NIMS Alert – EOC Director Guidance

April 11, 2018April 11, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

Yesterday, the National Integration Center (NIC) issued a NIMS Alert announcing a national engagement period for several new documents. These documents include:

NIMS Emergency Operations Center (EOC) Skillsets User Guide and 17 EOC Skillsets
National Qualification System (NQS) for the EOC Director and Division/Group Supervisor Position Qualifications
NQS EOC Director and Division/Group Supervisor Position Task Books

All in all, I find these to be solid documents. I appreciate the guidance assembled for the EOC Director position (although it still bothers me that it’s not called an EOC Manager) and find it to be well thought through and informed by experience. My only issue with the position task book for EOC Director is that the Typing is based upon staffing numbers for the EOC. While that is certainly one of the nuances of complexity, I think the resource typing should be a reflection of experience relative to the overall complexity of the incident, rated best by incident type. The chart linked to shows the common benchmarks used to categorize an incident based on overall complexity. This is a NIMS standard. While there is a correlation between incident complexity and EOC staffing, those of us experienced in incident management, especially at the EOC level, have seen over-staffing and under-staffing of EOCs, as well as EOC-types of facilities (such as departmental operations centers), which may oversee their agency’s operations for incredibly complex incidents with a relatively small staff. Of course, smaller jurisdictions can deal with highly complex incidents, without having a large number of staff to support an EOC. I’ve also seen very capable EOC managers from smaller jurisdictions (who might, under this guidance be rated as a Type 3 EOC Director) step in through mutual aid to run EOCs in larger jurisdictions with far more staff (a Type 1 EOC Director position). Their relative success in doing so is based largely upon experience with incidents of greater complexity, not numbers of staff.

I’m really happy with the Skillsets documents published by the NIC for EOC Director. I think these are outstanding references, which not only help drive a more detailed evaluation of a candidate as their position task book is being reviewed, these can also act as benchmarks for preparedness activities. Documents like this strongly support jurisdictional guidance for EOC activity, training standards for EOC personnel, and exercise evaluation guides (EEGs) for exercises. When reviewing these Skillsets documents in detail, the only potential pitfall that I find is that some individual items may not be as relevant to an EOC Director in some jurisdictions or some incidents, especially if the individual’s regular job is not at the policy level. As such, jurisdictional policy matters will be imposed upon the position rather than the position dictating policy. That said, these documents are guidance, and should be handled as such. They can be subject to modification by agencies and jurisdictions as needed.

While I did do a quick review of the Division and Group Supervisor materials, I really don’t have much comment on them. These positions are long-established in the ICS lexicon, with a fair amount of supporting materials being provided on them through the years.

Be sure to check out the original website I linked to for access to the documents and information on the webinars scheduled this month to review these documents, as well as the feedback mechanism for the engagement period itself.

I’m interested in hearing your thoughts on these documents. What do you think is done well? What should be improved upon?

Public Health Preparedness as Part of Emergency Management

April 6, 2018April 6, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

I’ve written in the past on the need for emergency managers, in the broadest definition, to become more familiar with public health preparedness. As emergency management continues to integrate, by necessity, into and with other professions, this understanding is imperative. We need to stop considering EMS as our only public health interface. Public health incidents, of which this nation has yet to be truly and severely struck by in decades, require more than public health capabilities to be successfully managed – so we can’t just write off such an incident as being someone else’s responsibility. We’ve also seen non-public health-oriented disasters take on a heavy public health role as concerns for communicable diseases, biological agents, or chemical agents become suspect. If you are an emergency manager and you aren’t meeting regularly with public health preparedness officials for your jurisdiction, you are doing it wrong.

Aside from meeting with public health preparedness staff, you should also be reading up on the topic and gaining familiarity with their priorities, requirements, and capabilities. (don’t skip either of those links… seriously. They each contain more info on public health preparedness). One of the best resources available is TRACIE. TRACIE is a resource provided by the US Department of Health and Human Services (HHS) Assistant Secretary for Preparedness and Response (ASPR). TRACIE stands for the Technical Resources, Assistance Center, and Information Exchange. I’ve been digging around in ASPR TRACIE for the past several years and also receive their monthly newsletter. I get a lot of newsletters from different sources… some daily, some weekly, some monthly. I’ve recently unsubscribed to a bunch which seem to have information that has diminished in value, doesn’t seem to be timely, or are poorly written. TRACIE is one of those that stays. It has tremendous value, even if you aren’t directly involved in public health preparedness and response. The information and resources provided here come from public health preparedness experts – these are emergency managers.

Recently, ASPR did a webinar on Healthcare Response to a No-Notice Incident, highlighting the Las Vegas shootings. Check it out.

But public health speaks a different language! True. So do cops, firefighters, and highway departments. So what’s your point? While public health certainly does have certain terminology that covers their areas of responsibility, such as epidemiology, med-surge, and others, that doesn’t mean their language is totally different. In fact, most of the terminology is the same. They still use the incident command system (ICS) and homeland security exercise and evaluation program (HSEEP), and can talk the talk of emergency management – they are just applying it to their areas of responsibility. Are there some things they might not know about your job? Sure. Just like there are things you don’t know about theirs. Take the time to learn, and make yourself a better emergency manager.

What have you learned from public health preparedness? How do you interface with them?

New Jersey Terrorism Threat Assessment – A Model for the Nation

March 30, 2018March 30, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

Earlier in the month, the New Jersey Office of Homeland Security and Preparedness released their 2018 Terrorism Threat Assessment. This unclassified document gives an outstanding review of matters of interest to the State of New Jersey, with relevant information no matter where you are in the US, or any other nation. While the focus early in the document is specifically relevant to New Jersey and surrounding states, much of the document provides outstanding information and brief case studies on groups such as homegrown violent extremists (HVEs), domestic terror groups, international terror groups, and more.

Terrorism rarely pays attention to borders, especially those within the nation. While some areas, particularly those with higher populations and higher value targets, have a greater risk profile than others, we’ve seen that terrorists, in the broadest definitions, can live, train, and execute attacks anywhere in the nation – from unincorporated lands, to small towns, to major metropolitan areas.

The document highlights the threat of HVEs, traditionally inspired, but not directly supported by larger terror groups or movements. These tend to be lone wolves or small cells, having such a small footprint, they often leave intelligence for law enforcement to trace. The document also mentions a changing trend in militia groups. Several groups have been seen to change behaviors, seemingly to align with the government or law enforcement, but in actuality chasing their own vigilante agendas.

I encourage everyone who is interested to review this document. The content is current, relevant, and informative. I think it’s a model for states and communities around the nation, providing an excellent snapshot of the current landscape of terrorism.

Emergency Preparedness Solutions, LLC

Guidance for Operational Security and Access

March 26, 2018March 26, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

Operational security can be a big issue, especially on prolonged incidents. An incident occurs. Evacuations have to take place. A scene has to be secured. Issues like safety and evidence preservation are priorities. Inevitably someone says they ‘need access’. Who are they? Do they really need access? Are they an evacuee? A responder? Media? A government official? A critical infrastructure operator? When is it OK to allow someone access and under what circumstances?

While NIMS has been advocating for credentialing as an effort to identify responders and their qualifications, along with ensuring that they have appropriate identification to grant them access to an incident scene and to utilize them to the best ability, there is still a lot of work to do, and little has been done beyond first responders. I’ve been on incidents where the perimeter was not well established and anyone could stroll in to an incident site or a command post. I’ve been on incidents where the flash of a badge or ID was good enough to get through, even though the person at the perimeter didn’t actually examine it, much less verify it. I’ve also been on incidents where no entry was allowed with a badge, official ID, and a marked car – even though entry was necessary and appropriate. Thankfully, I’ve also been on some incidents where identification is examined, and the access request is matched to a list or radioed in for verification. This is how it should work.

While credentialing and access control are two separate topics, they do have a degree of overlap. Like so many aspects in incident management, little ground has been gained on more complex matters such as these because there is little to no need for them on the smaller (type 4 and 5) incidents. Type three (intermediary) incidents generally use an ad-hoc, mismanaged, band-aid approach to these issues (or completely ignore them), while larger (type 1 and 2) incidents eventually establish systems to address them once a need (or usually a problem) is recognized. While every incident is unique and will require an-incident specific plan to address access control and re-entry, we can map out the primary concerns, responsibilities, and resources in a pre-incident plan – just like we do with so many of our other operational needs in an Emergency Operations Plan (EOP). Also, like most of what we do in the development of an EOP, access control and re-entry is a community-wide issue. It’s not just about first responders.

Here’s an example of why this is important. A number of years ago I ran a tabletop exercise for the chief information officer (CIO) agency of a state government. The primary purpose was to address matters of operational continuity. I used the scenario of a heavy snow storm which directly or indirectly disabled their systems. We talked about things like notification and warning, remote systems access (the state didn’t have a remote work policy at the time), redundant infrastructure, and gaining physical access to servers and other essential systems. Without gaining physical access, some of their systems would shut down, meaning that many state agencies would have limited information technology access. Closed roads and perimeter controls, established with the best of intentions, can keep critical infrastructure operators from accessing their systems. The CIO employees carried nothing but a state agency identification, which local police wouldn’t give a damn about. Absent a couple hours of navigating state politics to get a state police escort, these personnel would have been stuck and unable to access their critical systems. Based upon this, one of the recommendations was to establish an access control agreement with all relevant agencies where their infrastructure was located.

Consider this similar situation with someone else. Perhaps the manager of a local grocer after a flood. They should be able to get access to their property as soon as possible to assess the damage and get the ball rolling on restoration. Delays in that grocer getting back in business can delay the community getting back on their feet and add to your work load as you need to continue distributing commodities.

There are a lot of ‘ifs’ and ‘buts’ and other considerations when it comes to access control, though. There aren’t easy answers. That’s why a pre-plan is necessary. Like many things we do in emergency management and homeland security, there is guidance available. The Crisis Event Response and Recovery Access (CERRA) Framework was recently published by DHS. It provides a lot of information on this matter. I strongly suggest you check it out and start bringing the right people to the table to start developing your own plan.

Emergency Preparedness Solutions, LLC

FEMA’s 2018-2022 Strategic Plan: The Good, the Bad, and the Ignored

March 22, 2018March 22, 2018Tim Riecker, The Contrarian Emergency Manager 3 Comments

FEMA recently released their 2018-2022 Strategic Plan. While organizational strategic plans are generally internal documents, the strategic plans of certain organizations, such as FEMA, have a significant link to a broader array of stakeholders. The community of emergency management in the United States is so closely linked, that FEMA, through policy, funding, or practice, has a heavy influence on emergency management at the state and local levels. Here are my impressions of the 38-page document.

Right from the beginning, this document continues to reinforce the system of emergency management and the involvement of the whole community. I’m glad these concepts have been carried forward from earlier administrations. Far too often have we seen new administrations trash the concepts of the previous for reasons none other than politics. Things often take time in emergency management, and it sometimes seems that just as we are getting a grasp on a good concept or program, it’s stripped away in favor of something new which has yet to be proven.

The foreword of the document, as expected, lays out the overall focus of the strategic plan. What I’m really turned off by here is the mention, not once but twice, of ‘professionalizing’ emergency management. Use of this phrase is an unfortunate trend and a continued disappointment. We are our own worst enemy when statements like this are made. It seems that some in emergency management lack the confidence in our profession. While I’m certainly critical of certain aspects of it, there is no doubt in my mind that emergency management is a profession. I wish people, like Administrator Long, would stop doubting that. Unfortunately, I’ve heard him recently interviewed on an emergency management podcast where he stressed the same point. It’s getting old and is honestly insulting to those of us who have been engaged in it as a career.

The strategic goals put forward in this plan make sense.

Build a culture of preparedness
Ready the nation for catastrophic disasters
Reduce the complexity of FEMA

These are all attainable goals that belong in this strategic plan. They stand to benefit FEMA as an organization, emergency management as a whole, and the nation. The objectives within these goals make sense and address gaps we continue to deal with across the profession.

A quote on page 8 really stands out… The most effective strategies for emergency management are those that are Federally supported, state managed, and locally executed. With the system of emergency management in the US and the structure of federalism, this statement makes a lot of sense and I like it.

Based on objective 1.2 – closing the insurance gap – FEMA is standing behind the national flood insurance program. It’s an important program, to be sure, but it needs to be better managed, better promoted, and possibly restructured. There is a big red flag planted in this program and it needs some serious attention before it collapses.

Here’s the big one… It’s no secret that morale at FEMA has been a big issue for years. The third strategic goal includes an objective that relates to employee morale, but unfortunately employee morale itself is not an objective. Here’s where I think the strategic plan misses the mark. While several objectives directly reference improving systems and processes at FEMA, none really focus on the employees. Most mentions of employees in the document really reference them as tools, not as people. Dancing around this issue is not going to get it resolved. I’m disappointed for my friends and colleagues at FEMA. While I applaud the strategic plan for realizing the scope of external stakeholders it influences, they seem to have forgotten their most important ones – their employees. This is pretty dissatisfying and, ultimately, is an indicator of how poorly this strategic plan will perform, since it’s the employees that are counted on to support every one of these initiatives. You can make all the policy you want, but if you don’t have a motivated and satisfied work force, change will be elusive.

Overall, I’d give this strategic plan a C. While it addresses some important goals and objectives and recognizes pertinent performance measures, it still seems to lack a lot of substance. External stakeholders are pandered to when internal stakeholders don’t seem to get a lot of attention. While, as mentioned earlier, FEMA has a lot of influence across all of emergency management, they need to be functioning well internally if they are to successful externally. Employee morale is a big issue that’s not going to go away, and it seems to be largely ignored in this document. I absolutely want FEMA to be successful, but it looks like leadership lacks the proper focus and perspective.

What thoughts do you have on FEMA’s new strategic plan?

Emergency Preparedness Solutions, LLC ^SM

Active Shooter Drills with Students – Good Idea or Bad?

March 12, 2018March 12, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

While school shootings, unfortunately, are nothing new, we are seeing them occur with greater frequency. Without getting into my thoughts on firearms, I will say that preparedness, prevention, and mitigation for mass shooting incidents in schools and other soft targets of opportunity, are multi-faceted. Shooters are just as much of a persistent threat as hurricanes, tornadoes, or flooding; amplified by the will of the shooter(s) to do harm and their ability to reason through paths of deterrence. While a number of measures can and should continue to be implemented to prevent and protect soft targets, just as we do with natural hazards, we must continue to prepare for an attack that slips past or through our preventative measures.

Readers will know that I’m a huge advocate of exercises in the emergency management/public safety/homeland security space. While the primary purpose of exercises is to validate plans, policies, and procedures; we also use them to practice and reinforce activities. Certainly every school, college, shopping mall, office building, and other mass gathering space should hold active shooter drills. Many of these facilities already conduct regular fire evacuation drills, and shooter drills should also be added to the mix.

Where to start? First of all, you need a plan. ALL EXERCISES START WITH A PLAN. The sheer number of exercises I’ve seen conducted with no plan or a knowingly poor plan in place is staggering. If people don’t know what to do or how to do it, the value of the exercise is greatly diminished. If you are a responsible party for any of these spaces, reach out to your local law enforcement and emergency management office for assistance in developing an active shooter protection plan. If you are a regulated facility, such as a school or hospital, the state offices that provide your oversight are also a resource. You can find some planning guidance here and here. While your focus with this activity is an active shooter protection plan, recognize that you will also need to re-visit the public information component of your emergency operations plan (you have one, right?) and your business continuity plan, as I guarantee you will need to reference these in the event of a shooting incident. A final note on planning… don’t do it in a vacuum! It should be a collaborative effort with all relevant stakeholders.

As for exercises, consider what you want to accomplish and who needs to be involved. In a mall, it’s not wise to include shoppers in exercises since they are a transient audience and forcing their involvement will very likely be some bad PR and impact stores financially. That said, you need to anticipate that mall shoppers won’t know what to do or how to react to a shooter, therefore mall staff need to be very forceful and persistent in how they deal with patrons in such an incident. Therefore, involving mall staff along with law enforcement and other stakeholders in an off-hours exercise is a great idea.

Schools, however, are a different situation, as their populations are static for an extended period of time. While school faculty and staff should exercise with law enforcement, there are different thoughts on how and when to involve kids in these exercises. There are some that advocate their involvement, while there are some who are adamantly opposed. I reflect back on fire evacuation drills, which occur with regularity in schools. These drills reinforce procedure and behavior with students. They know they need to line up and proceed calmly and well behaved along a designated path to exit the building, proceeding to a meeting spot where teachers maintain order and accountability. These are behaviors that stick with many into adulthood if they find themselves in a fire evacuation (drill or otherwise) – so it’s also a learning experience. The same holds for tornado and earthquake drills, which are held regularly in many areas around the country. Fundamentally, for a shooter situation, we also need to reinforce procedure and behavior with students. They need to know what to do in lockdown, lockout, and evacuation.

The prospect of a shooter is a horrible thing for anyone to deal with, much less a child. I’ve spoken to parents who, themselves, are horrified about the prospect of speaking to their children about a shooter in their school. In every occasion, I’ve said this: You damn well better talk to them about it. This is a discussion with perhaps greater importance than talks about strangers, drugs, alcohol, or sex; and it needs to begin with children from kindergarten on up. Schools need to teach students what to do when the alert occurs for an active shooter – typically this involves getting them safely out of view from someone who might be in the hallway while teachers lock or barricade the door and turn off lights. Students need to understand the gravity of the situation and remain still and quiet. Evacuation will generally only occur under someone’s direction. There will be loud noises and it’s likely the police won’t speak kindly as they are clearing rooms, looking for a shooter and potential devices. To be certain, it’s scary for adults and I wish our children didn’t have to endure such a thing, but practicing and reinforcing procedures and behavior will save lives. I’ll offer this article, that discusses some of the potential psychological impacts of shooter drills on kids. These impacts are a reality we also need to deal with, but I think the benefits of the drills far outweigh the costs.

Mass shootings, like most aspects of public safety, underscore the need for us to do better not only in public safety response, but also as a society. The answers aren’t easy and there is no magic pill that will provide a solution to it all. It requires a multifaceted approach on the part of multiple stakeholders, sadly even those as young as four years old, to prepare, prevent, and protect.

Emergency Preparedness Solutions, LLC

HSEEP Training – Is it Required

February 28, 2018February 28, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

Continuing from my previous blog post, I’ll answer a search phrase used to bring someone to my blog. Earlier this month, someone searched ‘Is HSEEP training mandatory?’. We speak, of course, of the Homeland Security Exercise and Evaluation Program, which is the DHS-established standard in exercise program and project management.

The short answer to the question: Maybe.

Generally speaking, if your exercise activities are funded directly or indirectly by a federal preparedness grant, then grant language usually requires that all exercises are conducted in accordance with HSEEP. While most federal grant guidance doesn’t explicitly state that exercise personnel must be formally trained in HSEEP, it’s kind of a no-brainer that the fundamental way to learn the standards of practice for HSEEP so you can apply them to meet the funding requirement is by taking an HSEEP course. If you are a jurisdiction awarded a sub-grant of a federal preparedness grant or a firm awarded a contract, there may exist language in your agreement, placed there by the principal grantee, that specifically requires personnel to be trained in HSEEP.

Beyond grant requirements, who you work for, who are you, and what you do generally don’t dictate any requirement for HSEEP training. Aside from the federal grant funding or contracts mentioned, there is no common external requirement for any organization to have their personnel trained in HSEEP. If your organization does require it, this is likely through a management-level decision for the organization or a functional part of it.

So, while HSEEP is a standard of practice, training in HSEEP, in general terms, is not a universal requirement. That said, I would certainly recommend it if you are at all involved in the management, design, conduct, or evaluation of exercises. FEMA’s Emergency Management Institute (EMI) offers HSEEP courses in both a blended learning and classroom format. The emergency management/homeland security offices of many states and some larger cities offer them as well.

Emergency Preparedness Solutions, LLC ^SM

The ICS Liaison Officer

February 16, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

One brilliant thing about WordPress (the blog platform I use), is that it allows me to see some of the searches that brought people to my site. One of those recent searches was ‘what does the Liaison Officer do in ICS?’. The Liaison Officer has some of the greatest depth and variety in their role and is often one of the most misunderstood roles and often taken for granted.

By definition, the Liaison Officer is supposed to interface with the representatives of cooperating and assisting agencies at an incident. While this is done, it’s often the easier part of the job. Yes, these agencies may have their own needs and nuances, but the more challenging part is the interface with anyone who is not directly part of the chain of command. Large, complex incidents often last longer, which means that a significant number of third parties will have interest in the operation. Everyone wants to speak with the person in charge (the Incident Commander), but the IC needs to be focused on the management of the incident through the Command and General Staff, as well as important commitments like briefing their boss (usually an elected official), and participating in some media briefings. There is little time available to speak with everyone who wants to speak with them.

The people that want to interface with the IC may include organizations seeking to offer their services to the effort, which could be a not for profit organization (Team Rubicon, for example) or a for-profit company (such as a local construction firm), or even a group of organized volunteers (like the Cajun navy). They might be elected officials other than those they report to. They could include representatives from labor unions, environmental groups, regulatory agencies, insurance companies, or property owners. Each of these groups may have legitimate reasons to be interfacing with the incident management organization and the Liaison Officer is the one they should be working with. The Liaison Officer may also be tasked with interfacing with the variety of operations centers which can be activated during an incident.

To be most effective, the Liaison Officer must be more than a gatekeeper. They aren’t there just to restrict or control access to the IC. As a member of the Command Staff they are acting as an agent of the IC, and working within the guidelines established by the IC, should be effectively handling the needs of most of these individuals and organizations on behalf of the IC. The Liaison Officer needs to be politically astute, professional, and knowledgeable about the specifics of the incident and emergency management in general. They should be adept at solving problems and be able to recognize when something needs to be referred to someone else or elevated to the IC.

The Liaison Officer is a position we usually don’t see assigned on smaller incidents (type 4 and 5), so most people don’t get experience in using it, interfacing with it, or being it. The position is often necessary on type 3 incidents, but still rarely assigned as an organization or jurisdiction might not have someone available to assign or the IC thinks they can handle it themselves. We definitely see them used in Type 1 and 2 incidents, but much of that credit goes to formal incident management teams who deploy with this position. Liaison Officers work well in an incident command post for incidents and events, but also have a strong function in EOCs – especially local EOCs responsible for significant coordination. All around, the Liaison Officer benefits most from a notepad, a charged cell phone, and a pocket full of business cards.

What ways have you seen a Liaison Officer used effectively?

Emergency Preparedness Solutions, LLC ^SM

Disaster Aid Approved for Houses of Worship

February 13, 2018February 13, 2018Tim Riecker, The Contrarian Emergency Manager Leave a comment

Earlier this year, FEMA expanded their Public Assistance program to include houses of worship. As the FEMA news release linked here states, the Stafford Act allows FEMA to provide Public Assistance (PA) to certain private not for profit organizations to repair or replace facilities damaged or destroyed by a major disaster. In a move that seems to underscore FEMA’s change in policy, the President signed a bill into law a few days ago making this policy decision permanent. Both the policy and the bill back-dated impacts to include Hurricane Harvey.

This is a decision that I’m honestly torn on. On one hand, houses of worship serve as community centers, shelters, and points of distribution in many communities. Some (but not all) provide critical services for their communities during disasters. Aside from the spiritual aspect, these are organizations that communities turn to in time of need. In fact, there exist a number of faith-based organizations that support disaster response and recovery that do incredible work. Faith-based organizations are a critical partner in communities, and across the nation and the world. On the other hand, I’m not certain about the government’s responsibility to fund the rebuilding of houses of worship – most especially if they do not serve the purpose of an approved shelter, point of distribution, or other sanctioned disaster-related activity in a community’s disaster plan.

FEMA’s PA guidelines can be very stringent. The reason for this is to ensure responsible expenditure of taxpayer dollars in helping communities to recover from disaster. In work as a state employee and as a consultant I’ve sat in meetings with FEMA in the aftermath of disasters working to ensure that eligible applicants were submitting the appropriate paperwork for eligible projects and receiving everything afforded to them under FEMA policy and the Stafford Act. This process is bureaucratic and, at times, contentious. The burden of proof is on the applicant to prove that they are, in fact, eligible to receive recovery assistance, and each category of projects has very specific guidelines.

Given this, to ensure fair application of tax payer dollars, I expect to see guidelines in FEMA’s PA guidebook update that require certain conditions to be met for houses of worship to be eligible to receive PA assistance after a disaster. These would include:

Being part of the community’s emergency operations plan for key activities such as sheltering, points of distribution, etc.
- As with any facility identified for these key activities, I believe they should embrace practices of resilience. That includes having their own emergency operations and business continuity plans as well as a documented history of proactive disaster mitigation projects for their properties (these don’t have to be complex or expensive. Generators, sump pumps, and preventative landscaping are reasonably simple and high impact)
Practices of non-discrimination, especially during times of disaster, to include providing for people of all faiths
The PA policy itself should not discriminate against any particular religion

I’m interested in hearing your thoughts on this topic.

Emergency Preparedness Solutions, LLC ^SM

The Hawaii Saga

January 31, 2018November 15, 2021Tim Riecker, The Contrarian Emergency Manager 2 Comments

I simply don’t think I can refrain from some extended commentary on the Hawaii missile notification incident any longer. I’ve tossed a few Tweets on this topic in the past couple of weeks, but as the layers of this onion are peeled back, more and more is being revealed. I’m not a conspiracy theorist, but the number of half-truths that have been reported on this incident lead me to believe we still don’t know everything that transpired that morning. Now that the FCC has leaned into this investigation, more and more information is being revealed, despite reports that the employee at the center of it gave limited cooperation in the investigation (likely at the advice of an attorney). Most of my commentary is based upon information reported by the Business Insider and Washington Post which includes information from the ongoing FCC investigation.

First, why was public notification of a false missile strike such a big deal? The effective practice of notification and warning in emergency management relies on the transmission of accurate, timely, and relevant information. Since emergency management is already challenged by a percentage of citizens that willfully don’t pay attention to warnings, don’t care about them enough to take action, or otherwise refuse to take action, the erosion of any of these pillars will degrade public trust in an already less than ideal environment. We sometimes struggle to get accurate weather-related warnings issued, but when a warning is sent for a ballistic missile strike that isn’t occurring, that’s a significant error. We certainly saw across social media the stories of people on the Hawaiian Islands as well as those in the continental US with friends and family in Hawaii. The notification of an impending ballistic missile strike is terrifying to a population. Imagine saying good bye to your family and loved ones for what you think is the last time. What truly made this erroneous notification unforgivable was the 38-minute time span it took for it to be rectified.

While there is a lot of obvious focus on the employee who actually activated the alert, I see this person as only one piece of the chain of failures that occurred that morning. It was first reported that the employee accidentally selected the wrong option in a drop-down menu; selecting an actual alert instead of a test. While mistakes can and do happen in any industry, the processes we use should undergo reviews to minimize mistakes. Those processes include the tools and technology we use to execute. Certainly, any system that issues a mass notification should have a pop-up that says ‘ARE YOU REALLY SURE YOU WANT TO DO THIS???’ or a requirement for verification by another individual. I’ll note that the Business Insider article says there is a verification pop-up in the system they used, so clearly that wasn’t enough.

Findings released from the initial FCC investigation found that the employee apparently thought this was a real incident instead of an exercise, therefore, their action was intentional. So, we have another mistake. As mentioned before, the processes and systems we have in place should strive to minimize mistakes. A standard in exercise management is to use a phrase similar to ‘THIS IS AN EXERCISE’ in all exercise communications. By doing so, everyone who receives these communications, intentionally or otherwise, is aware that what is being discussed is not real. I would hope that if the warning point employee heard that phrase with the order to issue an emergency alert, the outcome would have been different. According to the FCC report, the phrase ‘Exercise, exercise, exercise’ was used, but so was the phrase ‘this is not a drill’. While reports indicate some issues with past performance of this employee, I would caution that messages such as this are confusing and should never be issued in this manner. They need to take a serious look at their exercise program and how it is managed and implemented.

Next, 38 minutes of time passed before a retraction was issued. Forgive me here, but what the hell happens in 38 minutes that you can’t issue a retraction? There are timelines posted in the Business Insider and Washington Post articles on this matter. I believe that what I’m reading is factual, but I shake my head at the ineptitude of leadership that existed, ranging from the employee’s supervisor, to the agency director, and all the way up to the Governor. There is no reason a retraction could not have been issued within minutes of this false alarm. We see things in this timeline such as ‘drafting a retraction’ and ‘lost Twitter password’. Simply bullshit. There isn’t much to draft for an initial retraction other than ‘False Alarm – No missile threat’. We know from later in the timeline that this could have been sent through the same system that sent the initial message.

It’s noted that Hawaii EMA didn’t have a plan in place for issuing retractions on messages. An easy enough oversight, I suppose, but when they report that this same employee had issued false messages on two previous occasions, a plan would have been developed for something that was an obvious concern.

A possible path to correction is a bill that may be introduced by Sen. Brian Schatz which would give the US Departments of Defense and Homeland Security the responsibility to notify the public of an incoming missile attack. Is this a perfect fix? No. Consider that weather alerts can be issued by the National Weather Service, or by state or local emergency management agencies based upon NWS information or what they are actually observing on the ground. I’m a big believer in state’s rights as well as their ultimate responsibility to care for their populations, so I believe the states should have the ability to issue such alerts, however they should generally be defaulting to DoD, as DoD has the technology to detect an incoming attack.

There are numerous layers of failure in this situation which need to be examined and addressed through rigorous preparedness measures. It obviously was an embarrassing occurrence for Hawaii EMA and I’m sure they are working to address it. The intent of my article isn’t to harp on them, but to identify the potential points of failure found in many of our systems. Unfortunately, this situation makes for a case study that we all can learn from. Current technology provides every state, county, city, town, and village the ability to access an emergency alert system of some type. Some are municipal systems, some are regional, some are state, and some are national (IPAWS). We access these systems through custom developed programs or commercially available interfaces. These systems will instantly issue alerts to cell phones, email accounts, social media, radio, and TV; and some will still activate sirens in certain localities. The technology we have enables us to reach a high percentage of our populations and issue critical communications to them. While the technology is great and the message we send is important, it’s only one element of a good public information and warning program. Clearly, we see from the occurrence in Hawaii, that we need to have solid plans, policies, procedures, systems, training, and exercises to ensure that we can effectively and efficiently issue (and retract) those messages. So crack open your own plans and start making a list of what needs to be improved.

Emergency Preparedness Solutions, LLC ^SM

The Contrarian Emergency Manager

News, concepts, and opinions on emergency management and homeland security topics

Category Emergency Management

NIMS Alert – EOC Director Guidance

Public Health Preparedness as Part of Emergency Management

New Jersey Terrorism Threat Assessment – A Model for the Nation

Guidance for Operational Security and Access

FEMA’s 2018-2022 Strategic Plan: The Good, the Bad, and the Ignored

Active Shooter Drills with Students – Good Idea or Bad?

HSEEP Training – Is it Required

The ICS Liaison Officer

Disaster Aid Approved for Houses of Worship

The Hawaii Saga