The NIMS Refresh – The Good, the Bad, and the Ugly

April 10, 2016Tim Riecker, The Contrarian Emergency Manager 4 Comments

The current National Incident Management System (NIMS) doctrine document, dated December 2008, has guided NIMS for over seven years. This iteration, as I recall, wasn’t much of a change from its predecessor (2004), with the most significant updates being some changes to the NIMS components and the inclusion of the concept and arrangement of the Intelligence function within ICS. We now have a new draft NIMS document which has been posted for a national engagement period. If you haven’t had a chance to review the document, it can be found here.

While I certainly intend on providing my comments directly to FEMA through their feedback mechanism (which I encourage you all to do), I wanted to provide a bit of an overview of the draft document to my readers, which of course will include some of my opinions on the changes they are proposing. I remain a huge proponent of NIMS and fully believe in the positive impact it has had, although I have been quite outspoken (and will remain so) about the issues associated with ICS training.

In this NIMS refresh, as they are calling it, there are some significant changes to certain areas while largely maintaining the foundations of the system. The significant changes include:

NIMS has consolidated its five components to three, dropping the components of Preparedness and Ongoing Management and Maintenance.
The introduction of the Center Management System (CMS) as part of the restructured Management and Coordination (formerly Command and Management) component
Incorporation of the NIMS Intelligence and Investigations Function Guidance

First off, the consolidation of the five NIMS components to three. While I’m disappointed with the preparedness component being deemphasized, especially with so much preparedness work to always be done, I found many of the concepts of preparedness to be sprinkled throughout the document, including a nod to the National Preparedness Goal (NPG) in the introduction of the draft document. The NPG should certainly be the guiding document of all preparedness efforts related to emergency management. While there are some aspects that are NIMS-specific, I’m fairly confident they won’t get lost in the shuffle. Withdrawing the Ongoing Management and Maintenance component, similarly has seen some of these activities being mentioned elsewhere in the document, although only a few of them, with some of the important elements simply not being apparent.

In my review of the document, I was pleased with the inclusion (albeit small) of the concept of Unity of Effort as a newly introduced guiding principal of NIMS. Unity of Effort is an concept essential to the success to all components of emergency management and homeland security and certainly in incident management. This is definitely a positive.

Credentialing – the first major component discussed in the document is Resource Management. Within Resource Management is the concept of credentialing. Despite an intent of the document being to emphasize that NIMS isn’t just about ICS, the narrative on credentialing essentially focuses only credentialing through use of a position task book – which is generally only used for ICS positions. While this is an important element of personnel qualifications, credentialing of personnel within ICS positions is not the only aspect of personnel qualifications.

Based upon the content of the NIMS Intelligence and Investigation function guidance published a few years ago, the NIMS refresh has officially decreed that the Intelligence and Investigations function will reside at the general staff level. You might recall that the previous version of NIMS allowed for several options, including general staff, command staff, or imbedded within Planning or Operations. While the flexibility of ICS is one of its greatest benefits, people didn’t seem comfortable with all those options. It’s not to say those options still can’t be employed for incidents involving much smaller or potential criminal components, as the option of placing a technical specialist in any of those positions is still available.

Next up, the long awaited Center Management System (CMS). To be honest, I’m not crazy about the name, and I’m not sure we need fully developed separate guidance on operations/coordination centers. I feel that specific application of ICS concepts to an operations/coordination center should be kept simple and would be an addendum to the ICS portion of the NIMS document. That said, the NIMS refresh has saw fit to include a whole section on the CMS as part of the revamped Management and Coordination component, so we’ll break down some of the highlights. It’s important to note that the CMS is expected to be guidance and not a requirement.

While I can live with the introduction of a formal Center Management System, they have chosen to declare the title of the individual in charge of an operations/coordination center a Center Director. If there is anything that I 100% disagree with in this document, it’s this title. Let’s step back and look at the principles of ICS, which, thankfully ,the CMS is largely based upon. From our common organizational terminology, we know that those in charge of facilities (which an operations/coordination center is) are called managers, not directors. Directors are found at the branch level. It’s for this reason I have always been in favor of the Center Manager title and will continue to be.

A positive about the CMS narrative is the important mention of a policy group, as a MAC concept, as those providing advice or direction to the Center Director. Not only is the policy group a reality in many jurisdictions, inclusion of this in the CMS is an excellent compromise to those systems which centered on a policy group and operations group as their EOC organization.

Within discussion of the CMS, the NIMS refresh identifies primary functions or reasons a center might activate. While they are headed in the right direction, they need their explanations to be a bit more inclusive of other options. They only make a minor mention of the possibility of an incident actually being run from an operations/coordination center, such as a public health incident, which could be a departmental operations center or some type of a multi-agency operations center. I just think this needs to be shored up some. It should also be mentioned that EOCs may take primary responsibility for actions that are decided to be outside the scope of incident command, which may desire to remain focused on incident suppression activities. Activities such as sheltering/mass care, evacuation, or assessment and evaluation may be run out of an EOC instead of an ICP.

Now on to the CMS organization. Along with the Center Director, the NIMS refresh has tried to make several other positions distinct from their ICS counterparts (although not all of them). While I certainly acknowledge that the focus of an operations/coordination center is often different than that of an ICP, I see little reason to change the titles of some of these positons. I think this has more potential to add to confusion rather than detract from it. While the command staff (yes, still being called ‘command staff’) positions have remained the same, the following has been identified as the CMS general staff positions:

Strategic Operations Section
Intelligence/Investigations Section
Information and Planning Section
Resource and Center Logistics Section
Finance/Administration Section

As for some of the specific language within the sections, there are some positives. Two particular ones are the inclusion of ‘future planning’ within the Information and Planning Section, and the acknowledgement that in most EOCs, the Logistics Section/Resource and Center Logistics Section tends to handle tracking of resources.

There is additional and expanded information on the CMS found in Appendix B. These show some different organizational arrangements, particularly within the Information and Planning Section and the Resource and Center Logistics Section. All in all, I think these proposed arrangements are practical and a reflection of reality in most operations/coordination centers. Well done.

Lastly, Communications and Information Management has included mentions of different reports which may be required, including flash reports, status reports, and situation reports. This is a good reflection of reality. They have also listed important considerations for elements of essential information (EEI) (I’d love to see this list added to a field operations guide!), which must be constantly monitored for the maintenance of situational awareness, and they have bolstered the incident information portion of this component. All great positives! Interesting to note that the term ‘common operating picture’ has been significantly de-emphasized.

After reviewing this document, I’m overall encouraged with the direction NIMS is taking, although I obviously have some reservations. I’m confident that, over time, the kinks will shake out as they have done with other aspects of NIMS. I’m looking forward to some of the other changes that will spin off of this central document, such as new planning guidance and training.

As always, I’m interested in your feedback on my ideas as well as your own reactions and analysis of the NIMS refresh.

Thanks for reading!

Emergency Preparedness Solutions – Your Partner in Preparedness

DHS Says Low Risk of Destructive Cyberattack

April 7, 2016April 7, 2016Tim Riecker, The Contrarian Emergency Manager Leave a comment

Published in The Hill yesterday, this article states that a DHS intelligence assessment rates a destructive cyberattack on the US energy grid as a low threat. While I’m not a cybersecurity expert, this just doesn’t sit right with me. So many other sources are talking about how serious of a threat a cyberattack is, especially the destructive impacts on infrastructure. It seems pretty short sighted to think that criminal hackers will only enter systems to poke around and look for information.

The article cites that this is from a ‘leaked’ intelligence assessment. Let’s hope they have their information wrong.

~Edit~

About two hours after posting this, I read an article on Homeland Security Today which blows away the premise of the supposed DHS intelligence assessment. Worth reading.

“No Battle Plan Survives Contact With the Enemy”

April 6, 2016April 6, 2016Tim Riecker, The Contrarian Emergency Manager 2 Comments

This quote is credited to a German military strategist named Helmuth von Moltke, who served in several wars in the mid-1800s. He had a certain theory of war, understanding that several strategies must be identified in planning, as it is difficult to ascertain exactly what will happen after first contact with the enemy. What can we in emergency management learn from this?

First off, we should all recognize that it’s a rare occasion that anything goes according to plan. That is a reality which we must identify as a foundation of our planning efforts. These realities are part of our planning assumptions. In essence, we simply don’t know exactly what will happen, when it will happen, where it will happen, or what the impacts will be. We also can never be completely certain about the resources we will have available to us to respond.

Based on these planning assumptions, we should not count on our plans working from the moment an incident occurs. Very simply, there is always some catch up that we need to account for. Most importantly, we need to gain situational awareness to determine the scope and magnitude of the incident. Once we have a reasonable degree of situational awareness (often we never know everything we would like to), we can start making decisions as to how we will respond. These decisions should be guided by our plans.

Our initial response – what we do when we first run in approach, assess, and begin our initial life saving measures – may not have a solid plan, but the foundation of it does follow a certain algorithm. Many disciplines, especially the traditional first response ones, often underscore the importance of a scene size up. While this varies a bit based on our respective disciplines and the nature of the incident, the common themes involve seeking answers to the usual questions – who, what, where, when, why, and how. As we begin to gain answers and process this information, we request and assign resources. Our initial response is often unorganized. We don’t know all there is to know about the incident. We don’t have all of our resources readily available. Mentally we are overwhelmed with information, trying to process everything quickly. Eventually, though, we should begin to transition into our planned response, bringing order to the chaos.

While emergency and incident management isn’t war, there are certainly a number of parallels that can be drawn. While von Moltke’s statement is often cited in our profession, devaluing the plans we create, I think the perspective of those who cite it is wrong. We should not intend for our plans to be implemented immediately upon occurrence of an incident. Rather than sticking a square peg into a round hole by trying to immediately apply our plans, our initial response should deliberately guide us to our planned response.

One of the chief elements of our plans is our organization – the incident command system (ICS) or incident management system (IMS). Our ability to properly implement our plans is predicated on our ability to manage. In a complex incident, one person cannot handle all the elements and tasks. Delegation is necessary and ICS/IMS is the organizational model we should be following. It is through our incident management organization that we manage resources, hopefully in accordance with a plan, which helps us to manage the incident. The transition to managing the incident instead of responding to the incident can be a difficult one to make, especially for those not experienced with larger incidents. Much time can be wasted resisting or struggling through this transition. The transition, however, is a conscious and deliberate effort. It won’t happen automatically. It must be managed.

I’ve referenced in previous blog posts Cynthia Renaud’s paper “The Missing Piece of NIMS: Teaching Incident Commanders How to Function on the Edge of Chaos’. Much of what I’m talking about in terms of managing our ICS/IMS through the transition of initial response into our planned response has also been cited by Chief Renaud. The bottom line is that we can do better in our core ICS/IMS training to aid our incident managers in making this happen. Much ICS training seems to have dropped the essential concept of scene size up/assessment, or simply glosses over it. How can you make decisions about how to manage the incident if you don’t know what’s going on? It’s also a rare occasion that ICS training has much mention of the planned response. The focus is on incident action planning, which is certainly needed to guide us through tactical application, but courses often fail to indicate the indispensable reference of emergency plans when identifying objectives and strategies. This is a clear disconnect in our preparedness efforts and must be fixed. We can do better.

If you haven’t yet heard of my crusade to improve our current state of ICS training, there are a number of articles I would direct you toward. Check them out here.

Of course I’m always happy to hear what you think – comments are welcome!

Emergency Preparedness Solutions, LLC – Your Partner in Preparedness!

Calgary Report on Emergency Preparedness

April 5, 2016April 7, 2016Tim Riecker, The Contrarian Emergency Manager Leave a comment

Be sure to see the update posted at the bottom of this article!

Published in the Calgary Herald (and perhaps elsewhere), Calgary Emergency Management Agency released their 2016 report on the status of preparedness in the city. While the data contained in the report only has direct relevance if you have interest in the city of Calgary, the concept and themes in the report have some broader relevance to everyone in emergency management.

First, let’s talk about the publication of this report. I absolutely think this is a best practice and Calgary Emergency Management should be congratulated for it. The Herald also deserves credit for putting the information out there… we know that media outlets don’t always have the time or ability to publish the information they are provided. All in all, the information contained in the report should be pretty relatable to most readers. They detail the hazards, highlight costs of certain past disasters in the province of Alberta, talk about some facts that demonstrate a continued need for preparedness efforts, and they talk about some of their actions and recommended actions for others. I’m left wondering if these are highlights of a more detailed report. Either way, it’s a nice bit of information and promotion of emergency management efforts.

Their report starts off providing a list of the top ten hazards and risks in Calgary, with an added bit of information telling what percentage of hazard mitigation efforts are focused on each hazard (I’m not sure what the mitigation percentage is based upon… percent of mitigation budget, perhaps?). While much of the hazard list is intuitive, it should certainly serve as a good reminder to businesses and citizens about what can impact the area. This is also a list that I largely suspect could be replicated in many other municipalities around the world, especially those in the colder reaches of the northern and southern hemispheres.

Another section in the report provides a number of bulleted facts related to preparedness in Calgary. Some of these seem to have originated from a public survey, others from a survey of businesses, while others, such as the number of critical infrastructures in the city, were likely internal or in collaboration with other agencies. Regardless of the source, they should be eye opening for people. They are also, as with other information, fairly representative of many other municipalities around the world. While the numbers may not be exact, I’m sure the percentages are pretty close.

They follow up their facts with two brief sections on hazard mitigation, one focusing on private sector and business continuity and the other from a broader emergency management perspective. These are all certainly applicable in any of our locations. Finally, they list their nine focuses for the year. These nine areas may very well be pulled from an annual strategic plan update for Calgary Emergency Management and are also very relatable to most of us around the world. They mention things like leveraging risk assessment, sustainability funding for capabilities, emergency plan revisions, public outreach, training and exercises, and others.

It’s great to see an emergency management agency putting information out to the populations they serve. It adds context to ‘winter weather awareness week’ or other promotions, and provides more information on what emergency management does. This report also showed that, while there are some differences based on our relative locations, much of what we are dealing with in emergency management is very similar.

Kudos again to CEMA.

Emergency Preparedness Solutions, LLC – Your Partner in Preparedness

~ Update

By virtue of posting this article, I was contacted by Ms. Tabitha Beaton who works for Calgary Emergency Management and was one of the principal authors of this report. A full version of their report can be found here.

7 Emergency Management Priorities for the Next Administration

March 17, 2016Tim Riecker, The Contrarian Emergency Manager Leave a comment

Heritage.org recently published a piece outlining the top four homeland security priorities for the next administration, which can be found here. It’s a thought provoking article that certainly identifies some important issues. In the same spirit, I’d like to offer what I think are the emergency management priorities for the next administration.

1) Support an Effective FEMA Organizational Model

The Heritage.org model pointed out several issues with the DHS organization that need to be addressed sooner rather than later. I’d like to add some FEMA-specific items to their suggestions, regardless of if FEMA is kept within DHS or not (honestly, I think that ship has sailed and FEMA is there to stay).

In building a bit of background for this article, I took a look at FEMA’s current strategic plan, knowing that the document already identifies some of their priorities. Within in that list of priorities, they mention mission and program delivery, becoming an expeditionary organization, posturing and building capability for catastrophic disasters, and strengthening their organizational foundation. To me, these four all directly relate to their organizational model.

Along with having a strong central administration of programs, FEMA needs to have agility in their program delivery. This is best accomplished through the FEMA regional offices, which act as an extension of the ‘central administration’ by coordinating directly with states and neighboring regions to apply those programs in the best possible manner within the guidelines of the program. While this is currently performed, it is not performed to the greatest extent possible. John Fass Morton provides some great perspective on this approach in his book ‘Next-Generation Homeland Security’. Info on the book can be found here.

2) Bolster Risk Reduction Programs

I write often about preparedness, as that has always been a focus of my career. Risk reduction, however, is essential to eliminating or reducing the impacts of hazards on communities. Risk reduction includes all aspects of hazard mitigation and resilience, which are ideally applied at the local level but supported by state and federal programs, policies, and resources.

While the National Weather Service has implemented and promoted the StormReady program, which encourages community resilience, the best program we have ever had in our field is Project Impact. I’d love to see a revival of Project Impact (call it that or something else – I don’t really care), incorporating the concepts of StormReady as well as other best practices in risk reduction. A big part of this program MUST be incentivization, especially access to funds that can be applied for in the present for hazard mitigation activities.

3) Build a Better Cybersecurity Program

This item was added to the list by a colleague of mine. It’s also found on the Heritage.org list. It must be pretty important, then.

Yes, there are a LOT of initiatives right now involving cybersecurity, but I think there can be more. Jon, the same colleague who suggested this for my list has also stated repeatedly that cybersecurity is really a Core Capability that cuts across all mission areas – Prevention, Protection, Response, Mitigation, and Recovery. The recent update of the National Preparedness Goal suggests this, but sadly doesn’t commit.

What do we need in regard to cybersecurity? First of all, we need to demystify it. There are plenty of people out there who have just enough tech savvy to turn on their computer, send some email, and post to Facebook. While that may work for them, they are likely intimidated by talk of cybersecurity, hackers, and the like. We need to continue programs in plain speak that will help to inform the average consumer about how to protect themselves.

Better coordination with the private sector will pay off heavily when it comes to cybersecurity. Not only is the private sector generally better at it, they also have a tendency to attract experts through better incentives than the government can offer, such as higher pay. Cybersecurity also impacts everyone. We’ve seen attacks of all types of systems. The only way to stop a common enemy is to work together. Let’s think of it as a virtual whole-community approach.

4) Prepare for Complex Coordinated Attack

Another of Jon’s suggestions. While terrorism is often quickly shoved into the category of homeland security, there is a lot that emergency management can assist with. These types of attacks (think Mumbai or Paris) have a significant impact on a community. They require a multi-faceted approach to all mission areas – again, Prevention, Protection, Response, Mitigation, and Recovery. While law enforcement is clearly a lead, they must be strongly supported by emergency management as part of a whole-community approach to be successful. Preparedness across all these mission areas must be defined and supported by federal programs.

5) Infrastructure Maintenance

We have roads, bridges, rail, pipes, and other infrastructure that MUST be maintained. Maintenance (or replacement) will not only prevent failure of the infrastructure as a disaster itself, but will also make it more resilient to impacts from other disasters. Yes, these are projects with huge price tags, but what alternative do we have?

6) Continuity of Existing Model Programs

There are few things more infuriating than a new administration wiping the slate clean of all predecessor programs to make room for their own. While every administration is entitled to make their own mark, getting rid of what has been proven to work is not the way to do that. Eliminating or replacing programs has a significant impact all the way down the line, from the federal program administrators, to the state program people, to the local emergency managers who are often understaffed and underfunded to begin with.

Changing gears is not as simple as using a different form tomorrow, it requires research and training on the new program and costs time to re-tool. While I would never say there is nothing new under the emergency management sun, as I believe we are still innovating, I’m pretty skeptical of some new appointee walking into their job and making wholesale changes. While improvements can certainly be made, summary execution of successful programs does no one any good. Let’s not make change simply for the sake of change.

Related to this, I fully support the efforts of FEMA in the last few years to gain comprehensive input on changes to documents and doctrine through the formation of committees and public comment periods. This approach works!

7) Pull Together Preparedness Programs

NIMS, HSEEP, NPG, THIRA, etc… While each of these programs have their own purpose and goals, more can be done to bring them together. I’m not suggesting a merger of programs – that would simply make a huge mess. What I’m suggesting is to find the connections between the programs, where one leads to another or informs another, and highlight those. Things like better application of the Core Capabilities within HSEEP exercises to have a more effective evaluation of NIMS capabilities (I suggested this while being interviewed for a GAO report), or referencing the THIRA when building a multi-year training and exercise plan. While some jurisdictions may already do this, these are best practices that should be embraced, promoted, and indoctrinated. These links typically don’t add work, in fact they capitalize on work already done, allowing one project/program/process to be informed or supported by another, creating efficiencies and supporting a synchronization of efforts and outcomes.

There is my list of seven. What are your thoughts on the list? There are certainly plenty of other ideas out there. If you had the ear of the next President, what would you suggest be their administration’s emergency management priorities?

Emergency Preparedness Solutions, LLC – Your Partner in Preparedness

A New NFPA 1600

March 11, 2016March 11, 2016Tim Riecker, The Contrarian Emergency Manager 7 Comments

Several weeks ago (I forgot to post it!) the National Fire Protection Association (NFPA) released the 2016 update of their 1600 standard, and with a slightly different name: Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs. More on the name change in a bit.

For those not familiar with NFPA 1600, if you are in the emergency management field, you should be familiar with it. While not legally binding (unless specifically referenced by a law or regulation), NFPA 1600 is an excellent standard for modeling an emergency management program. Like any good standard, it provides guidance on what components you should have, but doesn’t tell you how to do it. NFPA 1600 is also very complimentary to the Emergency Management Accreditation Program (EMAP), with no conflicts between these standards – mostly because EMAP foundationally references much of NFPA 1600. NFPA 1600 can be found here. The NFPA provides a free download of the standard (it is heavily copyrighted, so exercise prudence in how you handle it) or you can pay to obtain paper copies.

On to the changes in this update. As mentioned, the title has been altered a bit by adding ‘Continuity of Operations’. While it doesn’t say so, I’m guessing that some government-types may have approached NFPA 1600 a bit skeptically thinking that it was really intended for the private sector. The thing is, business continuity is a specific function within emergency management, but largely follows many of the same processes, just with a particular focus.

Within the standard, the early section titled ‘The Origin and Development of NFPA 1600’ summarizes the evolution of the standard, and provides some information on the changes to the 2016 update. They mention that “The purpose of the standard has been changed to reflect the Committee’s decision to emphasize that the standard provides fundamental criteria for preparedness and that the program addresses prevention, mitigation, response, continuity, and recovery. In other words, “preparedness” is no longer just an element of the program – it is the program.” That perspective on preparedness is a great continued evolution of the concept within emergency management. While the standard in emergency management used to be the emergency management cycle with preparedness as one phase, that is thankfully beginning to go away (although it’s still seen out there way too much for my taste).

The Old Emergency Management Cycle – DON’T USE THIS ANYMORE!

The truth is preparedness permeates everything we do – all phases (or mission areas) of emergency management. That’s why there are five mission areas identified in the National Preparedness Goal (Protection, Prevention, Response, Mitigation, and Recovery). Where is preparedness? It’s the root of the document (literally… it’s in the name of the document). Preparedness is addressed for each mission area. We must prepare to protect, prepare to prevent, prepare to respond, prepare to mitigate, and prepare to recover.

As usual, I digress…

Back to NFPA 1600. This 2016 update includes language within “crisis management planning to include issues that threaten the reputation of and the strategic and intangible elements of the entity as a result of an event or series of events…”. Smart move. These elements of crisis management are something we see in both the public and private sector and certainly should be addressed.

Since business continuity does remain a focus element of the standard, they have continued to enhance those aspects. As such, they have included information on supply chain risk and information security within the document. When considering business continuity, we can’t just look at our own operations. The vulnerabilities of other organizations can certainly impact us, so examining supply chain vulnerabilities is wise. As for information security, we have seen plenty of internal and external cybersecurity issues to justify that. Although a bit late, I’m glad the NFPA is keeping up with technology and current trends and hazards. They have also rewritten much of the business impact analysis section (within Chapter 5) to address continuity planning and recovery planning, with a specific differentiation between the two.

Lastly, they have added Annex C, a small business preparedness guide (good move NFPA!), and have added material on addressing the needs of persons with access and functional needs, as well as adding some information on the role of social media in crisis communications plans.

These are all positive changes for the NFPA 1600 standard. I encourage everyone who is part of an emergency management program to take a look at it and see what it has to offer. It’s good guidance and will probably provide some good ideas for helping you grow and maintain an impactful program.

For those interested, I have a couple of past articles on standards in emergency management:

Standards in Emergency Management Programs

Business Continuity and Emergency Management Standards and Requirements

Emergency Preparedness Solutions, LLC – We are your Partner in Preparedness!

Don’t Just Take It From Me – There are Issues with ICS Training

March 1, 2016March 1, 2016Tim Riecker, The Contrarian Emergency Manager Leave a comment

The February 2016 edition of the Domestic Preparedness Journal highlighted, among other things, some concerns with ICS training in the United States. First off, if you aren’t subscribed to the DPJ, you should be. It’s free and they offer good content, with few extraneous emails beyond the journals. Check them out at www.domesticpreparedness.com.

The specific article in this issue I’m referencing is Incident Command System: Perishable if Not Practiced, by Stephen Grainer. Mr. Grainer is the Chief of Incident Management Systems for the Virginia Department of Fire Programs. Steve has a significant depth in ICS and understands all the nuances of preparedness and application. I first met him when serving on the national NIMS steering committee with him several years back.

The title of the article is a bit deceptive – it’s not just focused on the issue of the training being perishable. Right up front, Mr. Grainer, who is a longtime supporter and advocate of ICS, outlines a few shortcomings and constraints related to the application of ICS and ICS training. He states that “little attention has been given to developing the students’ ability to recognize an evolving situation in which more formalized implementation of the ICS should be undertaken”. This underscores one of my main points on the failings of the ICS curriculum. We teach people all about what ICS is, but very little of how to use it.

After giving a few case studies that reflect on the shortcomings he highlighted, Mr. Grainer expresses his support for continued training, refresher training (something not currently required), and opportunities to apply ICS in ways that public safety and emergency management don’t do on a regular basis. He summarizes by stating that not only does training need to continue to address succession and bench depth, but also the need to address how to maintain competencies and address misunderstandings in NIMS/ICS.

Yes, training does need to continue, but it must be the RIGHT training! We continue doing a disservice by promoting the current ICS courses which fall well short of what needs to be accomplished. Mr. Grainer’s mention of the need for our training to address better implementation of ICS, particularly beyond the routine, is perhaps a bit understated, but nonetheless present. Refresher training also needs to be incorporated into a new curriculum, as these skills are absolutely perishable – particularly the aspects of ICS typically reserved for more complex incidents.

In the event you aren’t familiar with my earlier posts on ICS and my crusade for a better curriculum, check out these posts. As I’ve said before, this isn’t a pick-up kickball game… this is public safety. We can do better.

Shameless plug: Assessments, Planning, Training, Exercises. Emergency Preparedness Solutions does it all. Contact us to find out how our experience can benefit your jurisdiction’s or organization’s emergency and disaster preparedness. We are your partner in preparedness. www.epsllc.biz.

Emergency Preparedness Solutions, LLC

National Firefighter Cancer Registry – Show Support!

February 29, 2016February 29, 2016Tim Riecker, The Contrarian Emergency Manager Leave a comment

Last week US Representatives Bill Pascrell (D-NJ) and Richard Hanna (R-NY) introduced a bi-partisan bill to create a national cancer registry for firefighters (paid and volunteer). This bill, HR 4625, is known as the Firefighter Cancer Registry Act. It calls for the registry to be established and managed by the Centers for Disease Control and Prevention (CDC). The site for the bill is here, although as of the time of my post, little information is available.

According to Rep Pascrell’s website, the national cancer registry would:

Store and consolidate epidemiological information submitted by healthcare professionals related to cancer incidence among firefighters.
Make anonymous data available to public health researchers to provide them with robust and comprehensive datasets to expand groundbreaking research.
Improve our understanding of cancer incidence as the registry grows, which could potentially lead to the development of advanced safety protocols and safeguards.
Increase collaboration between the CDC and epidemiologists, public health experts, clinicians and firefighters through regular and consistent consultations to improve the effectiveness and accuracy of the registry.

According to an email received from Rep Hanna’s office, the bill has the support of the National Volunteer Fire Council, the International Association of Fire Chiefs, the International Association of Fire Fighters, the New York State Association of Fire Chiefs, the Congressional Fire Services Institute, the National Fallen Firefighters Foundation, and the International Fire Services Training Association.

Firefighters are exposed to a variety of harmful chemicals on a regular basis. Fairly routine fires, such as car fires and room and contents fires contain a variety of toxins due to the quantity of synthetics used in manufacturing common materials. More advanced incidents, such as full structure fires, industrial, and hazardous materials incidents contain even more dangerous chemicals that, despite protections, firefighters are still exposed to.

I urge everyone to keep an eye on this bill and contact your representatives to express support for it.

– TR

Book Review – Failures of Imagination by Michael McCaul

February 15, 2016Tim Riecker, The Contrarian Emergency Manager Leave a comment

Failures of Imagination: The Deadliest Threats to our Homeland – and how to Thwart Them by Michael McCaul. A few months ago I put up a short post when I heard about this book coming out. I speculated a bit on what I anticipated and fortunately those were good assumptions.

Michael McCaul is chairman of the House Homeland Security Committee. Congressman McCaul (R-TX) has served with the US Department of Justice and was chief of Counterterrorism and National Security for the US Attorney’s Office in Texas. Along with chairing the House Homeland Security Committee, he is also a member of the Committee on Foreign Affairs. The background all contributes to some interesting insights and perspectives on the threats our nation faces. Several of those threats have been presented to us in this book. FoI

Failures of Imagination presents several scenarios including an attack on our seat of government, a radiological dispersion device (RDD), foreign influence on an election, a mass shooting in a public space, a cyberattack on finance and infrastructure, a bioterrorism attack, an airplane bombing, and an invasion by foreign powers. Each scenario is introduced with what I will term a short story, followed by a fictionalized executive situation report, and concluded with a factual review of how the scenario is plausible.

The short stories that introduce each scenario are fairly compelling. They read like any popular thriller novel, establishing two or three converging story lines with a brief bit of character development which quickly establish motive, plot, and execution. The timelines are set anywhere from two to 10+ years from now.

With the those scenarios set further in the future, I feel the author has taken some liberties assuming that little has changed in comparison to the current global politics and state of affairs, but that doesn’t bother me too much. I expect that some readers might feel these fictionalized stories sensationalize the scenarios a bit. While on the surface that is understandable, consider that the plots as they unfold in these stories may not be far from reality, and that the Congressman has discovered that a mix of fiction and non-fiction can help enhance the readers’ experience and sell more books. Also consider that we often do the same thing when doing scenario-based planning, training, and exercises.

As a follow-on to each scenario’s short story, a mock executive-level situation report is provided which gives an overview of the impacts of each scenario as presented in the short story. The basis of this is something we also do in many of our preparedness efforts as we try to gauge a realistic scope of impact. The Congressman outlines in many of these not only the casualties, but broader impacts such as those to the economy, and takes some realistic stabs at longer term recovery matters. These situation reports give a good perspective to the reader about the potential impacts of each scenario beyond the more narrow scope of the short story.

Lastly, McCaul provides some narrative on how each scenario presented is rooted in reality. These summaries provide information on the current situation as it relates to each scenario, typically regarding the modus operandi of certain terrorist groups or state sponsors of terrorism, relationships these groups may have with each other across the globe, and weaknesses in our own security construct which may permit these groups to gain access to the US and do us harm. While much of the information and recommendations provided by Mc Caul in these sections are factual, practical, and eye-opening, I have to admit that I was significantly turned off by several instances of what I can only call antagonistic political finger pointing. While I don’t disagree with what the Congressman was saying about certain policies and actions of other elected officials which have influenced our ability to prevent, protect, and prepare for these types of attacks, the messages often came across as snarky and partisan – something I have little patience for, especially in this election cycle.

Failures of Imagination certainly delivered. While the focus of this book is on threats to the US, I would suggest that the foundational issues identified can apply to most nations and are a good read for anyone in emergency management and homeland security. The short stories included in each scenario feed our desire to be entertained and contribute to the book being a quick read. While the scenarios overall don’t serve as much of a resource for emergency management planning, as many of these types of scenarios are already in use in our efforts, the book does provide some context for each scenario which could be referenced, especially in regard to impacts. Of most importance are the recommendations which Congressman McCaul provides for each scenario. Many of the recommendations indicate higher-level actions we as a government need to take to prevent, protect, and prepare for attacks of these types. Increased awareness of these actions will hopefully lead to development, funding, and implementation.

ICS: Who doesn’t need it?

February 10, 2016Tim Riecker, The Contrarian Emergency Manager 16 Comments

In a recent discussion thread, someone shared some material for a new program that promotes resiliency for disaster housing. While the intent of the program is good, there was one thing that struck me – it stated that it was based on the incident command system (ICS). My question – why?

ICS is a great system. It’s proven to be effective WHEN APPLIED PROPERLY. That’s the catch, though, isn’t it? A great many after action reports (AARs) identify areas for improvement relative to various facets of ICS after incidents, events, and exercises. The organizations that the AARs are usually focused on are professional response organizations – fire, police, EMS, public works, public health, emergency management, etc. These are organizations that generally get LOTS OF PRACTICE in applying ICS. So what’s the problem?

The problem is that most organizations that do use ICS don’t get enough practice in applying ICS beyond smaller incidents. So if responders, who are using ICS, have difficulty with expanded application despite some practice and more advanced training, how are organizations who don’t use it all expected to be able to remember it much less apply it properly on even the most basic of incidents? (More on my issues with ICS training here, in case you’ve missed posts over the last year or so.)

So back to the main topic of this post – who doesn’t need ICS training? I would suggest that those persons and organizations that don’t fit the broad definition of responders DON’T NEED IT. While this may be blasphemous to some, consider the time and effort wasted on getting people trained to understand ICS who will NEVER USE IT. “But what if they do need it?” you ask?

I’m challenged to really find that need. Why does the management of an apartment complex need to know or understand ICS? I find the thought of that foolish and wasteful. Sure, they can be a partner in disaster preparedness, response, and recovery. Does that make them a responder? No. Will they become part of the ICS organization? NO! Is there any reason why they would need to use ICS to manage their own organization? NO!!! They manage their organization every day through what should be a very effective model for them. Why the hell do we want to change that? We need to stop pushing our complex shit on other people who don’t need it.

I’m of two thoughts on this… One, there are people who are so gung-ho over including everyone under the sun into emergency management that they feel compelled to bring them into the profession. News flash people – if they wanted to be emergency managers, they would. There is no practical reason for them to be trained in the vast complexities of emergency management. Two, there are people who don’t really understand the applications of emergency management themselves, and therefore try to make adaptations of the system for every variety of stakeholder out there. This is something I’ve struggled with very often as people try to adapt ICS to their organization and, in doing so, change the foundational principles of ICS (span of control, terminology, organizational structure, etc.). Further, every organization thinks they have an INCIDENT COMMANDER. STOP!!!

ICS is not for everyone. I’m not being elitist or exclusionary, I’m being practical. That’s not to say that certain stakeholders shouldn’t at least be familiar with what it is, but still not every stakeholder or partner, and they certainly don’t need to know how to actually apply it. For many, simply having a point of contact with certain departments or through the 911 center is enough. Certainly if some have an interest in it they can ask, or take a class either in person or online. (I would never withhold a training opportunity from anyone.) This should certainly give them enough to satisfy their curiosity.

Along with my crusade to make better ICS training for responders (even non-traditional ones), I would suggest that we need to do a better job of advising other organizations about how they interact with the system. Simply throwing ICS training at them DOESN’T WORK. It creates false expectations and generates more confusion.

So please, fire away with your thoughts. Who do you think shouldn’t have ICS training? What would you change about the current ICS training model/requirements?

Shameless plug time: Need ICS training or training in other areas of emergency management? How about meaningful and practical emergency plans you can actually implement? Exercises to test those plans and give staff an opportunity to practice implementing plans? Emergency Preparedness Solutions can help! Link to info below!