Tag homeland security

Managing an Exercise Program – Part 8: Preparing Support, Personnel, & Logistical Requirements

Tim Riecker, The Contrarian Emergency Manager 9 Comments

This post is part of a 10-part series on Managing an Exercise Program. In this series I provide some of my own lessons learned in the program and project management aspects of managing, designing, conducting, and evaluating Homeland Security Exercise and Evaluation Program (HSEEP) exercises. Your feedback is appreciated!

Managing an Exercise Program – Part 1

Managing an Exercise Program – Part 2: Develop a Preparedness Strategy

Managing an Exercise Program – Part 3: Identify Program Resources and Funding

Managing an Exercise Program – Part 4: Conduct an Annual Training & Exercise Planning Workshop.

Managing an Exercise Program – Part 5: Securing Project Funding

Managing an Exercise Program – Part 6: Conducting Exercise Planning Conferences

Managing an Exercise Program – Part 7: Develop Exercise Documentation

Managing an Exercise Program – Part 8: Preparing Support, Personnel, & Logistical Requirements

Managing an Exercise Program – Part 9: Conducting an Exercise

Managing an Exercise Program – Part 10: Evaluation and Improvement Planning

As I forge ahead in this series on Managing an Exercise Program (thank you all for reading!!), I expect the revised Homeland Security Exercise and Evaluation Program (HSEEP) foundation document to be released soon from the US Department of Homeland Security (DHS).  Once that document is released, I’ll be sure to include a summary update in my blog.  Having been a reviewer of the draft document about a year ago, I don’t expect a lot of changes, but what does change will have some bits of significance on how we do business in the design, conduct, and evaluation of preparedness exercises.

This installment of Managing an Exercise Program gets us two steps away from actually conducting the exercise.  As you can see, putting an exercise together is no small feat.  I find that this particular step: Preparing Support, Personnel, and Logistical Requirements, is the one most often glossed over in documents and training.  As an example, HSEEP Volume I dedicates only one paragraph to exercise logistical support.  As Volume I states in its single paragraph, logistical elements ‘can make the difference between a smooth, seamless exercise and one that is confusing and ineffective.’  Let’s break down our considerations:

The location of the exercise is of significant concern.  Often times we are examining facilities, but some exercises are conducted outdoors with no use of facilities at all.  If outdoors, you still need to ensure the proper environment and support services, such as restrooms, being available.  If your exercise requires water for fire suppression, then proximity to hydrants is essential, unless you are looking to incorporate tanker operations into your exercise.  We’re looking for a location that is minimally disruptive to the surrounding area, including traffic and ensuring citizen safety.  Consider the need for public messaging, such as static displays, variable message signs (you can get these from your public works connections), and media releases to inform the public of the exercise.  Doing so will help satisfy their curiosity, will give you some positive media exposure, and will help you minimize disruption.  As an example, I’ll cite an urban search and rescue (USAR) component of the Vigilant Guard New York exercise which I led.

Working with local officials, our USAR specialist and a representative of the New York National Guard exercise team were able to select an appropriate cite for their activities.  Set up was extensive, involving multiple loads of building demolition debris and a few cars to be hauled in and specifically placed with the use of heavy equipment.  On one side of this lot were a number of three-story apartment buildings, which we sought to minimize impact to.  All hauling and set up operations took place during the day while exercise activities, which were 24 hour operations for several days, were minimized during the night.  USAR folks come with a lot of equipment… and I’m not just talking a few boxes of stuff, either.  Many have tractor trailers and cargo containers to transport their gear.  They set up tents where they can unload and unpack much of their gear and provide areas for briefing and down time for personnel.  This exercise brought in first responder and National Guard USAR assets from around the state, other states, and Canada.  An eating area needed to be on site as well as sanitation.  Obviously all these areas needed to be well out-of-the-way of operational areas of the exercise to ensure safety and allow room for the rescue activities.  Portable diesel-generated light towers were set up to support night-time operations.  A media time was scheduled to allow media to catch some of the action during the week as well.  Since some teams were only coming in to exercise for a day, a schedule needed to be established to ensure that they could be accommodated and a traffic plan had to be established to get them to the site.  The exercise, which included multiple venues, covered a period of time which included Election Day.  With caravans of first responder and National Guard equipment rolling through the area during this time period, we were sure to schedule movements off rush hour and I even had a conversation with the County Board of Elections.  In this conversation I briefed them on the locations and activity of the exercise to ensure that it didn’t interfere with their polling locations and provided them with my cell number which I told them to call if there was even the slightest hint of a problem or complaint.

Indoor exercises require the same measure of preparation.  You have to ensure that the spaces you use are safe and large enough to accommodate participants.  You may have a need for one or more break out rooms or meeting rooms, both for exercise management staff and for players.  Unless players are responsible for setting everything up themselves, ensure that power, internet, and telephonic communications are available for them… and can support their needs.  Back to Vigilant Guard, the EOC component of the exercise was significant.  Based on anticipated use, we actually brought in state emergency management capability for satellite digital communications to support the simcell with internet with phone so we wouldn’t draw on and degrade the in-house capability for players in the EOC.  Similar to an outdoor venue, you need to pay heed to needs for parking, restrooms, and food service.  It’s also a good media opportunity, so be sure to schedule that well in advance with the media and some VIPs.

In regard to personnel, we’ve touched upon the need for controllers, evaluators, and simulators in previous posts, mostly in regard to planning these needs and ensuring that they are covered with the necessary documents to help with their tasks, such as exercise evaluation guides (EEGs), controller/ evaluator plan, master scenario events list (MSEL), and Exercise Plan.  Identify the exercise leadership early – the exercise director, simcell and MSEL managers, and lead controller and evaluator.  These individuals, and the supporting staff for them, including simulators, controllers, and evaluators, are likely to come from your exercise planning team.  Some may have experience in these tasks, while others may not… something to keep in mind for development of the documents as well as the briefings you conduct for them just prior to the start of the exercise (that’ll be the next part of this series).  Don’t just assign folks randomly to positions, draw on their experience.  If someone has a strong EMS background, assign them to be controllers, simulators, or evaluators for that area of practice.  Be sure that your simulators also have some local experience as well if you are conducting this exercise for an area outside your own.  Local flavor brings realism and context to an exercise for the players.  Consider radios for controllers and evaluators, especially in large exercise areas.  This will allow the exercise director to speak with them and for them to interact with the simcell, letting them know if they need to speed up or slow down.  Also consider providing the exercise director with an assistant on large exercises.  Often times I’ve found the need for someone to aid me directly in resolving problems, gathering people, and handling miscellaneous tasks that are too much for any one person to handle.  It’s also a great learning experience for someone who wants to advance.

Overall, be sure to plan early for all logistical, support, and personnel needs.  Plan early for food contracts, ensure that all participants have the necessary supplies to conduct their jobs.  Plan ahead for safety as well, ensuring a safe work environment proactively and a good plan and personnel who can react to situations should they arise.  Be ready on-the-fly for changes and little or no-notice occurrences, as they almost always happen!  Make sure the players have everything they need for the exercise – if not, that lack of preparedness will be what they remember.

What experiences or ideas do you have with supporting an exercise?

Chinese Government Cyber Attacks

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Homeland Security Today just linked to two related articles on Chinese government fueled hacker attacks.  The first article is ‘Report ties 100-Plus Cyberattacks on US Computers to Chinese Military’ and the second article is ‘China: Aiding Hacker Attacks on West’.

As mentioned in my most recent post on Cybersecurity, these attacks, intended to steal information, harm our infrastructure, and destabilize our economy need to be classified as acts of war.

How should we respond to these acts???

The Leading Edge of CyberSecurity… Where is it?

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Tim RieckerI finally had a chance to read through Homeland Security Today’s publication of The Leading Edge Today.  The January edition was focused on cyber security.  The Producer’s Corner article (i.e. letter from the editor), cites a study and report compiled by Verizon and other entities from around the globe, including the US Secret Service.  This report, called the 2012 Verizon Data Breach Investigations Report, is staggering.  They cite 855 confirmed cases of enterprise data loss and say that most entities that are hacked aren’t aware of it for weeks or months – and are usually notified by someone else of the incident (i.e. law enforcement or an enterprise internet security firm).  The remainder of the publication offers some good information and insight on trends and prevention activities in the realm of cyber security.

Obviously The Leading Edge Today was published prior to the President’s signing of the cyber security executive order just a couple of days ago.  All reports so far indicate that the executive order really has no teeth.  It’s not law and only provides recommendations, although it does call for the establishment of a Cyber Security Framework (perhaps to parallel the National Response Framework?) and calls for the NIST to establish the standards of this framework.  DHS is charged with sector-specific outreach to engage the private sector.  It’s not the full package of what our nation needs, but it’s a start.  It’s apparently a political throwing-down of the glove to challenge Congress to promulgate and pass a cyber security bill.

I’ve not had the chance to do any research on it, but what are other nations doing?  I imagine that there must be countries out there who have not dragged their feet as much as we have on this matter; and hopefully they have been able to implement not only strategic plans that outline progress, but have also implemented tighter defenses.  This may also be an opportunity for a global defense against cyber crimes – particularly in consideration of the perpetrators and the victims often times being from around the world.  In my eyes, this cyber terrorism needs to be viewed as an attack on our sovereignty, on our economy, and on our personal and corporate privacies.  To fight it is to wage war against those who perform it and those nations who sponsor it – just like any other act of terrorism.

Critical Infrastructure Dependencies

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Homeland Security Today published an article recently on the FCC’s examination of wireless network issues post Hurricane Sandy.  While the article speaks mostly on the need to bolster the wireless telecom infrastructure, it does mention the obvious dependencies that wireless has on our energy infrastructure.  These types of dependencies can be seen throughout all our critical infrastructure, linking them intimately, and demonstrating how fragile we really are without proper preparedness efforts and redundancies.  The illustration below outlines eight (of eighteen) of our critical infrastructure sectors: Fuel, Communications, Water, Banking, Electric Power, Transportation, Emergency Services, and Government Services.  I take no credit for the graphic, which was simply found on Google Images, but it is a great example depicting a number of the linkages (i.e. dependencies) that each of these sectors has on one another.  Like dominos, multiple sectors can be made to topple by exploiting vulnerabilities in one or more of them.  We’re not just talking about terrorism here, although preventing the intentional interference with critical infrastructure is obviously a major concern, but we’re also looking at natural hazards.

Critical Infrastructure Dependencies

Critical Infrastructure Dependencies

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

We’ve seen from real life on multiple occasions what damages to our infrastructure can cause.  Our electrical infrastructure is perhaps the most fragile, but is also the one linked to every other sector – no wonder there is so much attention paid to preparedness and mitigation efforts to make this sector more resilient.  The above graphic shows, not accidentally, the electrical sector being in the middle of all others.

There has been further attention brought to the matter recently by the National Infrastructure Coordinating Center (NICC).  In this article by Homeland Security Today, it was announced that the National Infrastructure Coordinating Center will be hiring contractor support as a force multiplier in their monitoring activities.  Last week FEMA just released IS-913, their Independent Study course on Critical Infrastructure Protection: Achieving Results Through Partnership & Collaboration.  This course compliments other critical infrastructure protection-oriented training programs of FEMA’s.  FEMA Independent Study courses are free and open to all US citizens.  I would strongly encourage that you explore what they have to offer if you haven’t already.

Critical Infrastructure Protection (CIP) is an important topic spanning all of emergency management and homeland security.  Additional information on CIP can be found from the DHS CIP website and other sources.

The Emergency Manager as a Consultant

Tim Riecker, The Contrarian Emergency Manager 4 Comments

Lately I’ve gotten into watching these reality consulting shows like Bar Rescue and Restaurant: Impossible.  Both of these shows use a similar model, providing a prolific expert (Bar Rescue’s Jon Taffer and Restaurant: Impossible’s Robert Irvine) in their respective fields to aid a failing business.  These consultants are supported by a team of specialists and often a construction crew to remodel the business.  Sometimes it’s a just a few tweaks of the menu that’s needed, other times it’s a whole new way of thinking on the part of owners, management, and employees.  These are some of the best shows out there displaying conceptually some of the things consultants can do, albeit in a compressed and slightly dramatic mode.

Robert Irvine, the Consultant with Restaurant: Impossible

Robert Irvine, the Consultant with Restaurant: Impossible

That said, as many of my readers know, I work as an emergency management and homeland security consultant.  I’ve worked in the ranks of emergency management and public safety now for nearly 19 years.  Through this time, I’ve had the pleasure of working with a multitude of emergency management professionals at many levels; including counties and local jurisdictions and corporations.  These emergency managers, I’ve found, often play the part of a consultant.

While other department heads in county and local governments or corporations often make recommendations to CEOs (in this case Chief Elected Officials or Chief Executive Officers) these usually only impact their own department or have minimal impact on other parts of the organization.  Emergency managers make recommendations that often times impact the entire jurisdiction or organization – be they recommendations on mitigation, preparedness, recovery – and especially response.  Sometimes, unfortunately, the emergency manager doesn’t report to the CEO on a daily basis – which I think is a major mistake.  While others may be primarily concerned with saving their own operations in the event of disaster, the emergency manager’s goal is to preserve as much of the jurisdiction or organization as possible – with the priorities being life safety, incident stabilization, and property conservation.  These three tenants, preached mostly in Incident Command System courses, are applicable to both government and the private sector.  In both sectors, these priorities lead us logically to business continuity, ensuring that we minimize our losses and are able to continue operations.

As the profession of the emergency manager continues to evolve, including myriad training opportunities, education up to and including Ph.Ds., and professional certifications, the emergency manager is viewed more and more as a specialist and subject matter expert.  Emergency managers are expected to provide expert advice and guidance.  The emergency manager needs to stay current and up to date with the profession; not that the ‘science’ of emergency management changes much, but there are certainly new best practices, trends, and legal and regulatory requirements that need to be kept up on.  Whether an organization calls upon the emergency manager as an employee or brings in an actual consultant, this person is providing expert recommendations that impact the jurisdiction or organization as an enterprise system, not just a name or a spot on a map.  Just like in Bar Rescue or Restaurant: Impossible, the emergency manager may make recommendations that some people don’t like; but they called upon the emergency manager for their expertise.  The emergency manager is the consultant that can save your organization!

States Rushing to Limit the Use of Drones by Law Enforcement

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Tim RieckerInspired by this Washington Times article.  I must say I don’t understand why people are protesting the use of drones (aka unmanned aerial vehicles or UAVs) domestically.  Yes, they fly; and they have cameras with telephoto lenses.  Their use, however, from a law enforcement perspective is largely no different from that of helicopters or small fixed-wing aircraft – except at a much lower cost and no danger of physical harm to individuals, such as pilots or crew, which occur far too often – mostly with helicopters.  I think portions of the public have greatly overreacted to what they have seen of the military versions of these drones by way of mass media.  They certainly do have great capability in that theater, but use domestically is vastly different – especially being that they aren’t armed with hellfire missiles and the like.  Now with politicians weighing in, the over-reaction continues, and at a detriment to public safety.

I truly hope that a compromise can be found with people realizing that the use of drones, within all current standards of surveillance, warrants, etc., is not a threat to their privacy.  It is, in fact, a demonstration of smart government, leveraging technology to enhance capabilities at a lower cost and increased safety.  In aerial surveillance, drones can be used for nearly anything a helicopter or small fixed-wing aircraft could be used for; including rapid deployment after a shooting or robbery to look for a subject, or to find an Alzheimer’s patient gone missing.  These are noble and proper efforts that I hope won’t be impeded by knee jerk reactions based upon misinformation.

What are your thoughts?  Am I missing something here?

NY Times Allows Cyber Attacks for the Sake of Research

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Timothy RieckerJust read a very interesting article about the New York Times falling victim to cyber attacks from China – and allowing it!  As the article states, the Times took a gamble for a period of four months, allowing these hackers to repeatedly penetrate their servers and steal information.  This was a calculated decision by the NY Times, however, made with the assistance of a cyber security firm, and with the intentions of analyzing patterns to build better defenses.  Essentially, it seems, the cyber security firm used by the Times would deftly parry certain attacks by the hackers, allowing some blows through their defenses and letting a bit of blood.  Slowly, as the patterns of attack were recognized, the firm would tighten up their defenses until they shut down the attack completely.  A dangerous gamble, given the information the NY Times may have on its computers, but seemingly worthwhile.  An interesting bit of information from the article was that the hackers installed 45 pieces of custom malware over this period of time, with only one of them being recognized and stopped by their Symantec antivirus software.

I commend the NY Times for this effort, but certainly don’t recommend it!  It’s a heck of a gamble and a great deal of damage could have been done.

Planning in Perspective

Tim Riecker, The Contrarian Emergency Manager Leave a comment

planI just finished reading an article by Lucien Canton, CEM – who is a well-respected and often published emergency management professional.  He maintains a blog, which he posts to often, and provides great insight to various EM-related topics.  The article that struck my interest was ‘Paper Plans and Fantasy Documents’.  Canton poses the question as a subtitle to his article – ‘Are we over-thinking planning?’.  In all actuality, based on his article and my own experiences, no – in fact we’re under-thinking it by maintaining a cookie cutter approach across the entire nation.

Canton’s commentary is similar to the thoughts I had in an earlier post on the (mis)use of templates in emergency planning.  Standards are good to have in every industry, certainly in emergency management and homeland security.  There are folks who become true experts through a great deal of experience, research, and trial and error.  The best ones share their expertise with the rest of the world in the hopes that we can all benefit.  Eventually, these standards become embraced by ‘standard setters’ – those in government or regulatory bodies who can pass laws, regulations, or codes to compel others to adhere to these standards.  This is all absolutely necessary – but, as Canton mentions, these standards become the basis for how people plan.

Just like I often write in my training-related posts, it’s all about the audience.  Our planning priority must be to meet the needs of the jurisdiction/company/organization who will be using the plan.  The plan must have utility – i.e. it must be usable.  Just because a plan meets established standards, does not mean that it can be operationalized.  Obviously our plans must still meet standards, but that really is a secondary concern to usability.  I think we are missing the forest for the trees and need to seriously re-think how we plan.

Any ideas?

Safeguarding our Electrical Grid – Reblog

Tim Riecker, The Contrarian Emergency Manager Leave a comment

More thoughts on the vulnerabilities of our electrical grid.  Great post.

Andy (אברהם נפתלי) Blumenthal's avatarandyblumenthal

Image

Popular Science (28 January 2013) has an interesting article on “How To Save The Electrical Grid.”

Power use has skyrocketed with home appliances, TVs, and computers, causing a significant increase in demand and “pushing electricity through lines that were never intended to handle such high loads.”

Our electrical infrastructure is aging with transformers “now more than 40 years old on average and 70% of transmission lines are at least 25 years old” while at the same time over the last three decades average U.S. household power consumption has tripled!

The result is that the U.S. experiences over 100 mass outages a year to our electrical systems from storms, tornados, wildfires and other disasters.

According to the Congressional Research Service, “cost estimates from storm-related outages to the U.S. economy at between $20 billion and $55 billion annually.”

For example, in Hurricane Sandy 8 millions homes in 21 states lost power, and…

View original post 350 more words

From Emergency Management Magazine – Catastropic Power Outages Post Significant Recovery Challenges

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Emergency Management Magazine posted a great article written by Adam Stone about catastrophic power outages.  The article lays out some interesting facts and prompts many thoughts on how our society would sustain with limited power.  Mr. Stone also mentions how vulnerable our grids are to both cyber attacks and squirrels!