Tag emergency preparedness

Failed Attempts to Measure NIMS Compliance – How can we get it right?

Tim Riecker, The Contrarian Emergency Manager 3 Comments

Yesterday the US Government Accountability Office (GAO) released a report titled Federal Emergency Management Agency: Strengthening Regional Coordination Could Enhance Preparedness Efforts.  I’ve been waiting for a while for the release of this report as I am proud to have been interviewed for it as a subject matter expert.  It’s the second GAO report on emergency management I’ve been involved in through my career.

The end game of this report shows an emphasis for a stronger role of the FEMA regional offices.  The GAO came to this conclusion through two primary discussions, one on grants management, the other on assessing NIMS implementation efforts.  The discussion on how NIMS implementation has thus far been historically measured shows the failures of that system.

When the National Incident Management System (NIMS) was first created as a nation-wide standard in the US via President Bush’s Homeland Security Presidential Directive (HSPD) 5 in 2003, the NIMS Integration Center (NIC) was established to make this happen.  This was a daunting, but not impossible task, involving development of a standard (lucky much of this already existed through similar systems), the creation of a training plan and curricula (again, much of this already existed), and encouraging something called ‘NIMS implementation’ by every level of government and other stakeholders across the nation.  This last part was the really difficult one.

As identified in the GAO report: “HSPD-5 calls for FEMA to (1) establish a mechanism for ensuring ongoing management and maintenance of the NIMS, including regular consultation with other federal departments and agencies and with state and local governments, and (2) develop standards and guidelines for determining whether a state or local entity has adopted NIMS.”

While there was generally no funding directly allocated to NIMS compliance activities for state and local governments, FEMA/DHS associated NIMS compliance as a required activity to be eligible for many of its grant programs.  (So let’s get this straight… If my jurisdiction is struggling to be compliant with NIMS, you will take away the funds which would help me to do so????)  (the actual act of denying funds is something I heard few rumors about, but none actually confirmed).

NIMS compliance was (and continues to be) a self-certification, with little to no effort at the federal level to actually assess compliance.  Annually, each jurisdiction would complete an online assessment tool called NIMSCAST (the NIMS Compliance Assistant Support Tool).  NIMSCAST ran until 2013.

NIMSCAST was a mix of survey type questions… some yes/no, some with qualified answers, and most simply looking for numbers – usually numbers of people trained in each of the ICS courses.  From FEMA’s NIMS website: “The purpose of the NIMS is to provide a common approach for managing incidents.”  How effective do you think the NIMSCAST survey was at gauging progress toward this?  The answer: not very well.  People are good at being busy but not actually accomplishing anything.  It’s not to say that many jurisdictions didn’t make good faith efforts in complying with the NIMS requirements (and thus were dedicated to accomplishing better incident management), but many were pressured and intimidated, ‘pencil whipping’ certain answers, fearing a loss of federal funding.   Even for those will good faith efforts, churning a bunch of people through training courses does not necessarily mean they will implement the system they are trained in.  Implementation of such a system required INTEGRATION through all realms of preparedness and response.  While NIMSCAST certainly provided some measurable results, particularly in terms of the number of people completing ICS courses, that really doesn’t tell us anything about IMPLEMENTATION.  Are jurisdictions actually using NIMS and, if so, how well?  NIMSCAST was a much a show of being busy while not accomplishing anything as some of the activities it measured.  It’s unfortunate that numbers game lasted almost ten years.

In 2014, the NIC (which now stands for the National Integration Center) incorporated NIMS compliance questions into the Unified Reporting Tool (URT), including about a dozen questions into every state’s THIRA and State Preparedness Report submission.  Jurisdictions below states (unless they are Urban Area Security Initiative grant recipients) no longer need to provide any type of certification about their NIMS compliance (unless required by the state).  The questions asked in the URT, which simply check for a NIMS pulse, are even less effective at measuring any type of compliance than NIMSCAST was.

While I am certainly being critical of these efforts, I have and continue to acknowledge how difficult this particular task is.  But there must be a more effective way.  Falling back to my roots in curriculum development, we must identify how we will evaluate learning early in the design process.  The same principal applies here.  If the goal of NIMS is to “provide a common approach to managing incidents”, then how do we measure that?  The only acceptable methodology toward measuring NIMS compliance is one that actually identifies if NIMS has been integrated and implemented.  How do we do that?

The GAO report recommends the evaluation of after action reports (AARs) from incidents, events, and exercises as the ideal methodology for assessing NIMS compliance.  It’s a good idea.  Really, it is.  Did I mention that they interviewed me?

AARs (at least those well written) provide the kinds of information we are looking for.  Does it easily correlate into numbers and metrics?  No.  That’s one of the biggest challenges with using AARs, which are full of narrative.  Another barrier to consider is how AARs are written.  The HSEEP standard for AARs is to focus on core capabilities.  The issue: there is no NIMS core capability.  Reason being that NIMS/ICS encompasses a number of key activities that we accomplish during an incident.  The GAO identified the core capabilities of operational coordination, operational communication, and public information and warning to be the three that have the most association to NIMS activities.

The GAO recommends the assessment of NIMS compliance is best situated with FEMA’s regional offices.  This same recommendation comes from John Fass Morton who authored Next-Generation Homeland Security (follow the link for my review of this book).  Given the depth of analysis these assessments would take to review AAR narratives, the people who are doing these assessments absolutely must have some public safety and/or emergency management experience.  To better enable this measurement (which will help states and local jurisdictions, by the way), there may need to be some modification to the core capabilities and how we write AARs to help us better draw out some of the specific NIMS-related activities.  This, of course, would require several areas within FEMA/DHS to work together… which is something they are becoming better at, so I have faith.

There is plenty of additional discussion to be had regarding the details of all this, but its best we not get ahead of ourselves.  Let’s actually see what will be done to improve how NIMS implementation is assessed.  And don’t forget the crusade to improve ICS training!

What are your thoughts on how best to measure NIMS implementation?  Do you think the evaluation of AARs can assist in this?  At what level do you think this should be done – State, FEMA Regional, or FEMA HQ?

As always, thanks for reading!

© 2016 – Timothy Riecker

Emergency Management: Coordinating a System of Systems

Tim Riecker, The Contrarian Emergency Manager 1 Comment

Emergency management, by nature, is at the nexus of a number of other practices and professions, focusing them on solving the problems of emergencies and disasters.  It’s like a Venn diagram, with many entities, including emergency management, having some overlapping interests and responsibilities, but each of them having an overlap in the center of the diagram, the place where coordination of emergency management resides. That’s what makes the profession of emergency management fairly complex – we are not only addressing needs inherent in our own profession, we are often times doing it through the application of the capabilities of others.  It’s like being the conductor of an orchestra or a show runner for a television show. It doesn’t necessarily put emergency management ‘in charge’, but they do become the coordination point for the capabilities needed.

Presentation1

 

This high degree of coordination depends on the functioning and often integration of a variety of systems.  What is a ‘system’?  Merriam-Webster offers that a system is a “regularly interacting or interdependent group of items forming a unified whole.”  Each agency and organization that participates in emergency management has its own systems.  I’d suggest that these broadly include policies, plans, procedures, and the people and technologies that facilitate them – and not just in response, but across all phases or mission areas.  Like the Venn diagram, many of these systems interact to (hopefully) facilitate emergency management.

There are systems we have in many nations that are used to facilitate components of emergency management, such as the National Incident Management System (NIMS), the Incident Command System (ICS) (or other incident management systems), and Multi-Agency Coordination Systems (MACS).  These systems have broad reach, working to provide some standardization and common ground through which we can manage incidents by coordinating multiple organizations and each of their systems.  As you can find indicated in the NIMS doctrine, though, NIMS (and the other systems mentioned) is not a plan.  While NIMS provides us with an operational model and some guidance, we need plans.

Emergency Operations Plans (EOPs) help us accomplish a coordination of systems for response, particularly when written to encompass all agencies and organizations, all hazards, and all capabilities.  Likewise, Hazard Mitigation Plans do the same for mitigation activities and priorities.  Many jurisdictions have smartly written disaster recovery plans to address matters post-response.  We also have training and exercise plans which help address some preparedness measures (although generally not well enough).  While each of these plans helps to coordinate a number of systems, themselves becoming systems of systems, we are still left with several plans which also need to be coordinated as we know from experience that the lines between these activities are, at best, grey and fuzzy (and not in the cuddly kitten kind of way).

The best approach to coordinating each of these plans is to create a higher level plan.  This would be a comprehensive emergency management plan (CEMP).  Those of you from New York State (and other areas) are familiar with this concept as it is required by law.  However, I’ve come to realize that how the law is often implemented simply doesn’t work. Most CEMPs I’ve seen try to create an operational plan (i.e. an EOP) within the CEMP, and do very little to actually address or coordinate other planning areas, such as the hazard mitigation plan, recovery plans, or preparedness plans.

To be successful, we MUST have each of those component plans in place to address the needs they set out to do so.  Otherwise, we simply don’t have plans that are implementation-ready at an operational level.  Still, there is a synchronicity that must be accomplished between these plans (for those of you who have experienced the awkward transition between response and recovery, you know why).  The CEMP should serve as an umbrella plan, identifying and coordinating the goals, capabilities, and resources of each of the component plans.  While a CEMP is generally not operational, it does help identify, mostly from a policy perspective, what planning components must come into play and when and how they interrelate to each other.  A CEMP should be the plan that all others are built from.

Presentation2

I’m curious about how many follow this model and the success (or difficulty) you have found with it.

As always, if you are looking for an experienced consulting firm to assist in preparing plans or any other preparedness activities, Emergency Preparedness Solutions is here to help!

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

H.R. 4397 – The Rail Safety Act

Tim Riecker, The Contrarian Emergency Manager 2 Comments

A few days ago I came across a notice of the introduction of HR 4397, aka the Rail Safety Act.  Text of the bill can be found here: https://www.govtrack.us/congress/bills/114/hr4397/text.  This bill was introduced by Rep. Ron Kind (D-WI) and had been assigned to House Committee on Transportation and Infrastructure on January 28th.  The essence of the bill… “To direct the Administrator of the Federal Emergency Management Agency to provide for caches of emergency response equipment to be used in the event of an accident involving rail tank cars transporting hazardous material, crude oil, or flammable liquids.”

If you follow the link provided above, you will get the full text of the bill, which honestly doesn’t tell much more.  I’m rather ambivalent about things like this.  We have a history of pre-positioning equipment and supplies for a variety of disasters.  Organizations such as the American Red Cross function this way, as do various agencies of the US federal government.  In 1999 the National Pharmaceutical Stockpile (NPS) was expanded to preposition medical supplies around the nation as a preparedness effort for a biological or chemical attack.  This program expanded in 2003 and became the Strategic National Stockpile (SNS).  In 2006, FEMA/DHS developed a program to pre-position disaster supplies (mostly mass care types of supplies) in certain disaster prone areas around the nation.  While we also have a variety of specialized teams, that’s a slightly different matter.

One key struggle of prepositioning supplies and equipment largely boils down to who will be responsible for them.  Supplies and equipment need to be secured and maintained.  This requires some regularity of check in to ensure they are ready to be deployed at a moment’s notice.  Each location needs a deployment plan, identifying how these assets will be deployed.  As part of this planning, there must be a trigger mechanism for requesting these supplies.  The supplies must deploy and reach their destination in such a time frame to be effective.  Of course upon arrival of the cache, responders must be familiar with what is there, take time to unpack it and inspect it, and be readily able to use it (therefore they must be pre-trained in the use of the equipment).  So who will be responsible for these caches?  State governments?  Local governments?  Rail carriers?  First responders?

Hazardous materials response is one of the most highly regulated aspects of public safety.  It is governed in the US by the Occupational Health and Safety Administration (OSHA) regulation 1910.120.  There is a strong emphasis on preparedness and protocol.  Only individuals trained to certain levels can conduct certain actions in a hazardous materials response.  Most responders, due to the fairly low ranking hazard of a major hazardous material release in their jurisdiction, do not have the degree of training needed to utilize some of what I expect would be in a cache of supplies as ordered by the Rail Safety Act.  That said, every jurisdiction in the US has access to a hazardous materials team – either from a nearby jurisdiction or from the state.  These teams have the specialized training and equipment needed to address a hazmat incident.  Now that we’ve gotten to that, what, exactly, is the need that the Rail Safety Act is addressing?

Sure, these caches of supplies may provide more of whatever is needed, but there are a few issues here.  First of all, it will take people to examine what is being delivered, to unpack it, and to ready it for deployment.  Often, the biggest issue on a response such as this is a lack of trained personnel.  Second, will the materials being provided by the cache be interoperable with what the hazmat team is using?  While we have gotten better at standardizing equipment, there are still many issues out there.  Tab A requires Slot A.  Slot B simply won’t work.

I suppose what I’m really interested in here is a definition of need.  Has there been any type of needs assessment or feasibility study conducted for this?  I’m doubtful.  Most bills are generally introduced at a whim by well-intentioned but ill-informed politicians.  The last thing we need is another requirement to work within that does us little good – even if it is to be funded by the rail carriers.

I’m curious if anyone out there happens to know about this bill or any need supporting it.

© 2016 – Timothy Riecker

Book Review – The Storm of the Century by Al Roker

Tim Riecker, The Contrarian Emergency Manager 2 Comments

Yep, THE Al Roker.  The weather guy.  Fellow SUNY Oswego alum.  Smart, funny, the kind of guy you want to have over for poker night.

Roker has actually written a few books, covering cooking, murder mysteries, family, and weight loss.  The Storm of the Century was released late last year and offers a compelling historical review of the Gulf Hurricane of 1900 that destroyed Galveston, Texas.

IMG_1473

Admittedly, the book was not what I expected.  I anticipated a book that had more structure and was a bit more proper and history-bookish.  While I was pleasantly surprised by the book’s more narrative approach, switching gears mentally took me a while, which is I think why I had a hard time with the first few chapters.  That’s on me, though, and not a reflection on the book itself.

The book is set up almost like a work of fiction, setting the stage of the time and place of our environment and introducing and developing the main characters.  Don’t be fooled, though – this is no work of fiction.  The events described in the book are real, as were the stories of the people.  Roker emphasizes this at the end of book, as he details both formally through a bibliography and informally through narrative, the sources of his information, which include newspapers, scholarly works, historical accounts, and documented eye witness reports.

The book follows the lives of several individuals and families, with the primary focus on Isaac and Joseph Cline, who worked for what became the National Weather Service.  Roker mixes in a number of other personalities from Galveston and other areas.  Notables, such as Clara Barton, Joseph Pulitzer, and William Randolph Hearst also figure into the events of this devastating hurricane.  Roker provides insight on the state of politics and society in the post-Civil War United States, external political relations, and certain beliefs of those in meteorological science at the time, including the Jesuit priests of Cuba.

Roker details the interesting history of the National Weather Service, with its roots in the US Army Signal Corps, as well as some of the science and instrumentation of meteorology.  It’s interesting to see how much we have advanced in the science, yet how much still reflects back on what was done almost 120 years ago.

In the end, the events surrounding The Storm of the Century create a story of human error, tragedy, and perseverance.  In the practices of emergency management we must always keep in mind the human element.  Ultimately, that’s why emergency management exists.  While our focus might be on critical infrastructure, NIMS, or the current organization of FEMA, the reason why must ALWAYS reflect on people and our need to protect them from the impacts of disasters.  The Storm of the Century does just this, putting society front and center.

The Storm of the Century is overall a good read and accessible to many audiences including disaster and meteorology buffs, social scientists, and even those interested in US history.  The book is a great read for colleges and high schools alike, offering insights on society, politics, and science.  And hey, mine is even autographed.  Thanks Al!

IMG_1474

© 2016 – Timothy Riecker

Continuity of Government – Preservation of Records and Data

Tim Riecker, The Contrarian Emergency Manager Leave a comment

A common but often low priority issue in emergency management is the loss of physical records and electronic data from a disaster.  To be honest, I ignored the issue for much of my career.  It wasn’t until working on a contract in the northeast and meeting with a lot of local governments did my eyes really open to the importance of the issue.  While this article focuses on preservation of records for governments, it can certainly apply to businesses, not for profits, and even individuals.

Many of the local governments we interfaced with on a completely unrelated contract, were talking about their experiences with Tropical Storm Irene.  Town officials told of their efforts hauling boxes of town records either to a higher floor of town offices or removing them offsite, with water to their knees or even waist high.  Needless to say, many records were lost.

While some of these offices were in known floodplains, others simply suffered from an extraordinary event and the fault of a place where we commonly store things – the basement.  Towns (and other municipal offices) often store physical copies of tax maps and records, property deeds, permits, flood insurance information (ironic, isn’t it?), human resources data for town employees, town financial records, court records, birth certificates, death certificates, marriage certificates, divorce certificates, and other information.  The loss of this information can have an impact, not only historically, but also on current government operations.

Continuity of government and continuity of operations plans should identify those records which are most important.  These are called vital records.  Vital records should have the highest degree of protection.  The National Archives offers some guidance on the protection of vital records.  While the guidance applies to federal agencies, there is still plenty of valuable information which can be applied to other organizations.

Every municipality should examine records storage as part of their continuity of operations and continuity of government planning.  It’s not to say that records can’t be stored in the basement of a building, but mitigation efforts must be made to flood proof the building as much as possible, including water alarms and sump pumps connected to emergency power systems.  Paper and water don’t mix – so get your records off the floor and consider waterproof storage solutions.  Ventilation is also important to prevent molding.

If mitigation is too costly, then you need to consider relocating the records.  Regardless of where your records are, you should have a component of your continuity of operations plan that addresses emergency relocation of records – when, how, to where, and who.  Digital storage is obviously a great solution.  Some towns I spoke with had decided after the storm to scan their records.  Catching up to a hundred plus years of records can be pretty time consuming and practically unsurmountable for most municipal offices.  This is a service that can be hired out.  Be sure to follow sound data protection standards for both storage and access to ensure the continuity of these records.

In the event that records do get wet, all is not necessarily lost.  The Preservation Directorate of the US Library of Congress has a lot of information on preservation of records, including a variety of resources and training opportunities.  There are also companies that specialize in document preservation and recovery after a disaster.  While it’s probably a good idea to identify who you might reach out to in the event of such a loss, know that this is expensive and it’s generally far more cost effective to mitigate against the risk.

Need assistance with government continuity or continuity of operations planning?  EPS can help!  consultants@epsllc.biz.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Another Great Emergency Management and Homeland Security Podcast

Tim Riecker, The Contrarian Emergency Manager Leave a comment

A couple months ago I came across another great podcast.  This one is done by a company called PreparedEx – www.preparedex.com and on Twitter @preparedex.  They link to their podcast from their website but you can also find it in the iTunes podcast listing.  They are only seven episodes in, and most episodes are about a half hour long, so you can catch up pretty quickly.  They generally post two episodes a month, which is excellent frequency.

PreparedEx is a consulting firm specializing in preparedness exercises.  Yes, they are technically a competitor of my company, but from what I’ve seen and heard, they are quite capable and do some really cool stuff.

The host of their podcast is Robert Burton, who is the company’s managing director.  Robert has some great counterterrorism creds and facilitates the podcast well.  What I love most about this podcast is the interview format.  Nearly every episode focuses on an interview, and they have gotten some great subjects – from state emergency management directors to corporate security specialists.  The interviews offer excellent insight and are very conversational and easy to listen to. They cover topics in emergency management, homeland security, and business continuity.

Go check them out and enjoy!

– TR

Emergency Management – Who Knows About Your Plans?

Tim Riecker, The Contrarian Emergency Manager 1 Comment

In emergency management and homeland security we put a lot of emphasis on planning.  Plans are important, afterall.  We need to take the time to identify what our likely hazards are and how we will address them.  But what happens when the plan is complete?  We congratulate members of the planning team and send them final copies.  Those copies get filed electronically or end up on a shelf, a trophy of our accomplishment and hard work.  Congratulations!

So… that’s it?  Is that all?

NO!  Of course not!  People need to be trained to the plan.  “Trained?” you ask.  Yes – trained.  Not just sent a copy and told to review it.  Let’s be honest, here.  Even assuming the highest degree of dedication and professionalism, many people simply won’t give it the time and attention it needs.  Very quickly the plan will get buried on their desks or the email will become one of dozens or hundreds in the inbox.  Even if they do give it a look through, most will only give a quick pass through the pages between meetings (or during a meeting!), not giving much attention to the details in the plan.

How effective do you expect people to be?

Sports analogy – when a coach creates new plays, do they simply give them to the players to become familiar with and expect proficiency?  No.  Of course not.  We’re all familiar with the classic, if not cliché, setting of the coach reviewing plays on a chalk board with the players in a locker room.  That’s training.  Then after that training, they go out in the field and practice the plays.

Back to our reality… The first real step of making people familiar with the plan is to review it with them.  This usually doesn’t need to be a sleep inducing line-for-line review of the plan (unless it is a detailed procedure), but a review of the concepts and key roles and responsibilities.  In fact, that’s who you invite to the training – those who are identified in the plan.  This is likely to include people in your own agency as well as people in other agencies (emergency management, after all, is a collaborative effort).  In states with strong county governments, we often see county-level emergency management offices creating plans that dictate or describe the activities of local governments and departments.  Most often, the local departments have no awareness of these plans, much less receive any training on them.  I’m guessing that plan won’t work.

Once you’ve trained these key stakeholders, be sure to conduct exercises on various aspects of the plan.  Exercises serve not only to validate plans, but to also help further familiarize stakeholders with the plan, their roles, and expectations of others.  When we plan, we tend to make many assumptions which exercises help to work through.  Through exercising we also identify other needs we may have.

Need help with planning? Training? Exercises?  EPS can do it!  Link below.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC 

 

Updating ICS Training: Identification of Core Competencies

Tim Riecker, The Contrarian Emergency Manager Leave a comment

The crusade continues.  ICS training still sucks.  Let’s get enough attention on the subject to get it changed and make it more effective.

If you are a new reader of my blog, or you happened to miss it, check out this post from last June which should give you some context: Incident Command System Training Sucks.

As mentioned in earlier posts on the topic, the ICS-100 and ICS-200 courses are largely OK as they current exist.  Although they could benefit from a bit of refinement, they accomplish their intent.  The ICS-300 course is where we rapidly fall apart, though.  Much of the ICS-300 is focused on the PLANNING PROCESS, which is extremely important (I’ve worked a lot as an ICS Planning Section Chief), however, there is knowledge that course participants (chief and supervisor level responders) need to know well before diving into the planning process.

First responders and other associated emergency management partners do a great job EVERY DAY of successfully responding to and resolving incidents.  The vast majority of these incidents are fairly routine and of short duration.  In NIMS lingo we refer to these as Type IV and Type V incidents.  The lack of complexity doesn’t require a large organization, and most of that organization is dedicated to getting the job done (operations).  More complex incidents – those that take longer to resolve (perhaps days) and require a lot more resources, often ones we usually don’t deal with regularly – are referred to as Type III incidents.  Type III incidents, such as regional flooding or most tornados, are localized disasters.  I like to think of Type III incidents as GATEWAY INCIDENTS.  Certainly far more complex than the average motor vehicle accident, yet not hurricane-level.  The knowledge, skills, and abilities applied in a Type III, however, can be directly applied to Type II and Type I incidents (the big ones).

It’s not to say that what is done in a car accident, conceptually, isn’t done for a hurricane, but there is so much more to address.  While the planning process certainly facilitates a proactive and ongoing management of the incident, there are other things to first be applied.  With all that said, in any re-writing and restructuring of the ICS curriculum, we need to consider what the CORE COMPETENCIES of incident management are.

What are core competencies?  One of the most comprehensive descriptions I found of core competencies comes from the University of Nebraska – Lincoln, which I summarized below.  While their description is largely for a standing organization (theirs), these concepts easily apply to an ad-hoc organization such as those we establish for incident management.

Competency: The combination of observable and measurable knowledge, skills, abilities and personal attributes that contribute to enhanced employee performance and ultimately result in organizational success. To understand competencies, it is important to define the various components of competencies.

  • Knowledge is the cognizance of facts, truths and principles gained from formal training and/or experience. Application and sharing of one’s knowledge base is critical to individual and organizational success.
  • A skill is a developed proficiency or dexterity in mental operations or physical processes that is often acquired through specialized training; the execution of these skills results in successful performance.
  • Ability is the power or aptitude to perform physical or mental activities that are often affiliated with a particular profession or trade such as computer programming, plumbing, calculus, and so forth. Although organizations may be adept at measuring results, skills and knowledge regarding one’s performance, they are often remiss in recognizing employees’ abilities or aptitudes, especially those outside of the traditional job design.

When utilizing competencies, it is important to keep the following in mind:

  • Competencies do not establish baseline performance levels
  • Competencies support and facilitate an organization’s mission 
  • Competencies reflect the organization’s strategy; that is, they are aligned to short- and long-term missions and goals.
  • Competencies focus on how results are achieved rather than merely the end result. 
  • Competencies close skill gaps within the organization.
  • Competency data can be used for employee development, compensation, promotion, training and new hire selection decisions.

So what are the CORE COMPETENCIES OF INCIDENT MANAGEMENT?  What are the knowledge, skills, and abilities (KSAs) that drive organizational success in managing and resolving an incident?  Particularly for this application, we need to focus on WHAT CAN BE TRAINED.  I would offer that knowledge can be imparted through training, and skills can be learned and honed through training and exercises; but abilities are innate, therefore we can’t weigh them too heavily when considering core competencies for training purposes.

All in all, the current ICS curriculum, although in need of severe restructuring, seems to cover the knowledge component pretty well – at least in terms of ICS ‘doctrine’.  More knowledge needs to be imparted, however, in areas that are tangential to the ICS doctrine, such as emergency management systems, management of people in the midst of chaos, and other topics.  The application of knowledge is where skill comes in. That is where we see a significant shortfall in the current ICS curriculum.  We need to introduce more SCENARIO-BASED LEARNING to really impart skill-based competencies and get participants functioning at the appropriate level of Bloom’s Taxonomy.

Aside from the key concepts of ICS (span of control, transfer of command, etc.), what core competencies do you feel need to be trained to for the average management/supervisor level responder (not an IMT member)?  What knowledge and skills do you feel they need to gain from training?  What do we need a new ICS curriculum to address?

(hint: this is the interactive part!  Feedback and comments welcome!)

As always, thanks to my fellow crusaders for reading.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

The Force Awakens – A Potential Soft Target?

Tim Riecker, The Contrarian Emergency Manager 5 Comments

“There has been an awakening.  Have you felt it?”  This line from the first trailer of the new Star Wars movie is chilling.  Many of my readers are aware that I am a HUGE Star Wars fan.  As you would expect, I am incredibly excited about the release of Star Wars: The Force Awakens next week.

download

Image courtesy of Disney and Lucasfilm Ltd.

With the recent terror attacks and shootings, though, safety at the theater has certainly been on my mind.  We need to work together as a whole community – theater goers, theater owners/managers and staff, law enforcement, and municipalities.

When I first starting thinking about writing a post on this, I quickly realized that I needed some input from an expert in security.  I reached out to a colleague that not only has the qualifications, but is also a fellow blogger and consultant: Ralph Fisk.  You can find Ralph’s blog here: https://fiskconsultants.wordpress.com/.  He has some great insights on security and risk assessment matters – I strongly suggest you check out his blog, follow, participate, etc.  Ralph agreed to collaborate on a piece related to this global event.  He is also posting this same article on this blog.  Enjoy – and May the Force be With You!

– TR

~

(This article, cross-posted and co-authored by Ralph Fisk and Tim Riecker, draws collectively on our experiences and expertise to provide guidance to municipalities, theaters, and movie goers on awareness, preparedness, and response concerns as we look toward this global event.)

The rapidly approaching release of Star Wars: The Force Awakens stands to be the largest premiere in theater history.  It has already broken a multitude of pre-sale records, with more records certainly to be broken on opening day and opening weekend, both domestically and internationally.  Even if you aren’t a Star Wars fan, you must certainly be at least aware of a new movie being released.  But what does this have to do with emergency management and homeland security?

On July 20, 2012 James Eagan Holmes killed 12 and injured 70 others when opening fire on patrons in an Aurora, CO theater.  This mass murder took place at the midnight premiere of the Batman film The Dark Knight Rises. The recent terrorist attacks in Paris involved a music venue, in which nearly 100 people were killed.  Gathering places like movie theaters are just one more item on the list of potential soft targets for people wishing to do harm, be they terrorists, disgruntled, or disturbed.

IMDB provides a listing of international release dates for The Force Awakens here.  We caution that this list isn’t entirely accurate.  For example, while December 18th is the official release date of The Force Awakens in the US, thousands will be seeing the movie at a select list of theaters participating in a 7pm special premiere time on the 17th.  While you should certainly be aware of the date and time of this premiere at your local theaters, it should be emphasized that theaters will be packed with fans for some time.

While there are no credible threats involving this premiere that we are aware of, municipalities, theaters, and movie goers all need to be aware of the potential for an attack and what each can do.  Surprisingly, despite high visibility active shooter and terrorist events of the past few years, most municipalities still do not have appropriate preparedness measures in order.  While there isn’t time to assemble a solid response plan prior to the premiere of The Force Awakens, there is still plenty of time for beneficial, albeit ad-hoc preparedness efforts.

Our thoughts are below…

With the release of the much anticipated next chapter of the Star Wars Saga, The Force Awakens; theaters and local first responders need to have a heightened level of awareness. There are a number of potential threat indicators associated with this release:

1)            Of course the current terrorism threat situation is first and foremost in our minds

2)            The history of an Active Shooter Attacks on movie theaters goes back to 1989 during the screening of Harlem Nights in Chicago, Sacramento, and Richmond California; on 20 July 2012 during the midnight release, in Aurora, Colorado, of the much anticipated film – Batman: The Dark Knight Rises; another Active Shooter Incident that involved another movie theater in Lafayette, Louisiana on 23 July 2015 during the screening of Train Wreak.

3)            But also other considerations should be given to just the more than “normal” volume of theater goers, and which possible incidents could result from that.

Theaters are known to be soft targets and as such we need to be aware of the threat and how to address it.

We are going to cover the first two indicators listed above as they are not only the largest possible casualty producers, but also pose the greatest immediate impact.

Below are some suggestions and considerations for an ad hoc plan not just for the venues featuring these events; but also for those that maybe in attendance.

Introduction:

Most Active Shooter Incidents, an estimated 90%, are single actor attacks, meaning unless that person has been overt in their planning, little is known about the possibility of an Active Shooter Attack;

Unlike Terrorist Cells; which typically contain up to 4 – 6 members, not just for ease of control and planning, but also for the strict adherence to Operational Security, on the part of the Terrorists.

The difference between the two attacks may appear to be subtle to the uninitiated;

The main goal of an Active Shooter incident is to cause as much destruction as possible in a very short time span; Active Shooter incidents are different from other weapons related crimes in that they intend to commit mass murder.

Terrorist Attacks however have a very distant signature. They are commented for a number of political or ideological reasons; and may result in mass murder or hostage taking. Terrorist attacks may seem very methodical in nature of the execution.

Terrorism:

Terrorism is all around us, whether we chose to look for it or not. Terrorist Groups tend to fall into one of six different categories;

  • Nationalist/Separatist – Sometimes referred to as Freedom Fighters
  • Religious – and we are not just talking about Radical Islamic terrorists here
  • Political – which include; right and left-wing
  • Anarchist – Freedom without the burden of a Central Government
  • ECO/Animal Rights – Motivated by Environmental/Animal Political Policies
  • Single Issue Causes – involves the use of force and violence for the purpose of coercing a government and/or population to modify its behavior with respect to a specific area of concern. Typically, these types of organizations do not have an overall political agenda

Which any number of these groups with related or different causes are already operating in the heart of the Country. Terrorist Attacks could have one or more of these four main objectives;

  • Recognition of the groups’ cause or purpose
  • Coercion toward the populace and/or government to the groups’ ideology
  • Intimidation to cause fear or terror; to cause the populace to lose faith in their governments’ ability to protect them
  • Provocation: attacks are aimed to cause the ruling government to take repressive actions against the population; demonstrate the weakness of the government and the strength of the terror organization

It would be almost impossible to go into the ideology of every single group. Suffice it to say, that they all mean to get their points across, sometimes with protesting, sometimes with criminal destruction of property, and yes, sometimes they will introduce violence.

Violence could be in almost any form imaginable. The most used form of violence directed towards a population tends to lean toward Armed Attacks and/or Bombings (Including suicide bombings); because for the most part these are relatively inexpensive approaches, the logistics to effect these types of attacks are relatively easy to obtain and these tend to produce the most casualties and incite the most fear in the general population. Between 1998 and 2007 out of the estimated 28000 terrorist attacks around the world, almost 21000 involved one of these two types of tactics.

Other terror techniques also used could include; Assassination, Arson, Hijacking, Hostage Taking, Kidnapping, Sabotage, Seizure, Sniper Attacks/Mass Shootings, Threats or Hoaxes, Cyber Terrorism, Agricultural Terrorism, Civil Disturbances and Weapons of Mass Destruction (WMD). WMD is the use of any weapon or device that is intended or has the capability to cause death or serious bodily injury to a significant number of people through the release; dissemination; or impact of one of the following means; Toxic or poisonous chemicals or their precursors; diseases, biological organisms; radiation or radioactivity.

Combined attacks of different types have also been used in the recent past. The attacks on the United States on 11 September 2001 included the use of Airplanes as Weapons of Mass Destruction; the Terrorists Hijacked the planes through the use of an armed attack, albeit the arms were box-cutters, and crashed the planes into buildings causing the planes themselves to be used as WMD’s

Terrorists seek to create public fear and anxiety in order to influence government policy. Through the randomness and unpredictability of their acts, terrorists attempt to undermine confidence in government’s ability to protect the public. Terrorists hope the resulting insecurity fuels public demands for government concessions in order to stop the terrorist acts.

Today, as has been evident with recent terror attacks and attempted attacks, terrorist target selection wants to affect the maximum number of innocent people, in order to generate the fear, they desire. As the government has mobilized to protect our infrastructure from attack, our less protected target; schools, universities, shopping malls, et al., become more attractive targets.

As other sites and venues are “hardened” for security, these measures cannot be implemented across all avenues of society. One, it would infringe on our basic constitutional rights, two, the potential cost associated with “hardening” every facility would surely bankrupt the organization or governmental body imposing such restrictions, and three, we would become a “jailed” society.

Planning for terror incidents doesn’t require you have access to CIA, FBI or other intelligence organizational files, it, for the most part, only requires Common Sense, Situational Awareness of your surroundings, and a Communications Plan.

Some things to take into consideration when you’re making your plans to be in these potential soft target environments:

  • Remain Alert
  • Develop an informed vigilance; meaning, know what possible terror threats could be in your area or the area you’re going to
  • Let someone, not going with you, know your plans; where you’re going; when you expect to return
  • Attempt to blend in with your surroundings, Don’t try to stand out
  • Know your surroundings; Know how to exit the area you will be in; what is the shortest way out; have an alternate plan should that not be a viable opinion should there be an issue
  • Communicate that information to your family and others with you
  • Identify a meeting place if you become separated

Report any suspicious activity. Again remember to use your common sense; examples of suspicious actions could include:

  • People loitering in the same general area without a recognizable legitimate reason; people who appear preoccupied with a specific building or area; electronic audio and video devices in unusual places
  • Just because someone seems to belong there, they might not be whom they seem especially if they are exhibiting any of the actions stated above
  • DO NOT TRY TO DEAL WITH ANY INDIVIDUAL YOURSELF contact the venue security or Law Enforcement Personnel
  • Look for things out-of-place; bags left unattended; packages; persons attempting to conceal items either on their person or receptacles

In threatening situations, take steps to reduce your exposure – leave the immediate area

If an incident does occur; follow the instructions of venue staff, emergency personnel and first responders.  If you are close to the incident walk away with your hands visible.  Walk, do not run as secondary injuries can occur to you or others; move toward the walls as people evacuating a building tend to gravitate in the center

Active Shooter:

Although mass killings have been around for some time, Active Shooter incidents have only relatively recently come into the main stream. I’m not going to mention them as most of you reading this post know the infamous locations of these horrific incidents.

 The National Tactical Officers Association defines an Active Shooter as:

  • One or more subjects who participate in a random or systematic shooting spree
  • Demonstrating their intent to continuously cause serious physical injury or death to others
  • Their overriding objective appears to be that of mass murder, rather than some other criminal conduct such as robbery, hostage taking, etc.
  • In most cases some type of firearm is used, however, the Active Shooter may use any weapon that may be available
  • A suspect is considered an active shooter if he or she is still actively shooting, has access to additional potential victims, and has a willingness to harm others until stopped by authorities or his/her own suicide

Most Active Shooter incidents are often over within 10 to 15 minutes, in a 2012 FBI Active Shooter report, 37% of Active Shooter incidents last under five minutes, before law enforcement arrived on the scene, individuals must be prepared both mentally and physically to deal with an active shooter.

We will cover some very basic steps to plan for, react to and recover from an Active Shooter Incident. As with every planning recommendation I give; this is not all inclusive, I would highly recommend you attend an Active Shooter Training Seminar or ask for a visit from your local law enforcement organization that can give you a block of instruction on Active Shooter.

No matter where you find yourself, at work, in a restaurant, or any other venue where people congregate, you could very well be a target for an individual or individuals’ intent on causing great harm.

First rule in any Emergency Situation, Active Shooter included;

YOU ARE THE MOST IMPORTANT PERSON IN THE EQUATION! YOUR SAFETY IS PARAMOUNT!

I have talked numerous times about maintaining your situational awareness. When you arrive at any venue take a few seconds to find the exits; which one is closest to you; how will you evacuate the area should you have too? What is around you that could protect you? I personally like sitting at booth tables in restaurants; with my back against a wall or other solid object: having a complete view of the whole restaurant if possible and facing the door.

Remember there are three basic fundamentals to reacting to an Active Shooter Incident;

RUN – Leave everything behind; find that exit and GET OUT! Encourage others to come with you, but if they don’t want to leave, REMEMBER YOU ARE THE MOST IMPORTANT PERSON IN THE EQUATION!

HIDE – Put as many barriers/walls between you and the shooter as you can, turn off cell phones, radios, any device that could make a noise and give up your position! Lock or block the door; hide under a desk, remain quiet and claim!

FIGHT — AS A LAST RESORT, AND ONLY WHEN YOUR LIFE IS IN IMMINENT DANGER: Act as aggressively as possible against him/her; Throwing items and improvising weapons; Committing to your actions; Attempt to incapacitate the active shooter; (EXERCISE EXTREME PREJUDICE IN YOUR ACTIONS) That last part isn’t a fancy movie catch phrase; remember you are in a fight for your life!

Once police arrive on the scene here are a few do’s and don’ts;

DON’T:

  • Run up to the police; Their first priority will be to eliminate the threat(s) and secure the scene to allow EMS to come in and assess and treat casualties
  • Avoid making quick movements toward officers such as attempting to hold on to them for safety
  • Don’t stop to ask officers for help or direction when evacuating, just proceed in the direction from which officers are entering the premises.

DO:

  • Be VERY AWARE! That once Law Enforcement Personnel arrive on the scene you may very well be considered a suspect. That is normal response protocol
  • DO AS YOUR TOLD, it is BETTER YOU PLACE YOUR HANDS OVER TOP YOUR HEAD
  • YOU may be told to get on the ground…. Just do it…… Better to be treated like a criminal at first and then cleared, than being shot. You made it that far, go home at the end of the day

Active Shooter Preparedness is also becoming a very large part of Workplace Violence Planning and Training.

Although it is good to receive some rudimentary training on Active Shooter; each organization will need to tailor their response plans to fit into their building lay out.

Corporate Climates cannot afford to have a lackadaisical approach to workplace violence, emergency response or security, this is a leadership/management issue. Corporate Leadership must take ownership of safety, emergency response and workplace violence responsibilities for their organizations and require their First-tier leaders to stress the importance of these processes and procedures, one of the first things I learned about leadership was, led by example. You can direct more people into doing what you want if you first do it yourself! If you don’t, what makes you think that the employees will!

Active Shooter Awareness has to be incorporated with emergency response planning and work place violence planning; you are setting yourself and your company up for failure by not planning, training and conducting exercises.

This next point has greatly concerned me, I have seen some reports lately that companies are being sued for conducting Active Shooter Awareness Training and most, if not all claimants say they were traumatized by the training. Well I’ll simply put it this way, would you rather have some knowledge and a sense of what to expect should you ever have to act in an Active Shooter Situation; or would you rather be a victim. A 2012 FBI Active Shooter report indicated that over 50% of Active Shooter Incidents occurred at a business.

I’d also recommend that you receive some treatment for Post-Traumatic Stress (PTSD) after the incident, as you would have seen and experienced things that no person should every have too.

Recommendations both for Active Shooter and Terror Attacks for those that may not have a developed response plan

Municipalities;

  • Consider activating, even with minimum staffing, the local Emergency Operations Center
  • Consider “up-staffing” Law Enforcement, Fire and EMS Personnel, not only the first night but a number of consecutive nights as well
  • Consider a review of local mutual aid plans (Police, Fire, EMS)
  • Consider having a Public Safety Organizational meeting prior to release

Law Enforcement Organizations;

  • Consider high visibility patrols in theater areas, not only the first night, but a number of consecutive nights as well
  • Meet with theater owners/management to discuss awareness, protocols, and expectations
  • Consider reviewing your Active Shooter and Terrorism Response Plans
  • Act immediately on any reported perceived threats
  • Consider “Up-staffing” patrol personnel
  • Consider a review of local mutual aid plans
  • Check with local FBI Field office, Joint Terrorism Task Force, or if so supported, Fusion Center; prior to release night for any updates of possible threats

Fire/EMS

  • Consider having one medical and one fire unit “staged” close to the venue
  • Consider reviewing your Active Shooter and Terrorism Response Plans
  • Consider “up-staffing” the closet Engine/Ladder/EMS Companies
  • If possible, predesignate locations for Medical and Fire Staging Locations
  • Consider Review Local Mutual Aid Plans

Theater Company

  • Consider coordinating with local law enforcement for security
  • Brief Theater Staff that will be working those nights, on Emergency Response and Active Shooter Plans
  • Maintain a Passive Security Posture the entire night; Some Passive Security measure suggestions can be found above
  • Know the limitations of the theater rooms and know when they are close to capacity
  • Assign personnel with no other responsibility but to observe theater patrons; Only in an observe and report capacity
  • Consider review of local mutual aid plans
  • All theater staff must know where all the exits are and how to lead patrons to them; remind the staff the closest exit maybe behind them

Conclusion

As a sociality we have become increasingly dangerous, in that we have to worry about the seemingly random act of an Active Shooter; although most are not random at all, but go through as many as five phases before the shooter executes his/her actions. I fear that we will continue on this path of wanton violence and the better educated you are, not to these types of incidents, but any type, the better you will be to handle the situation.

As with any planning you do, whether you’re planning for a natural disaster or human initiated events/incidents, you need to take into account your own special considerations, also keep in mind that these planning and situational mindset ideas will not always be all inclusive. Your primary focus should be on personal safety, continued situational awareness and exercise your common sense.

The world has changed over the last few decades, more than anyone of us could have ever imagined. Thirty years ago, the only emergency-related thing we had to worry about at school was the surprise annual fire drill. The escalating violence in our world and attacks on soft targets like schools, churches, and hospitals has taught us that we are no longer safe in those places we once considered as morally protected sanctuaries. We must strive to provide a safe environment for all of us.

Wanna be a Facilitator? Toughen up!

Tim Riecker, The Contrarian Emergency Manager Leave a comment

I just read a great post by Robert Burton on LinkedIn titled 5 Common Tabletop Exercise Mistakes.  Robert gives a good review of the common issues that can doom a TTX from the beginning.  Go check it out!

My addition to his post reflected on the need for good and strong facilitation.  I figured it would be worthwhile to develop a separate post and expand on that a bit.  Facilitation itself is certainly an art – be it for a meeting, a workshop, or a tabletop exercise.  I would offer that while there are similar skills, abilities, and traits that will lend to success for all these applications, there are also some differences.  Facilitation for all applications requires that one speak up, follow an agenda, clearly communicate, and give everyone a chance to participate.  Charisma helps carry things along.  In some instances, you also need to be tough.  In a meeting, you have to be tough to enforce sticking to the agenda.  In a table top exercise, you need to be a little tough with the participants.

We’ve certainly all witnessed poor exercise facilitation.  They facilitator doesn’t follow the MSEL, tells their own stories, leads participants to answers, and puts up with softball answers that don’t tell much of anything.  Remember, the ultimate purpose of an exercise is to test plans.  Plans are executed by people.  We are testing the plans through these people.  If we aren’t getting good answers, we aren’t meeting our goal of testing the plans.

In one of the best table top exercises I ever witnessed, the facilitator provided injects, as expected, to a group of agency department heads.  The facilitator had a very distinct position in the agency, though… he was their new director.  He requested that we put together a TTX focusing on agency response plans.  When we asked who he wanted to facilitate, he said he would do it.  Now there are certainly pros and cons to this, but he was the boss, and the results were quite eye opening.

As follow ups to the injects, participants were asked questions such as ‘What is your role?’ ‘How would you respond to this?’ and ‘What would you do next?’.  This is how participants should be drawn out to obtain good information.  Additionally, facilitators should consider asking ‘Why’ when participants give certain responses.  (Check out my post Ask Why 5 Times – I explore the power of this question a bit more).  Do they think their response was a good idea or is it actually called for in a plan?  ‘Who’ is another good question.  It’s easy for participants to throw out generalities in response to questions (i.e. We would do x.).  Well WHO specifically would do it?  And WHY? And what if they weren’t around?  What does the plan say?

After getting a few answers he wasn’t very comfortable with, the new director then lobbed in a heck of a hand grenade – Show me.  This threw participants for a loop.  Now, I will grant you that this is rather unorthodox in a TTX, although not completely unheard of.  Given his position, no one was going to challenge him, though.  Out scampered one person.  A few more questions, then the phrase again – Show me.  Out scampered another person in search of another binder.  In the end, some had supported their claims, others did not.  These were great lessons learned.  We found holes in plans, necessary connections between plans, and a need to update plans and train people on those plans.

After this exercise, I learned lessons myself and approached facilitation of future exercises very differently.  I began asking more questions as follow ups to participants’ responses.  We dug deeper and found out more – so did the participants.  Sometimes they don’t like it, and sometimes you feel like you are being antagonistic.  Obviously you don’t want to create an unpleasant experience for anyone, but if they aren’t able to handle a few tough questions from an exercise facilitator, they certainly won’t like handling them from their boss, their bosses boss, or the media.

Bottom line, if you are going to facilitate an exercise, toughen up.  Ask follow up questions.  Get clarity on the answers and don’t let participants get away with easy answers.  If participants squirm a bit, that’s OK.

What are your exercise facilitation experiences?  Any best practices to add?

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC