8 Predicted Changes to Emergency Management Post-Pandemic

In public safety we learn from every incident we deal with.  Some incidents bring about more change than others.  This change comes not just from lessons learned, but an effort to apply change based upon those lessons. In recent history, we’ve seen significant changes in emergency management practice come from disasters like the 9/11 terrorist attacks and Hurricane Katrina, with many of the changes so significant that they are actually codified and have led to new doctrine and new practices at the highest levels.  What changes can we expect from the Coronavirus pandemic?

Of course, it’s difficult to predict the future.  We’re also still in the middle of this, so my thoughts may change a month or two into the future.  Any speculation will begin with idealism, but this must be balanced with pragmatism.  Given that, the items I discuss here are perhaps more along the lines of changes I would like to see which I think have a decent chance of actually happening. 

  1. Legislation.  Similar to the aforementioned major disasters, this too will spawn legislation from which doctrine and programs will be derived.  We are always hopeful that it’s not politicians who pen the actual legislation, but subject matter experts and visionaries with no political agendas other than advancing public health preparedness and related matters. 
  2. More public health resources. This one, I think, is pretty obvious.  We need more resources to support public health preparedness, prevention, and detection efforts.  Of course, this begins with funding which will typically be spawned from the legislation mentioned previous.  Public health preparedness is an investment, though like most preparedness efforts, it’s an investment that will dwindle over time if it’s not properly maintained and advanced to address emerging threats and best practices.  Funding must address needs, programs to address those needs, and the resources to implement those programs. 
  3. Further integration of public health into emergency management.  Emergency management is a team sport.  Regardless of the hazard or the primary agencies involved, disasters impact everyone and many organizations and practices are stakeholders in its resolution and can contribute resources to support the resolution of primary impacts and cascading effects.  Despite some gains following 9/11, public health preparedness has still been treated like an acquaintance from another neighborhood. The legislation, doctrine, programs, and resources that we see MUST support an integrated and comprehensive response.  No longer can we allow public health to be such an unfamiliar entity to the rest of the emergency management community (to be clear – the fault to date lies with everyone). 
  4. Improved emergency management preparedness.  Pulling back to look at emergency management as a whole, we have certainly identified gaps in preparedness comprehensively.  Plans that were lacking or didn’t exist at all.  Equipment and systems that were lacking or didn’t exist at all.  People who didn’t know what to do.  Organizations that weren’t flexible or responsible enough.  Processes that took too long.  Poor assumptions on what impacts would be. We can and must do better.
  5. An increase in operational continuity preparedness.  We’ve been preaching continuity of operations/government for decades, yet so few have listened. The Coronavirus pandemic has shown us so many organizations jumping through their asses as they figure it all out for the first time.  By necessity they have figured it out, some better than others.  My hope here is that they learned from their experience and will embrace the concepts of operational continuity and identify a need to leverage what they have learned and use that as a basis for planning, training, exercises, and other preparedness efforts to support future continuity events. 
  6. Further expansion of understanding of community lifelines and interdependencies of critical infrastructure.  This pandemic gave us real world demonstrations of how connected we are, how vulnerable some of our critical infrastructure is, and what metrics (essential elements of information) we should be monitoring when a disaster strikes.  I expect we will see some updated documents from DHS and FEMA addressing much of this. 
  7. More/better public-private partnerships.  The private sector stepped up in this disaster more than they previously ever had. Sure, some mistakes were made, but the private sector has been incredibly responsive and they continue to do so.  They have supported their communities, customers, and governments to address needs they identified independently as well as responding to requests from government.  They changed production.  Increased capacity.  Distributed crisis messages.  Changed operations to address safety matters.  Some were stretched to capacity, despite having to change their business models.  Many companies have also been providing free or discounted products to organizations, professionals, and the public.  We need to continue seeing this kind of awareness and responsiveness.  I also don’t want to dismiss those businesses, and their employees, that took a severe financial hit.  Economic stabilization will be a big issue to address in recovery from this disaster, and I’m hopeful that our collective efforts can help mitigate this in the future. 
  8. An improved preparedness mindset for individuals and families.  Despite the panic buying we saw, much of the public has finally seemed to grasp the preparedness messaging we have been pushing out for decades.  These are lessons I hope they don’t forget. Emergency management, collectively, absolutely must capitalize on the shared experience of the public to encourage (proper) preparedness efforts moving forward and to keep it regularly in their minds. 

In all, we want to see lasting changes – a new normal, not just knee-jerk reactions or short-lived programs, that will see us eventually sliding backwards.  I’m sure I’ll add more to this list as time goes on, but these are the big items that I am confident can and (hopefully) will happen.  I’m interested in your take on these and what you might add to the list.

Be smart, stay safe, stay healthy, and be good to each other. 

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Convening and Operating an EOC Remotely

I typically refrain from writing about disasters in the midst of those disasters.  It’s very easy to be critical of things as they are happening, without an appreciation for the circumstances and information that decision-makers are in.  There are also often plenty of critics out there between the media, politicians, and social media.  There is one thing, however, that has jumped out at me in this Coronavirus/COVID19 incident that is so egregious that it absolutely needs to be addressed, and that is the traditional convening of face-to-face EOCs by many jurisdictions, agencies, and organizations.  Much of the messaging we have seen in this incident promotes social distancing, yet so many are not practicing this.

It’s one thing to have a handful of people physically in your EOC.  While I acknowledge there are absolutely advantages to operating an EOC face-to-face, by doing so in the event of a pandemic, we are endangering these critical staff, other co-workers, and their families.  At this point, I have serious concerns with the leadership of any agency or organization that is substantially staffing an EOC in-person in the midst of this incident.  I’m tremendously disappointed in this.  Is it hubris?  Ignorance?  I don’t know what the cause is, but I do know that it’s simply irresponsible to endanger people and your operations, and it’s pretty much against everything we work for.

A virtual EOC is the answer to this.  Hopefully you have a plan for implementing one, though we know that many do not. Web-based EOC management platforms, of which there are many (and of varying capability and quality) can support facilitation of this, but aren’t necessary.  Through use of other technology, most of it free or potentially already owned by your agency or organization, you can still accomplish the things you need to.  Preparation obviously plays off, but you can make this happen on the fly, if needed, but it will still take some work to set up. 

What’s needed?  In all likelihood, most people will be working from home.  As such, reliable internet and a computer are essential, as are a phone, even if you are planning on doing most of your audio (and even video) through your computer.  We have a lot of collaboration tools available to us.  Below are a few (non endorsed) collaboration apps that, depending on the app, cover a range of capability from document sharing and live collaboration, chat, voice, video, project management, and more.  Some are practically full service, while others specialize in one or a few features.  Many of them integrate with each other for even more benefits.  They do have varying security capability, so be sure to read up on that if security is a concern (it should be to at least some extent):

  • Microsoft Teams – broad capability (available free from Microsoft)
  • Crisis Communications (this is an add-on to Microsoft Teams, also currently free from Microsoft)
  • Skype/Skype for Business – voice and video, some document sharing (available free from Microsoft)
  • OneDrive/SharePoint – document sharing (pay for more storage)
  • OneNote – document collaboration (Microsoft)
  • Dropbox – document sharing (free for limited data storage, pay for more)
  • Google Drive/Docs/Calendar/Hangouts – broad capability (free for limited data storage, pay for more)
  • Slack – broad capability, especially with add on apps (free for smaller-scale use)
  • Discord – broad capability, especially with add on apps (free)
  • WebEx – voice and audio, some document sharing (basic is free, pay for more capability)
  • HipChat – broad capability (basic is free, there is a cost for additional capability)
  • Zoom – voice and video, some document sharing (basic is free, pay for additional capability)
  • Yammer – broad capability (free with Office 365, pay for additional capability)

Working remotely may not be as convenient as face-to-face interaction, but it’s certainly possible and better for the safety of your staff and your own operational continuity.  Through use of these tools, we can still conduct all the necessary activities in an EOC.  We can communicate with people as a group or one-on-one.  We can conduct collaborative meetings.  We can develop documents, share drafts, and even work collectively on the same document in real time.  We can view videos, take calls, write reports, manage information, and track resources. 

Aside from EOC operations, I’d suggest that organizations look to these or similar tools to support remote work for their staff where possible.  I have some recent tips on continuity here.  For those of you in government, I suggest looking into what needs to be done to conduct public meetings in a virtual environment as well, while still ensuring they are open and accessible to the public.  Tools like Skype, WebEx, or Zoom can help support this.  States have varying requirements for public meetings, so these of course should be examined before making any changes.  I’d also encourage courts, especially lower ones such as traffic court, to consider postponing their proceedings or looking to alternate means of conducting their proceedings that don’t require individuals to be there in person.  I obviously appreciate that these are complex matters with a lot of legality, and as such may not have ideal solutions in the near-term, but good solutions absolutely need to be considered for future implementation. 

The bottom line here is that social distancing applies to you, whether you like it or not.  Some professions, such as public health and hospitals, first responders, and others have no choice but to continue engaging face-to-face and hands-on with people.  They are provided with PPE and safety procedures to minimize their exposures while they continue providing these critical services.  In emergency management, however, we do not need to be face-to-face.  It’s an unnecessary risk to take and there is plenty of availability of technology tools to help us do what we need to do. 

What collaboration tools do you use to support remote/virtual operations? 

Be smart, be safe, be well. 

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Taking Care of Your Staff After a Disaster

We are slowly seeing Continuity of Operations (COOP) Plans becoming more popular for organizations ranging from government, private sector, and not for profit.  There are numerous lessons learned that promote the benefits of these efforts to reduce the impacts from an incident on your organization, decrease down time, and increase the overall chances of your organization surviving a disaster.  Most COOP plans, however, are focused on organizational operations and mission essential functions, which is great, but organizations must remember that none of these can be performed without staff.

The ability of an organization to care for its staff, to the greatest extent possible, will not only support the organization’s recovery, it’s also the right thing to do.  Consider that taking care of staff also includes taking care of their families.  It’s difficult for a staff member to come to work focused on your mission when they have family members endangered by a disaster.

What can you do?  I don’t think anyone expects their employer to take care of all needs, but a bit of support and understanding go a long way.  If your organization has a direct role in emergency or disaster response or recovery, the support you provide your staff is even more critical.  While I have a number of tips and lessons learned from my own experiences on this, I came across a paper recently published by the US Department of Health and Human Services (HHS) Office of the Assistant Secretary for Preparedness and Response (ASPR).  While ASPR’s mission is to support hospitals and other healthcare facilities, this four-page document provides great information for all organizations.

Remember – the time to prepare is now!

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

What is the Top Sector at Risk for Cyberattacks?

3D Electric powerlines over sunrise

According to this article in the Insurance Business America magazine, it’s the energy sector.  This is no surprise, even without the statistics provided in the article; although the statistics are pretty staggering.  The article states that according to DHS “more than 50% of investigated cyber incidents from October 2012 to May 2013 occurred within the energy sector”.  The advice in the article is pretty sound and coincides well with what I’ve suggested many times in this blog… be prepared!  Not only do power utilities need to have their own cybersecurity experts and the policies, plans, and infrastructure to prevent cyberattacks, they also need to be prepared for the potential success of the attackers.  They need to know who to notify (and how), and what actions to take.  Further, those that depend on electricity should have an alternate means of obtaining electricity to meet essential needs.

Threats to our infrastructure show just how interconnected we are and how interconnected our critical infrastructure is.  This is the primary reason why our energy infrastructure, which touches every other sector, is so essential.  We must ensure that we have in place prevention and protection plans, such as cybersecurity plans; hazard mitigation plans to lessen the impacts; response plans to address critical issues; and recovery plans to return to operations.  Business continuity is also an essential component of this – even if you are an NGO or government entity (continuity of government).

Along with proper planning, training, and exercises, we need to continue to promote legislation which requires measures for cybersecurity and protection of our critical infrastructure.

What are your major critical infrastructure concerns?

© 2015 – Timothy Riecker

EMERGENCY PREPAREDNESS SOLUTIONS, LLC

WWW.EPSLLC.BIZ

Business Continuity – Telework Capabilities and Policies

This month’s issue of Homeland Security Today (volume 11, number 3 – April/May 2014) features, along with a variety of other excellent articles, an article titled Virtual Crisis Response by David Smith.  Right up front they provide a thought-provoking factoid… The Congressional Budget Office estimates that the five-year cost of implementing telework throughout the federal government is about $30 million, which is less than the cost of a single day of shutting down federal offices in the DC area due to a snow storm.

SHX1877.TIFFolks, this is 2014.  We have the capability to telework off of nearly any device you could imagine and for a very low-cost.  Like most, I have access to both work and personal email and files from anywhere… from my own laptop, from my smart phone, or from any other internet connected device.  I have this capability as a small business owner using tools that we set up ourselves.  I’ve worked for large corporations and state agencies that also have that capability, and even more with VPN and other tools available.  When speaking with people who work for other companies or government agencies, however, I’m astounded by the lack of interest in allowing telework.  I’m going to refrain from outlining the virtues of telework as a regular operation (don’t get me wrong, there are drawbacks as well), but telework does provide for a means of maintaining continuous business and government operations which many businesses and governments seem to be dismissing.

There are quite a few businesses and governments who maintain remotely accessible email and data as a means of enabling the conduct of business while traveling or working from an alternate site as a normal course of business – thankfully.  Many of these entities, however, due to a lack of trust in their employees, union issues, or simply an inability to adapt do not allow employees to telework.  This may have discouraged employees from even attempting to connect to these services from home, where they may likely be if some event – flood, snow storm, or otherwise – prevented them from going to work.  Maybe you do have the capabilities but generally don’t allow telework.  So how can you be sure that it will work in the event of a disaster?  The answer is simple… you have to test it.

The Homeland Security Today article provides some info on the tech stuff you need to ensure a viable network.  Follow their lead and talk to your tech people – either indigenous or consultants.  I’m not a tech guy, so I won’t even attempt to give that kind of information.  What I will tell you is that you need a business continuity telework policy along with plans and protocols to support it.  These plans need to identify the same critical business functions you identified in your base business continuity plan and address how they can be maintained remotely.  Just like any other plan we put in place, we need to train people to it and test it (exercise it).  How do we exercise it?  For starters, tell everyone (or at least key continuity staff) they don’t have to come into the office on Friday.  No, they don’t get the day off – they have to work from home, but this is a test to make sure it is possible.  Be sure to buy your help desk people something nice that day because they will be busy!  There will be plenty of connection problems.  Properly designed job aids will help facilitate this on the user end, but tech people will be needed to trouble shoot.  Of course before you even get into this you will have to make sure that everyone has the capability to connect from home.  Do they have high-speed internet at home?  Do they have an appropriate device for connecting and working through the day?

Next, once you have everyone on the network, consider how you will communicate.  Teleconference?  Video conference?  Remember that these people don’t have their work desk phones.  What information needs to be exchanged?  What is everyone’s role and can they perform it remotely?  Can they gain access to all the data and files they need?  Test the viability of the network, too… is your server in your office?  What happens if you lose power to your office?  Understand that some employees may experience utility outages during a disaster which may prevent some employees from accessing the network, but the goal is to get as many people on as possible to maintain critical business operations.  Given this, your plan should address how you will maintain critical operations in the absence of some employees – even remotely.

Just like any other exercise, put together an after action report, and not just from the perspective of the IT folks either.  Be sure to solicit input from the employees as well.  What were your lessons learned and what improvements need to be made?  Lastly, don’t just exercise this once.  Do this at least a couple of times each year.  Not only does this give you ongoing feedback of the plan, but it also helps to make sure employees can continue to connect remotely (especially new employees), and also helps to ensure that technology upgrades don’t interfere with remote access.

Do you have telework protocols integrated into your business continuity plan?  Have you exercised them?


© 2014 Timothy Riecker