A Review and 3 Highlights of the DHS Active Shooter Preparedness Workshop

Last month I had the opportunity to attend a day-long active shooter workshop in Rochester, NY conducted by the DHS Office of Infrastructure Protection.  The focus was awareness of, preparedness for, and response to an active shooter event, with a lean towards a facilities-based audience rather than public safety.

The workshop began with discussions on recognition, then worked through each of the five mission areas (Prevention, Protection, Mitigation, Response, and Recovery).  The primary speaker was excellent, with real-world experience in active shooter situations.  While they referred to the offering as a pilot, the workshop has been around for a few years in various versions.  Understandably, and unfortunately, it’s difficult for the workshop to keep up with lessons learned from recent events.

As mentioned, the workshop weaves through the five mission areas, rather awkwardly trying to also align with the CPG 101 planning process.  I’m not sure that the two really fit well and it was clearly something new to the course, as the primary speaker missed some of the indicators for activities.  The workshop agenda also fell short, with the facilitators clearly offering a higher than usual number of breaks and of longer than usual length to maintain the workshop as a full day.

The activities were table-based, and focused on the primary steps as outlined in CPG 101, with the goal of giving some ideas and structure to the creation of an active shooter preparedness plan for a facility.  Ideas and discussion generated at our table and others were great, as attendees came from a broad array of facilities, such as schools, night clubs, health care, office buildings, and others.  The most disappointing comments were those about roadblocks people faced within their own organizations in planning and other preparedness activities for active shooters.  There is clearly a lot of denial about these incidents, which will only serve to endanger people.

With a number of public safety professionals in attendance, there was some great reflection on coordination with public safety in both preparedness and response.  One of the gems of the workshop was the number of audio and video clips provided throughout.  The segments included media and 911 clips, as well as post incident interviews with victims and responders.  The insight offered by these was excellent and they were a great value add.

Three pieces of information resonated above all others in this workshop:

  • Run, Hide, Fight (or variants thereof) was stressed as the best model for actions people can take in the event of an active shooter.
  • The inclusion of planning for persons with disabilities is extremely important in an active shooter situation. They may have less of an ability to Run, Hide, and/or Fight, and this should be accounted for in preparedness measures.
  • Essential courses of action for planning include:
    1. Reporting
    2. Notification
    3. Evacuation
    4. Shelter in Place
    5. Emergency Responder Coordination
    6. Access Control
    7. Accountability
    8. Communications Management
    9. Short Term Recovery
    10. Long Term Recovery

Since the workshop was in pilot form, there were no participant manuals provided, which a number of people were hopeful to have.  They did, however, provide a CD with a plethora of materials, including references, some videos, and planning guides.  Many of these I’ve seen and used before, but some were new to me.  There was a commitment to send us all an email with a link to a download of the participant manual once it was available.  Some of those resources can be found here.

All in all, this was a good workshop.  The mix of an audience (numbering over 60, I believe) contributed to great discussion and the primary speaker was great.  The presentation materials were solid and provided a lot of context.  While I was disappointed in the lack of a participant manual and the inclusion of too many breaks, I certainly understand that this is the pilot of a redeveloped program which they are trying to keep as timely and relevant as possible.  While I already knew of many of the concepts and standards, there was some great material and discussion, especially in the context of facilities rather than public safety response.  This is a good program which I would recommend to facility owners, managers, and safety/emergency management personnel as well as jurisdiction emergency management and public safety personnel.

© 2016 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC Your Partner in Preparedness

ICS Training Sucks… So Let’s Fix It

A great many of you are familiar with the piece I wrote in June called Incident Command System Training Sucks.  In it, I identify that the foundational ICS courses (ICS-100 through ICS-400 – but especially ICS-300 and ICS-400) simply do not provide the skills training that emergency managers across all disciplines require to utilize the system efficiently, effectively, and comfortably.  ICS Training Sucks turned out to be a popular piece which had a great deal of support from the first responder and emergency management community – which I am very grateful for.  The amount of comments and feedback was indicative to me that I was on the right track and that I need to revisit the topic and explore more.

At the center of my argument stands Bloom’s Taxonomy.  Bloom’s is a learning hierarchy which helps to identify the depth of instruction and learning.  Here is Bloom’s Revised Taxonomy.  We’ll be referencing it a bit in the examples I provide.

Bloom's Revised Taxonomy

Bloom’s Revised Taxonomy

Take a moment to read through the descriptions of each of the ‘orders of thinking’ in Bloom’s.  Go ahead, I’ll wait…

Done?  Good.  Most would agree that courses such as ICS-300 and ICS-400 should attempt to convey learning at the Apply level, correct?  Unfortunately, that perception, while wildly popular, is wrong.  Most of the learning objectives of the two courses (objectives are our reference points for this) are at the Understand and Remember levels.  Yeah, I was a bit surprised, too.

In ICS Training Sucks, I provided a greater detail of the background analysis (it summarized the narrative of a Master’s research paper I wrote), so if you want more, simply go back and check it out.  While I make a few broad recommendations in that piece, there has been a need to examine our path to fixing this more closely.

In the development of curriculum, there exist several models.  The most commonly used model is the ADDIE model, which stands for Analysis, Design, Development, Implementation, and Evaluation.  The first step, Analysis, is really the most important, although often the most ignored or cut short.  People think they know what the need is, but often don’t really understand it.  If you are interested, I’ve written a piece on the topic of Analysis for Training Magazine last year.

Even though we are suggesting a re-write of the ICS curriculum, or parts thereof, Analysis is extremely important.  The roots of the current curriculum we use goes back to circa 1970s wildfire ICS courses.  These are good courses, and while I’m not sure if they fully met the need then (although they did advance us quite a bit), their evolved versions certainly DO NOT now.  There is no sense in repackaging the same product, so let’s first figure out what people need to know to do their jobs effectively.  Essentially, this leads us to identifying a list of key core competencies in ICS.  Core competencies will define the level of competence needed in a particular job or activity.  We can easily use the levels of Bloom’s as our reference point to establish common definitions for the levels of competence.  What am I talking about?

Let’s pick one key activity in ICS to examine.  Resource Management is a great example as it shows the disparity between what exists and where we need to be.  Resource Management is discussed in Unit 6 of the ICS-300 course.  I think most would agree that we expect most every jurisdiction to be able to implement sound resource management practices.  Implement is the key word.  Implementation is indicative of the Apply level of Bloom’s Taxonomy.  When looking at unit objectives in the ICS-300 course for unit 6, the key words are identify and describe.  Identify is indicative of the Remember level of Bloom’s Taxonomy, while describe is indicative of the Understand level.  Both fall short of application.  While we aren’t looking for this curriculum to create incident management teams, we still expect most jurisdictions to be able to manage resources, which is certainly a core competency of incident management.

I think the NIMS doctrine provides a good starting point for identifying core competencies.  In an effective study, there may be other competencies identified – perhaps topics such as leadership, that may not necessarily be found in a revised ICS curricula, but can be obtained through other training courses.  This could lead to an important differentiation between core competencies (those that MUST be included in ICS training) and associated competencies which can be sourced elsewhere.

Further, we can capitalize on what we have learned through implementation of the current ICS curriculum and previous iterations.  We know that multidisciplinary training is most effective since larger incidents are multidisciplinary.  We also know that training must be interactive and maximize hands-on time.  The past few updates to the ICS courses have done a great job of encouraging this, but we need more.

Making more detailed recommendations on fixing ICS training will take time and effort, as a solid Analysis must first be done.  Once core competencies can be identified and defined, then a strategy for revamping ICS training can be developed.  As mentioned in ICS Training Sucks, this approach should be multi-faceted, using both new and (good) existing courses to support it. Let’s not be bound by what currently exists.  We don’t necessarily have to create a ‘new’ ICS-300 or ICS-400 course.  Let’s create courses within a broader program that meets the needs of the emergency management community.  They may no longer be called ICS-300 and ICS-400.  Perhaps these two will be replaced by four smaller courses?  Who knows where this path will take us? The bottom line is that we need to be responsive to the needs of the learners, not bound by “the way we’ve always done it.”

As always, feedback is appreciated.  Perhaps there exists an institution that has the desire and funding to pursue this further?  I’m fully onboard!

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC


Well OF COURSE Drones Can Be Used As WEAPONS

It’s rather insane that it took this long for the US Department of Homeland Security to issue a warning to law enforcement about the potential use of drones/UAVs as weapons or to further the criminal enterprise.  If you’re not familiar with the DHS bulletin, see this CBS News story.

For those of you who have been steady readers of mine, you can probably tell that I’m pro-drone.  However, just like anything else, someone is bound to adapt the technology for their own malicious purposes.  While we are still getting our act together in figuring out how to apply UAV technology for myriad good and purposeful things, there have been those out there trying to figure out how to use the same technology for advancing criminal and terrorist agendas.

Amazon and others want to use UAVs to deliver packages.  Well guess what –drug cartels will certainly be using them to deliver packages of drugs.  The US military uses UAVs to strike at terrorists in unfriendly territory.  Terrorists, criminals, or even your run-of-the-mill stupid people, can do the same.  Have you seen this article about a teen who mounted a handgun to a UAV?  UAVs are great for providing a birds-eye view of any situation, but when operating in a disaster environment they can’t impede responders as they did in the recent wildfires in California.

I have no doubts that terrorists somewhere, foreign or domestic, are playing with UAV electronics and explosives to determine how best to deliver those deadly packages.  As inevitable as it is, do we ban the use of UAVs?  Well we haven’t banned cars or moving vans, and both have been used to transport explosives.  The good outweighs the bad, so we have to figure out how best to deal with it.

The fact of the matter is that all well intended technology can be used for not so good purposes.  Does this mean we do away with the technology?  No.  Does this mean we do away with innovation?  No.  It does mean that we have to stay a step ahead of those who have ill intent or practice in stupidity.  Prevention, protection, and mitigation against these things is a constant challenge.  We now need to be aware of a new threat and address it.  It’s something we’ve done through time.  People built walls around their towns to protect themselves and their property from people and animals who would do them harm.  Attackers innovated and approached walls with ladders, so defenders built taller walls and other defensive technologies.  Today we use physical barriers to prevent vehicles from getting too close to buildings, locked doors to prevent entry, and cameras to monitor.  Perhaps the threat of an attack from the air will require other measures.

Has your company or jurisdiction considered the threat UAVs may pose to your interests?  What are your thoughts on deterring attacks?

© 2015 – Timothy Riecker



Incorporating Social Media Into Your Exercises

Incorporating Social Media Into Your Exercises, a post within the idisaster.wordpress.com blog.

This blog was first brought to my attention through the most recent DHS Capacity Building Webinar Series episode called Innovating with Disaster Drills and Exercises (also available on iTunes, which is how I usually listen to them).  The blog’s primary writer, Kim Stephens, is very well spoken and well versed in using social media in emergency management (#smem).  Claire Rubin, who I’ve referenced several times before, also guest posts on the idisaster blog.  I’ve spent some time looking through the blog and find it to be well written and very informative – they certainly gained a new follower!

Be sure to check out both idisaster.wordpress.com and the DHS Capacity Building Webinar Series.

– TR

National Planning Frameworks: National Engagement Webinars

FEMA is hosting a series of 60-minute engagement webinars to discuss the update of the National Planning Frameworks. All webinars are open to the whole community, which encompasses—individuals (including those with disabilities and others with access and functional needs), businesses and nonprofits, faith-based and community groups, schools, and all levels of government. The sessions are scheduled for:

• Monday, May 18, 3:00 PM EDT
• Wednesday, May 20, 11:00 AM EDT
• Wednesday, May 27, 12:00 PM EDT
• Thursday, May 28, 10:30 AM EDT

Because each engagement webinar will cover the same information, please choose the session most convenient for you. Advance registration is required due to space limitations. Registration is on a first come, first serve basis. To register, please visit: https://www.vjpo.org/private/ppd8/events/frameworksupdate.

If you require accommodations to participate in these events, please provide details in the Disability Related Accommodations field on the registration page or contact us at PPD8-Engagement@fema.dhs.gov.

To review the draft National Planning Frameworks, please visit http://www.fema.gov/learn-about-presidential-policy-directive-8. To provide comments, please complete the feedback form and submit to PPD8-Engagement@fema.dhs.gov. Comments made during the webinars are considered to be for discussion purposes only and may not be adjudicated formally.

The National Planning Frameworks, which are part of the National Preparedness System, set the strategy and doctrine for building, sustaining, and delivering the core capabilities identified in the National Preparedness Goal. They describe the coordinating structures and alignment of key roles and responsibilities for the whole community and are integrated to ensure interoperability across all mission areas.

This update of the National Planning Frameworks focuses on discrete, critical content revisions, and confirming edits as a result of comments received on the National Preparedness Goal. Additional changes in the current draft of the Frameworks are the result of the lessons from implementing the Frameworks and recent events, as well as the findings of the National Preparedness Report.

Questions can be directed to FEMA’s NIC at: PPD8-Engagement@fema.dhs.gov.

For more information on national preparedness efforts, visit: http://www.fema.gov/national-preparedness.

Morale Issues at DHS… Still

The Washington Post recently featured an article on continued morale problems at DHS.  These problems are nothing new and largely stem around the organization being so large and unwieldy and falling in midst of the political battlefield that is homeland security and all if its related functions, such as the ongoing debate over immigration – something enforced by DHS.

In speaking through the years with friends and colleagues who work in various departments of DHS, there is a great deal of frustration with constant changes in policy and procedure, failure to backfill positions emptied by attrition, and a lack of leadership simply listening to their experienced professional staff.

Certainly given the variety of responsibilities DHS has, they need to remain fluid and responsive but they can’t do this at the expense of stability.  This loss of morale and stability will inevitably impact the effectiveness of the department and its component agencies.  So far the good employees of DHS have held steadfast, but these issues can’t continue to be ignored.  They don’t require millions of dollars in studies – they simply require good leadership and HR practices.

– TR

Was the Sewol Korea’s Katrina?

By now everyone is familiar with the South Korean disaster this past April – the sinking of the MV Sewol and the loss of almost 300 passengers, most of which were high school students, and to date, two divers involved in the recovery of the bodies.  The vessel was carrying almost 4000 tons of cargo – over 4 times its rated limit.  The morning of its fateful trip, the top-heavy Sewol took on water and capsized.  A lack of leadership on the vessel resulting in confusion, trapping hundreds in a watery grave.  This would be a horrific disaster for any nation to face.

Through the years we’ve seen numerous ferry boat disasters around the world, most of which are off the shores of developing nations – those with few if any safety standards and a lack of regulatory and enforcement agencies.  Rarely, however, do we see ferry boat disasters occurring in developed nations.  In many regards we consider South Korea our peer and sometimes even an innovator, especially in the areas of technology and engineering.  It seems, however, that regulation has not kept up with innovation.  South Korea’s response efforts have also been criticized.

In 2005, the United States suffered the impacts of Hurricane Katrina on the Gulf Coast.  Over 1800 people lost their lives.  The disaster within the disaster was how poorly our emergency management system worked.  Their were failures at higher levels of Federal and State government, resulting in response delays and poor coordination and delivery of resources.  FEMA was blamed for most of these failures.  People were fired or asked to resign and new plans were created and implemented – most of which at the behest of legislators.

Now in South Korea in the wake of the ferry tragedy, their federal government is on the verge of launching a new national safety agency, meant to usurp responsibilities from various other federal agencies including the Ministry of Security and Public Administration, the National Emergency Management Agency, the Ministry of Oceans and Fisheries, and the Coast Guard.  Change is clearly needed, but will a new organization bring about the changes needed to protect the citizens of South Korea?

We tend to see a great deal of change when tragedies such as this occur.  Obviously changes need to be made, but few accept responsibility.  Changes also seem to be made to give the illusion of progress, with no real plans set in place to address the underlying issues that exist.  It seems people feel that change itself will provide the fixes which are needed.  We’ve seen reorganizations put in place at FEMA on several occasions, intended to streamline or address dysfunctionality.  We’ve seen the same happen with the American Red Cross – who seems to alternate between two different organizational models with each decade.  Just recently the Secretary of the Veterans Affairs Administration resided amidst their scandal – activities which have taken place quite a distance from his post, activities which you hear little responsibility taken by the individual hospital administrators where it truly lies.

It’s not to say that all organizational change is unnecessary.  Organizations are organic, living, breathing entities – not static creations.  They must evolve and adapt to continue being successful.  That doesn’t mean, however, that every occurrence of negative press necessitates an organizational change.  Organizational changes are expensive in time, money, and the anxiety of employees.  They stall out progress of the organization until rebuilding is complete, then progress resumes slowly as the kinks are worked out.  Many think a plan for reorganization is simply drawing a new organization chart and that its implementation, after the firing of a few people and handing out new titles to others can be implemented overnight.  This, clearly, is fundamentally wrong.  Consider that even small businesses put a great deal of time into creating business plans which outline the resources, organization, and strategy of a new company.

I would challenge that it’s the people and the culture of these agencies that need to change.  Certainly they need new or different approaches to problems, some adjustments in their chain of command, and the tools to do their jobs better.  A radical reorganization should only take place if it’s completely necessary.  Consider what the creation of DHS has done for us – yes, their have been some improvements in prevention, preparedness and response; but at what cost?  A massive umbrella agency with coordination and leadership problems of its own.  DHS didn’t escape Katrina unscathed either due to its position between the FEMA Administrator and the President.

It seems that reorganization is the easy knee-jerk answer to problems.  Let’s slow down a bit, assess the failures and their causes, and address the internal problems first.  Without doing so, new agencies and new titles will carry the same problems.

© Timothy Riecker 2014