resource management preparedness. This is the first version of such a document, with most material on the subject matter, to date, being included in the NIMS doctrine and a few other locations. I regularly participate in the national engagement periods and encourage others to do so as I think it’s a great opportunity for practitioners and subject matter experts to provide input.

Some observations:

  1. The footer of the document states that it’s not for public distribution. I’m guessing that was an error.
  2. The phrase of ‘resource management preparedness’ rubs me the wrong way. While I understand that there are resource management activities that take place within the preparedness phase of emergency management, we’re not preparing to manage resources. All the activities outlined in the document are actually part of resource management. If they want to put a time stamp on this set of activities, they can refer to them as ‘pre-incident’, but inventorying, typing, etc. are all actually part of the resource management cycle.
  3. I’d prefer to see a comprehensive NIMS Resource Management guide that addresses all aspects of resource management. Considering that resource management is a cycle, let’s actually cover the entire cycle. I think there will be far more value in that. Hopefully that’s eventually where this will go.
  4. The document is too stuck in NIMS. What do I mean by this? It seems that more and more people seem to forget that NIMS is a doctrinal component of incident management. While the document is focused on NIMS, it would have greater value if it addressed pre-incident resource management activities that might not found in the NIMS doctrine (though some are), but are none-the-less best practices in resource management. Many of these practices begin pre-incident.
  • One of the biggest things is resource tracking. Yes, resource tracking is a concept found in NIMS, but it’s not at all addressed here. How many jurisdictions struggle to figure out how to track resources in the middle of an incident (answer: most of them). The best time to figure out the means and methods of tracking resources is before an incident ever occurs. Resource tracking has a fair amount of complexity, involving the identification of what will be tracked, how, and by who; as well as how changes is resource status are communicated. Data visualization and dashboarding is also big. People want to see maps of where major resources are, charts that depict utilization, and summaries of resource status. All things best determined before an incident.
  • Resource inventories should identify operating requirements, such as maintenance and service. This is vaguely referenced in the guidance, but not well. Before any resource is deployed, you damn well better have the ability to operate and support that resource, otherwise it’s nothing more than a really large expensive paperweight. Do you only have one operator for that piece of equipment? That’s a severe limitation. All things to figure out before an incident.
  • How will resource utilization be tracked? This is important for cost controls and FEMA reimbursement. Figure that one out now.
  • What consumables are stockpiled or will be needed? What is the burn rate on those under various scenarios? (We’ve learned a lot about this in the pandemic)
  • What about resource security? When it’s not being used where and how will it be secured? What if the resource is left unattended? I have a great anecdote I often tell about a portable generator used in the aftermath of a devastating snow storm to power the traffic lights at a critical intersection. The maintenance crew doing their rounds found it to be missing, with the chain cut. Luckily the state’s stockpile manager had GPS trackers on all of them. It was located and re-acquired in little time, and the perpetrators charged. This success was due to pre-incident activity.
  • Resource ordering processes must also be established. What are the similarities and differences in the process between mutual aid, rental, leasing, or purchasing? What are your emergency procurement regulations and how are they implemented? How are the various steps in the ordering process assigned and tracked? This is highly complex and needs to be figured out before an incident.
  1. Resource typing. I honestly think this is the biggest push in emergency management that isn’t happening (maybe perhaps second to credentialing). Resource typing has been around for a long time, yet very very few jurisdictions I’ve worked with or otherwise interacted with have done it and done it well. I find that most have either not done it at all, started and gave up, or have done it rather poorly. I’ve been involved in resource typing efforts. It’s tough and tedious. I’ve done it for resources that we’re yet typed at the national level, leaving agencies and jurisdictions to define their own typing scheme. This literally can devolve into some heated discussions, particularly fueled by the volume of rather heavy customization we tend to do with resources as technology evolves, giving resources that may fundamentally appear to have similar capability to in reality be quite different. I’ve also done it for resources that have been typed at the national level. This certainly helps, as you aren’t first having to figure out your own thresholds, but it can still be challenging to pigeon hole resources that, again, may be heavily customized and don’t cleanly fit within a certain pre-defined category. It’s even more frustrating to have developed your own typing scheme in the absence of a national one, only to have national guidance issued a couple years later and needing to go back to those discussions.

I’m not saying resource typing is bad, in fact the benefits, both internally and externally, can be incredibly helpful. That said, it’s a time-consuming effort that, in the broader sense of limited time and other assets available to most emergency managers, is perceived to pay a lesser dividend than other activities such as developing and updating plans, training people on the implementation of those plans, and exercising those plans. It also can be difficult convincing agencies that it should be done. I can’t tell you how many times I get the response of ‘We know what we have’. I know that’s not the point, but that’s how the effort of typing resources is perceived. Even after some explanation of the benefits, most agencies (and I think rightfully so) would rather invest their time and effort into preparedness activities are that are seen as more beneficial. It leaves me wondering… is there a better way?

While it’s good to see information on the topic of early resource management steps being collated into one document, along with some resources and references that I’ve not seen before, this document is missing a lot. I just wrote last night about emergency managers being our own worst enemy. If we are just focused on implementing NIMS, we will absolutely fail. NIMS is not the end all/be all of incident management, but it is fundamentally promoted as such. Yes, the concepts of NIMS are all incredibly important, brought about from lessons learned and identified best practices of incident management through decades of experience. But the documents related to NIMS seem to pick and choose what they will focus on, while leaving out things that are highly critical. Perhaps some of these will be covered in future editions of resource management guidance, but they aren’t doing anyone any favors by omitting them from a document on pre-incident activity. We need to think broader and more comprehensive. We need to do better.

What are your observations on this document? What feedback do you have on my observations?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

EOC Mission Planning

I’ve been wrong. I used to teach and otherwise espouse that emergency operations centers didn’t actually do operations. I was bought in to the traditional perspective that EOCs ONLY provided resource support and information coordination. I’m not sure how or why I bought into this when on incidents I was actually involved in planning and directing certain operations. This mentality goes back, for me, about 15 years. It’s important to break this myth and acknowledge the role that EOCs can and should play in incident management.  

EOCs being involved in directing field operations is certainly nothing new. If you don’t want to take my word for it, it’s also doctrinal. Check out the EOC section of the NIMS document. “EOC staff may share the load with on-scene incident personnel by managing certain operations, such as emergency shelters or points of distribution. When on-scene incident command is not established, such as in a snow emergency, staff in EOCs may direct tactical operations.”

This post has been in the works for a while. Several months ago, I was developing structured guidance on EOC mission planning for a client and realized it would be a good topic to write about. I recently made some social media posts on the topic, with responses encouraging me to write more. So, it was clearly time to do so.

As I had posted on social media, if you don’t think an EOC actually does operations, I’d suggest that the EOCs you are familiar with either haven’t had the opportunity to properly apply mission support or they are doing something wrong. Certainly not every incident will require an EOC to provide mission support, but EOCs should be ready to do so.

EOC missions are typically initiated one of three ways:

  1. A request by incident command to handle a matter which is outside their present area of responsibility or capability,
  2. EOC personnel recognize an operational need that isn’t being addressed, or
  3. The EOC is directed to take certain action from an executive level.

As the NIMS doctrine states, operations that are prime candidates for EOC-directed missions could be emergency shelters or points of distribution. Other operations, such as debris management, or (something recently experienced by many jurisdictions) isolation and quarantine operations are also often EOC-directed.

What makes these EOC-directed missions? Typically, they are planned, executed, and managed by an EOC. This could be a multi-agency EOC or a departmental operations center. Of course, there are ‘field’ personnel involved to execute the missions, but unlike tactical activity under the command of an Incident Commander, the chain of command for EOC-directed missions goes to the EOC (typically the EOC’s Operations Section or equivalent).

Ideally, jurisdictions or agencies should be developing deliberate plans for EOC-directed missions. Many do, yet still don’t realize that execution of the plans is managed from the EOC. These are often functional or specifically emergency support function (ESF) plans or components of those plans. For context, consider a debris management plan. As with many deliberate plans, those plans typically need to be operationalized, meaning that the specific circumstances of the incident they are being applied to must be accounted for, typically through what I refer to as a mission plan. In developing a mission plan, with or without the existence of a deliberate plan, I encourage EOCs to use the 6-step planning process outlined in CPG-101. As a refresher:

  1. Form a planning team
  2. Understand the situation and intent of the plan
  3. Determine goals and objectives of the plan
  4. Develop the plan
  5. Plan review and approval
  6. Plan implementation

The planning team for an EOC-driven mission should consist, at the very least, of personnel in the EOC with responsibility for planning and operations. If several mission plans are expected to be developed, the EOC’s Planning Section may consider developing a ‘Mission Planning Unit’ or something similar. Depending on the technical aspects of the mission, technical specialists may be brought into the planning team, and it’s likely that personnel with responsibility for logistics, finance, and safety, may need to be consulted as well.

If a deliberate plan is already in place, that plan should help support the intent, goals, and objectives of the mission plan, with a need to apply specific situational information and context to develop the mission plan.

Developing the plan must be comprehensive to account for all personnel, facilities, resources, operational parameters, safety, support, reporting, documentation, and chain of command. These may need to be highly detailed to support implementation. The mission may be organized at whatever organizational level is appropriate to the incident. This is likely to be a group within EOC Operations (or equivalent). Obviously having a deliberate plan in place can help address a fair amount of this proactively. Outlining processes and position descriptions, and providing job aids will support implementation considerably.

Plan review often seems an easy thing to do, but this needs to be more than an editorial review. The review should be comprehensive, considering the operations from every possible perspective. Consider various scenarios, notionally walking through processes, and even using a red team concept to validate the plan. While this is likely going into immediate implementation, it’s best to spend some time validating it in the review stages instead of having it fail in implementation. Approval will come at whatever level is appropriate within your organization.

Plan implementation should certainly include an operational briefing for the staff executing the plan, and it should ideally be supported through an incident action plan (IAP) or EOC action plan, or a part thereof. As with any implementation, it needs to be properly managed, meaning that progress must be monitored and feedback provided to ensure that the mission is being executed according to plan and that the plan itself is effective. Understand that complex missions, especially those of longer duration, may need to be adjusted as lessons are learned during implementation.

As is typically said in ICS courses, we should begin demobilization planning as early as possible. Missions may have a completion in whole, where the entire mission is demobilized at once, or there may be a phased demobilization. Many EOCs aren’t used to developing tactical-level demobilization plans, so they need to be prepared for this.

As with any operation, identifying and documenting lessons learned is important. Deliberate plans should be updated to reflect lessons learned (and even a copy of the mission plan as a template or sample), or if a deliberate plan didn’t exist prior to the mission, one should be developed based upon the implementation.

EOCs can, in fact, run operations. I’m sure a lot of you have seen this if you have been involved in responses such as the current Coronavirus pandemic, a hurricane response, and more. Sometimes in emergency management we aren’t good at actually acknowledging what’s going on, for better or for worse. We get stuck with old definitions and don’t realize that we need to evolve, or even already have evolved; or we don’t recognize that current ways of doing things simply don’t work as intended. We seem, sometimes, to be our own worst enemy.

How does your EOC execute mission planning?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®