Tag homeland security

A New NFPA 1600

Tim Riecker, The Contrarian Emergency Manager 7 Comments

Several weeks ago (I forgot to post it!) the National Fire Protection Association (NFPA) released the 2016 update of their 1600 standard, and with a slightly different name: Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs.  More on the name change in a bit.

For those not familiar with NFPA 1600, if you are in the emergency management field, you should be familiar with it.  While not legally binding (unless specifically referenced by a law or regulation), NFPA 1600 is an excellent standard for modeling an emergency management program.  Like any good standard, it provides guidance on what components you should have, but doesn’t tell you how to do it. NFPA 1600 is also very complimentary to the Emergency Management Accreditation Program (EMAP), with no conflicts between these standards – mostly because EMAP foundationally references much of NFPA 1600.  NFPA 1600 can be found here.  The NFPA provides a free download of the standard (it is heavily copyrighted, so exercise prudence in how you handle it) or you can pay to obtain paper copies.

On to the changes in this update.  As mentioned, the title has been altered a bit by adding ‘Continuity of Operations’.  While it doesn’t say so, I’m guessing that some government-types may have approached NFPA 1600 a bit skeptically thinking that it was really intended for the private sector.  The thing is, business continuity is a specific function within emergency management, but largely follows many of the same processes, just with a particular focus.

Within the standard, the early section titled ‘The Origin and Development of NFPA 1600’ summarizes the evolution of the standard, and provides some information on the changes to the 2016 update.  They mention that “The purpose of the standard has been changed to reflect the Committee’s decision to emphasize that the standard provides fundamental criteria for preparedness and that the program addresses prevention, mitigation, response, continuity, and recovery.  In other words, “preparedness” is no longer just an element of the program – it is the program.” That perspective on preparedness is a great continued evolution of the concept within emergency management.  While the standard in emergency management used to be the emergency management cycle with preparedness as one phase, that is thankfully beginning to go away (although it’s still seen out there way too much for my taste).

old em cycle

The Old Emergency Management Cycle – DON’T USE THIS ANYMORE!

The truth is preparedness permeates everything we do – all phases (or mission areas) of emergency management.  That’s why there are five mission areas identified in the National Preparedness Goal (Protection, Prevention, Response, Mitigation, and Recovery).  Where is preparedness?  It’s the root of the document (literally… it’s in the name of the document).  Preparedness is addressed for each mission area.  We must prepare to protect, prepare to prevent, prepare to respond, prepare to mitigate, and prepare to recover.

As usual, I digress…

Back to NFPA 1600.  This 2016 update includes language within “crisis management planning to include issues that threaten the reputation of and the strategic and intangible elements of the entity as a result of an event or series of events…”.  Smart move.  These elements of crisis management are something we see in both the public and private sector and certainly should be addressed.

Since business continuity does remain a focus element of the standard, they have continued to enhance those aspects.  As such, they have included information on supply chain risk and information security within the document.  When considering business continuity, we can’t just look at our own operations.  The vulnerabilities of other organizations can certainly impact us, so examining supply chain vulnerabilities is wise.  As for information security, we have seen plenty of internal and external cybersecurity issues to justify that.  Although a bit late, I’m glad the NFPA is keeping up with technology and current trends and hazards.  They have also rewritten much of the business impact analysis section (within Chapter 5) to address continuity planning and recovery planning, with a specific differentiation between the two.

Lastly, they have added Annex C, a small business preparedness guide (good move NFPA!), and have added material on addressing the needs of persons with access and functional needs, as well as adding some information on the role of social media in crisis communications plans.

These are all positive changes for the NFPA 1600 standard.  I encourage everyone who is part of an emergency management program to take a look at it and see what it has to offer.  It’s good guidance and will probably provide some good ideas for helping you grow and maintain an impactful program.

For those interested, I have a couple of past articles on standards in emergency management:

Standards in Emergency Management Programs

Business Continuity and Emergency Management Standards and Requirements

 

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLCWe are your Partner in Preparedness!

Don’t Just Take It From Me – There are Issues with ICS Training

Tim Riecker, The Contrarian Emergency Manager Leave a comment

The February 2016 edition of the Domestic Preparedness Journal highlighted, among other things, some concerns with ICS training in the United States.  First off, if you aren’t subscribed to the DPJ, you should be.  It’s free and they offer good content, with few extraneous emails beyond the journals.  Check them out at www.domesticpreparedness.com.

The specific article in this issue I’m referencing is Incident Command System: Perishable if Not Practiced, by Stephen Grainer. Mr. Grainer is the Chief of Incident Management Systems for the Virginia Department of Fire Programs.  Steve has a significant depth in ICS and understands all the nuances of preparedness and application.  I first met him when serving on the national NIMS steering committee with him several years back.

The title of the article is a bit deceptive – it’s not just focused on the issue of the training being perishable.  Right up front, Mr. Grainer, who is a longtime supporter and advocate of ICS, outlines a few shortcomings and constraints related to the application of ICS and ICS training.  He states that “little attention has been given to developing the students’ ability to recognize an evolving situation in which more formalized implementation of the ICS should be undertaken”.  This underscores one of my main points on the failings of the ICS curriculum.  We teach people all about what ICS is, but very little of how to use it.

After giving a few case studies that reflect on the shortcomings he highlighted, Mr. Grainer expresses his support for continued training, refresher training (something not currently required), and opportunities to apply ICS in ways that public safety and emergency management don’t do on a regular basis.  He summarizes by stating that not only does training need to continue to address succession and bench depth, but also the need to address how to maintain competencies and address misunderstandings in NIMS/ICS.

Yes, training does need to continue, but it must be the RIGHT training!  We continue doing a disservice by promoting the current ICS courses which fall well short of what needs to be accomplished.  Mr. Grainer’s mention of the need for our training to address better implementation of ICS, particularly beyond the routine, is perhaps a bit understated, but nonetheless present.  Refresher training also needs to be incorporated into a new curriculum, as these skills are absolutely perishable – particularly the aspects of ICS typically reserved for more complex incidents.

In the event you aren’t familiar with my earlier posts on ICS and my crusade for a better curriculum, check out these posts.  As I’ve said before, this isn’t a pick-up kickball game… this is public safety.  We can do better.

Shameless plug:  Assessments, Planning, Training, Exercises.  Emergency Preparedness Solutions does it all.  Contact us to find out how our experience can benefit your jurisdiction’s or organization’s emergency and disaster preparedness.  We are your partner in preparedness.  www.epsllc.biz.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Book Review – Failures of Imagination by Michael McCaul

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Failures of Imagination: The Deadliest Threats to our Homeland – and how to Thwart Them by Michael McCaul.  A few months ago I put up a short post when I heard about this book coming out.  I speculated a bit on what I anticipated and fortunately those were good assumptions.

Michael McCaul is chairman of the House Homeland Security Committee.  Congressman McCaul (R-TX) has served with the US Department of Justice and was chief of Counterterrorism and National Security for the US Attorney’s Office in Texas.  Along with chairing the House Homeland Security Committee, he is also a member of the Committee on Foreign Affairs.  The background all contributes to some interesting insights and perspectives on the threats our nation faces.  Several of those threats have been presented to us in this book. FoI

Failures of Imagination presents several scenarios including an attack on our seat of government, a radiological dispersion device (RDD), foreign influence on an election, a mass shooting in a public space, a cyberattack on finance and infrastructure, a bioterrorism attack, an airplane bombing, and an invasion by foreign powers.  Each scenario is introduced with what I will term a short story, followed by a fictionalized executive situation report, and concluded with a factual review of how the scenario is plausible.

The short stories that introduce each scenario are fairly compelling.  They read like any popular thriller novel, establishing two or three converging story lines with a brief bit of character development which quickly establish motive, plot, and execution.  The timelines are set anywhere from two to 10+ years from now.

With the those scenarios set further in the future, I feel the author has taken some liberties assuming that little has changed in comparison to the current global politics and state of affairs, but that doesn’t bother me too much.  I expect that some readers might feel these fictionalized stories sensationalize the scenarios a bit.  While on the surface that is understandable, consider that the plots as they unfold in these stories may not be far from reality, and that the Congressman has discovered that a mix of fiction and non-fiction can help enhance the readers’ experience and sell more books.  Also consider that we often do the same thing when doing scenario-based planning, training, and exercises.

As a follow-on to each scenario’s short story, a mock executive-level situation report is provided which gives an overview of the impacts of each scenario as presented in the short story.   The basis of this is something we also do in many of our preparedness efforts as we try to gauge a realistic scope of impact.  The Congressman outlines in many of these not only the casualties, but broader impacts such as those to the economy, and takes some realistic stabs at longer term recovery matters.  These situation reports give a good perspective to the reader about the potential impacts of each scenario beyond the more narrow scope of the short story.

Lastly, McCaul provides some narrative on how each scenario presented is rooted in reality.  These summaries provide information on the current situation as it relates to each scenario, typically regarding the modus operandi of certain terrorist groups or state sponsors of terrorism, relationships these groups may have with each other across the globe, and weaknesses in our own security construct which may permit these groups to gain access to the US and do us harm.  While much of the information and recommendations provided by Mc Caul in these sections are factual, practical, and eye-opening, I have to admit that I was significantly turned off by several instances of what I can only call antagonistic political finger pointing.  While I don’t disagree with what the Congressman was saying about certain policies and actions of other elected officials which have influenced our ability to prevent, protect, and prepare for these types of attacks, the messages often came across as snarky and partisan – something I have little patience for, especially in this election cycle.

Failures of Imagination certainly delivered.  While the focus of this book is on threats to the US, I would suggest that the foundational issues identified can apply to most nations and are a good read for anyone in emergency management and homeland security.  The short stories included in each scenario feed our desire to be entertained and contribute to the book being a quick read.  While the scenarios overall don’t serve as much of a resource for emergency management planning, as many of these types of scenarios are already in use in our efforts, the book does provide some context for each scenario which could be referenced, especially in regard to impacts.  Of most importance are the recommendations which Congressman McCaul provides for each scenario.  Many of the recommendations indicate higher-level actions we as a government need to take to prevent, protect, and prepare for attacks of these types.  Increased awareness of these actions will hopefully lead to development, funding, and implementation.

© 2016 – Timothy Riecker

ICS: Who doesn’t need it?

Tim Riecker, The Contrarian Emergency Manager 16 Comments

In a recent discussion thread, someone shared some material for a new program that promotes resiliency for disaster housing.  While the intent of the program is good, there was one thing that struck me – it stated that it was based on the incident command system (ICS).  My question – why?

ICS is a great system.  It’s proven to be effective WHEN APPLIED PROPERLY.  That’s the catch, though, isn’t it?  A great many after action reports (AARs) identify areas for improvement relative to various facets of ICS after incidents, events, and exercises.  The organizations that the AARs are usually focused on are professional response organizations – fire, police, EMS, public works, public health, emergency management, etc.  These are organizations that generally get LOTS OF PRACTICE in applying ICS.  So what’s the problem?

The problem is that most organizations that do use ICS don’t get enough practice in applying ICS beyond smaller incidents.  So if responders, who are using ICS, have difficulty with expanded application despite some practice and more advanced training, how are organizations who don’t use it all expected to be able to remember it much less apply it properly on even the most basic of incidents?  (More on my issues with ICS training here, in case you’ve missed posts over the last year or so.)

So back to the main topic of this post – who doesn’t need ICS training?  I would suggest that those persons and organizations that don’t fit the broad definition of responders DON’T NEED IT.  While this may be blasphemous to some, consider the time and effort wasted on getting people trained to understand ICS who will NEVER USE IT.  “But what if they do need it?” you ask?

I’m challenged to really find that need.  Why does the management of an apartment complex need to know or understand ICS?  I find the thought of that foolish and wasteful.  Sure, they can be a partner in disaster preparedness, response, and recovery.  Does that make them a responder?  No. Will they become part of the ICS organization?  NO!  Is there any reason why they would need to use ICS to manage their own organization?  NO!!! They manage their organization every day through what should be a very effective model for them.  Why the hell do we want to change that?  We need to stop pushing our complex shit on other people who don’t need it.

I’m of two thoughts on this… One, there are people who are so gung-ho over including everyone under the sun into emergency management that they feel compelled to bring them into the profession.  News flash people – if they wanted to be emergency managers, they would.  There is no practical reason for them to be trained in the vast complexities of emergency management.  Two, there are people who don’t really understand the applications of emergency management themselves, and therefore try to make adaptations of the system for every variety of stakeholder out there.  This is something I’ve struggled with very often as people try to adapt ICS to their organization and, in doing so, change the foundational principles of ICS (span of control, terminology, organizational structure, etc.).  Further, every organization thinks they have an INCIDENT COMMANDER.  STOP!!!

ICS is not for everyone.  I’m not being elitist or exclusionary, I’m being practical.  That’s not to say that certain stakeholders shouldn’t at least be familiar with what it is, but still not every stakeholder or partner, and they certainly don’t need to know how to actually apply it.  For many, simply having a point of contact with certain departments or through the 911 center is enough.  Certainly if some have an interest in it they can ask, or take a class either in person or online.  (I would never withhold a training opportunity from anyone.)  This should certainly give them enough to satisfy their curiosity.

Along with my crusade to make better ICS training for responders (even non-traditional ones), I would suggest that we need to do a better job of advising other organizations about how they interact with the system.  Simply throwing ICS training at them DOESN’T WORK.  It creates false expectations and generates more confusion.

So please, fire away with your thoughts.  Who do you think shouldn’t have ICS training?  What would you change about the current ICS training model/requirements? 

Shameless plug time: Need ICS training or training in other areas of emergency management?  How about meaningful and practical emergency plans you can actually implement?  Exercises to test those plans and give staff an opportunity to practice implementing plans?  Emergency Preparedness Solutions can help!  Link to info below!

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Failed Attempts to Measure NIMS Compliance – How can we get it right?

Tim Riecker, The Contrarian Emergency Manager 3 Comments

Yesterday the US Government Accountability Office (GAO) released a report titled Federal Emergency Management Agency: Strengthening Regional Coordination Could Enhance Preparedness Efforts.  I’ve been waiting for a while for the release of this report as I am proud to have been interviewed for it as a subject matter expert.  It’s the second GAO report on emergency management I’ve been involved in through my career.

The end game of this report shows an emphasis for a stronger role of the FEMA regional offices.  The GAO came to this conclusion through two primary discussions, one on grants management, the other on assessing NIMS implementation efforts.  The discussion on how NIMS implementation has thus far been historically measured shows the failures of that system.

When the National Incident Management System (NIMS) was first created as a nation-wide standard in the US via President Bush’s Homeland Security Presidential Directive (HSPD) 5 in 2003, the NIMS Integration Center (NIC) was established to make this happen.  This was a daunting, but not impossible task, involving development of a standard (lucky much of this already existed through similar systems), the creation of a training plan and curricula (again, much of this already existed), and encouraging something called ‘NIMS implementation’ by every level of government and other stakeholders across the nation.  This last part was the really difficult one.

As identified in the GAO report: “HSPD-5 calls for FEMA to (1) establish a mechanism for ensuring ongoing management and maintenance of the NIMS, including regular consultation with other federal departments and agencies and with state and local governments, and (2) develop standards and guidelines for determining whether a state or local entity has adopted NIMS.”

While there was generally no funding directly allocated to NIMS compliance activities for state and local governments, FEMA/DHS associated NIMS compliance as a required activity to be eligible for many of its grant programs.  (So let’s get this straight… If my jurisdiction is struggling to be compliant with NIMS, you will take away the funds which would help me to do so????)  (the actual act of denying funds is something I heard few rumors about, but none actually confirmed).

NIMS compliance was (and continues to be) a self-certification, with little to no effort at the federal level to actually assess compliance.  Annually, each jurisdiction would complete an online assessment tool called NIMSCAST (the NIMS Compliance Assistant Support Tool).  NIMSCAST ran until 2013.

NIMSCAST was a mix of survey type questions… some yes/no, some with qualified answers, and most simply looking for numbers – usually numbers of people trained in each of the ICS courses.  From FEMA’s NIMS website: “The purpose of the NIMS is to provide a common approach for managing incidents.”  How effective do you think the NIMSCAST survey was at gauging progress toward this?  The answer: not very well.  People are good at being busy but not actually accomplishing anything.  It’s not to say that many jurisdictions didn’t make good faith efforts in complying with the NIMS requirements (and thus were dedicated to accomplishing better incident management), but many were pressured and intimidated, ‘pencil whipping’ certain answers, fearing a loss of federal funding.   Even for those will good faith efforts, churning a bunch of people through training courses does not necessarily mean they will implement the system they are trained in.  Implementation of such a system required INTEGRATION through all realms of preparedness and response.  While NIMSCAST certainly provided some measurable results, particularly in terms of the number of people completing ICS courses, that really doesn’t tell us anything about IMPLEMENTATION.  Are jurisdictions actually using NIMS and, if so, how well?  NIMSCAST was a much a show of being busy while not accomplishing anything as some of the activities it measured.  It’s unfortunate that numbers game lasted almost ten years.

In 2014, the NIC (which now stands for the National Integration Center) incorporated NIMS compliance questions into the Unified Reporting Tool (URT), including about a dozen questions into every state’s THIRA and State Preparedness Report submission.  Jurisdictions below states (unless they are Urban Area Security Initiative grant recipients) no longer need to provide any type of certification about their NIMS compliance (unless required by the state).  The questions asked in the URT, which simply check for a NIMS pulse, are even less effective at measuring any type of compliance than NIMSCAST was.

While I am certainly being critical of these efforts, I have and continue to acknowledge how difficult this particular task is.  But there must be a more effective way.  Falling back to my roots in curriculum development, we must identify how we will evaluate learning early in the design process.  The same principal applies here.  If the goal of NIMS is to “provide a common approach to managing incidents”, then how do we measure that?  The only acceptable methodology toward measuring NIMS compliance is one that actually identifies if NIMS has been integrated and implemented.  How do we do that?

The GAO report recommends the evaluation of after action reports (AARs) from incidents, events, and exercises as the ideal methodology for assessing NIMS compliance.  It’s a good idea.  Really, it is.  Did I mention that they interviewed me?

AARs (at least those well written) provide the kinds of information we are looking for.  Does it easily correlate into numbers and metrics?  No.  That’s one of the biggest challenges with using AARs, which are full of narrative.  Another barrier to consider is how AARs are written.  The HSEEP standard for AARs is to focus on core capabilities.  The issue: there is no NIMS core capability.  Reason being that NIMS/ICS encompasses a number of key activities that we accomplish during an incident.  The GAO identified the core capabilities of operational coordination, operational communication, and public information and warning to be the three that have the most association to NIMS activities.

The GAO recommends the assessment of NIMS compliance is best situated with FEMA’s regional offices.  This same recommendation comes from John Fass Morton who authored Next-Generation Homeland Security (follow the link for my review of this book).  Given the depth of analysis these assessments would take to review AAR narratives, the people who are doing these assessments absolutely must have some public safety and/or emergency management experience.  To better enable this measurement (which will help states and local jurisdictions, by the way), there may need to be some modification to the core capabilities and how we write AARs to help us better draw out some of the specific NIMS-related activities.  This, of course, would require several areas within FEMA/DHS to work together… which is something they are becoming better at, so I have faith.

There is plenty of additional discussion to be had regarding the details of all this, but its best we not get ahead of ourselves.  Let’s actually see what will be done to improve how NIMS implementation is assessed.  And don’t forget the crusade to improve ICS training!

What are your thoughts on how best to measure NIMS implementation?  Do you think the evaluation of AARs can assist in this?  At what level do you think this should be done – State, FEMA Regional, or FEMA HQ?

As always, thanks for reading!

© 2016 – Timothy Riecker

Emergency Management: Coordinating a System of Systems

Tim Riecker, The Contrarian Emergency Manager 1 Comment

Emergency management, by nature, is at the nexus of a number of other practices and professions, focusing them on solving the problems of emergencies and disasters.  It’s like a Venn diagram, with many entities, including emergency management, having some overlapping interests and responsibilities, but each of them having an overlap in the center of the diagram, the place where coordination of emergency management resides. That’s what makes the profession of emergency management fairly complex – we are not only addressing needs inherent in our own profession, we are often times doing it through the application of the capabilities of others.  It’s like being the conductor of an orchestra or a show runner for a television show. It doesn’t necessarily put emergency management ‘in charge’, but they do become the coordination point for the capabilities needed.

Presentation1

 

This high degree of coordination depends on the functioning and often integration of a variety of systems.  What is a ‘system’?  Merriam-Webster offers that a system is a “regularly interacting or interdependent group of items forming a unified whole.”  Each agency and organization that participates in emergency management has its own systems.  I’d suggest that these broadly include policies, plans, procedures, and the people and technologies that facilitate them – and not just in response, but across all phases or mission areas.  Like the Venn diagram, many of these systems interact to (hopefully) facilitate emergency management.

There are systems we have in many nations that are used to facilitate components of emergency management, such as the National Incident Management System (NIMS), the Incident Command System (ICS) (or other incident management systems), and Multi-Agency Coordination Systems (MACS).  These systems have broad reach, working to provide some standardization and common ground through which we can manage incidents by coordinating multiple organizations and each of their systems.  As you can find indicated in the NIMS doctrine, though, NIMS (and the other systems mentioned) is not a plan.  While NIMS provides us with an operational model and some guidance, we need plans.

Emergency Operations Plans (EOPs) help us accomplish a coordination of systems for response, particularly when written to encompass all agencies and organizations, all hazards, and all capabilities.  Likewise, Hazard Mitigation Plans do the same for mitigation activities and priorities.  Many jurisdictions have smartly written disaster recovery plans to address matters post-response.  We also have training and exercise plans which help address some preparedness measures (although generally not well enough).  While each of these plans helps to coordinate a number of systems, themselves becoming systems of systems, we are still left with several plans which also need to be coordinated as we know from experience that the lines between these activities are, at best, grey and fuzzy (and not in the cuddly kitten kind of way).

The best approach to coordinating each of these plans is to create a higher level plan.  This would be a comprehensive emergency management plan (CEMP).  Those of you from New York State (and other areas) are familiar with this concept as it is required by law.  However, I’ve come to realize that how the law is often implemented simply doesn’t work. Most CEMPs I’ve seen try to create an operational plan (i.e. an EOP) within the CEMP, and do very little to actually address or coordinate other planning areas, such as the hazard mitigation plan, recovery plans, or preparedness plans.

To be successful, we MUST have each of those component plans in place to address the needs they set out to do so.  Otherwise, we simply don’t have plans that are implementation-ready at an operational level.  Still, there is a synchronicity that must be accomplished between these plans (for those of you who have experienced the awkward transition between response and recovery, you know why).  The CEMP should serve as an umbrella plan, identifying and coordinating the goals, capabilities, and resources of each of the component plans.  While a CEMP is generally not operational, it does help identify, mostly from a policy perspective, what planning components must come into play and when and how they interrelate to each other.  A CEMP should be the plan that all others are built from.

Presentation2

I’m curious about how many follow this model and the success (or difficulty) you have found with it.

As always, if you are looking for an experienced consulting firm to assist in preparing plans or any other preparedness activities, Emergency Preparedness Solutions is here to help!

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC

H.R. 4397 – The Rail Safety Act

Tim Riecker, The Contrarian Emergency Manager 2 Comments

A few days ago I came across a notice of the introduction of HR 4397, aka the Rail Safety Act.  Text of the bill can be found here: https://www.govtrack.us/congress/bills/114/hr4397/text.  This bill was introduced by Rep. Ron Kind (D-WI) and had been assigned to House Committee on Transportation and Infrastructure on January 28th.  The essence of the bill… “To direct the Administrator of the Federal Emergency Management Agency to provide for caches of emergency response equipment to be used in the event of an accident involving rail tank cars transporting hazardous material, crude oil, or flammable liquids.”

If you follow the link provided above, you will get the full text of the bill, which honestly doesn’t tell much more.  I’m rather ambivalent about things like this.  We have a history of pre-positioning equipment and supplies for a variety of disasters.  Organizations such as the American Red Cross function this way, as do various agencies of the US federal government.  In 1999 the National Pharmaceutical Stockpile (NPS) was expanded to preposition medical supplies around the nation as a preparedness effort for a biological or chemical attack.  This program expanded in 2003 and became the Strategic National Stockpile (SNS).  In 2006, FEMA/DHS developed a program to pre-position disaster supplies (mostly mass care types of supplies) in certain disaster prone areas around the nation.  While we also have a variety of specialized teams, that’s a slightly different matter.

One key struggle of prepositioning supplies and equipment largely boils down to who will be responsible for them.  Supplies and equipment need to be secured and maintained.  This requires some regularity of check in to ensure they are ready to be deployed at a moment’s notice.  Each location needs a deployment plan, identifying how these assets will be deployed.  As part of this planning, there must be a trigger mechanism for requesting these supplies.  The supplies must deploy and reach their destination in such a time frame to be effective.  Of course upon arrival of the cache, responders must be familiar with what is there, take time to unpack it and inspect it, and be readily able to use it (therefore they must be pre-trained in the use of the equipment).  So who will be responsible for these caches?  State governments?  Local governments?  Rail carriers?  First responders?

Hazardous materials response is one of the most highly regulated aspects of public safety.  It is governed in the US by the Occupational Health and Safety Administration (OSHA) regulation 1910.120.  There is a strong emphasis on preparedness and protocol.  Only individuals trained to certain levels can conduct certain actions in a hazardous materials response.  Most responders, due to the fairly low ranking hazard of a major hazardous material release in their jurisdiction, do not have the degree of training needed to utilize some of what I expect would be in a cache of supplies as ordered by the Rail Safety Act.  That said, every jurisdiction in the US has access to a hazardous materials team – either from a nearby jurisdiction or from the state.  These teams have the specialized training and equipment needed to address a hazmat incident.  Now that we’ve gotten to that, what, exactly, is the need that the Rail Safety Act is addressing?

Sure, these caches of supplies may provide more of whatever is needed, but there are a few issues here.  First of all, it will take people to examine what is being delivered, to unpack it, and to ready it for deployment.  Often, the biggest issue on a response such as this is a lack of trained personnel.  Second, will the materials being provided by the cache be interoperable with what the hazmat team is using?  While we have gotten better at standardizing equipment, there are still many issues out there.  Tab A requires Slot A.  Slot B simply won’t work.

I suppose what I’m really interested in here is a definition of need.  Has there been any type of needs assessment or feasibility study conducted for this?  I’m doubtful.  Most bills are generally introduced at a whim by well-intentioned but ill-informed politicians.  The last thing we need is another requirement to work within that does us little good – even if it is to be funded by the rail carriers.

I’m curious if anyone out there happens to know about this bill or any need supporting it.

© 2016 – Timothy Riecker

Another Great Emergency Management and Homeland Security Podcast

Tim Riecker, The Contrarian Emergency Manager Leave a comment

A couple months ago I came across another great podcast.  This one is done by a company called PreparedEx – www.preparedex.com and on Twitter @preparedex.  They link to their podcast from their website but you can also find it in the iTunes podcast listing.  They are only seven episodes in, and most episodes are about a half hour long, so you can catch up pretty quickly.  They generally post two episodes a month, which is excellent frequency.

PreparedEx is a consulting firm specializing in preparedness exercises.  Yes, they are technically a competitor of my company, but from what I’ve seen and heard, they are quite capable and do some really cool stuff.

The host of their podcast is Robert Burton, who is the company’s managing director.  Robert has some great counterterrorism creds and facilitates the podcast well.  What I love most about this podcast is the interview format.  Nearly every episode focuses on an interview, and they have gotten some great subjects – from state emergency management directors to corporate security specialists.  The interviews offer excellent insight and are very conversational and easy to listen to. They cover topics in emergency management, homeland security, and business continuity.

Go check them out and enjoy!

– TR

Emergency Management – Who Knows About Your Plans?

Tim Riecker, The Contrarian Emergency Manager 1 Comment

In emergency management and homeland security we put a lot of emphasis on planning.  Plans are important, afterall.  We need to take the time to identify what our likely hazards are and how we will address them.  But what happens when the plan is complete?  We congratulate members of the planning team and send them final copies.  Those copies get filed electronically or end up on a shelf, a trophy of our accomplishment and hard work.  Congratulations!

So… that’s it?  Is that all?

NO!  Of course not!  People need to be trained to the plan.  “Trained?” you ask.  Yes – trained.  Not just sent a copy and told to review it.  Let’s be honest, here.  Even assuming the highest degree of dedication and professionalism, many people simply won’t give it the time and attention it needs.  Very quickly the plan will get buried on their desks or the email will become one of dozens or hundreds in the inbox.  Even if they do give it a look through, most will only give a quick pass through the pages between meetings (or during a meeting!), not giving much attention to the details in the plan.

How effective do you expect people to be?

Sports analogy – when a coach creates new plays, do they simply give them to the players to become familiar with and expect proficiency?  No.  Of course not.  We’re all familiar with the classic, if not cliché, setting of the coach reviewing plays on a chalk board with the players in a locker room.  That’s training.  Then after that training, they go out in the field and practice the plays.

Back to our reality… The first real step of making people familiar with the plan is to review it with them.  This usually doesn’t need to be a sleep inducing line-for-line review of the plan (unless it is a detailed procedure), but a review of the concepts and key roles and responsibilities.  In fact, that’s who you invite to the training – those who are identified in the plan.  This is likely to include people in your own agency as well as people in other agencies (emergency management, after all, is a collaborative effort).  In states with strong county governments, we often see county-level emergency management offices creating plans that dictate or describe the activities of local governments and departments.  Most often, the local departments have no awareness of these plans, much less receive any training on them.  I’m guessing that plan won’t work.

Once you’ve trained these key stakeholders, be sure to conduct exercises on various aspects of the plan.  Exercises serve not only to validate plans, but to also help further familiarize stakeholders with the plan, their roles, and expectations of others.  When we plan, we tend to make many assumptions which exercises help to work through.  Through exercising we also identify other needs we may have.

Need help with planning? Training? Exercises?  EPS can do it!  Link below.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC 

 

Updating ICS Training: Identification of Core Competencies

Tim Riecker, The Contrarian Emergency Manager Leave a comment

The crusade continues.  ICS training still sucks.  Let’s get enough attention on the subject to get it changed and make it more effective.

If you are a new reader of my blog, or you happened to miss it, check out this post from last June which should give you some context: Incident Command System Training Sucks.

As mentioned in earlier posts on the topic, the ICS-100 and ICS-200 courses are largely OK as they current exist.  Although they could benefit from a bit of refinement, they accomplish their intent.  The ICS-300 course is where we rapidly fall apart, though.  Much of the ICS-300 is focused on the PLANNING PROCESS, which is extremely important (I’ve worked a lot as an ICS Planning Section Chief), however, there is knowledge that course participants (chief and supervisor level responders) need to know well before diving into the planning process.

First responders and other associated emergency management partners do a great job EVERY DAY of successfully responding to and resolving incidents.  The vast majority of these incidents are fairly routine and of short duration.  In NIMS lingo we refer to these as Type IV and Type V incidents.  The lack of complexity doesn’t require a large organization, and most of that organization is dedicated to getting the job done (operations).  More complex incidents – those that take longer to resolve (perhaps days) and require a lot more resources, often ones we usually don’t deal with regularly – are referred to as Type III incidents.  Type III incidents, such as regional flooding or most tornados, are localized disasters.  I like to think of Type III incidents as GATEWAY INCIDENTS.  Certainly far more complex than the average motor vehicle accident, yet not hurricane-level.  The knowledge, skills, and abilities applied in a Type III, however, can be directly applied to Type II and Type I incidents (the big ones).

It’s not to say that what is done in a car accident, conceptually, isn’t done for a hurricane, but there is so much more to address.  While the planning process certainly facilitates a proactive and ongoing management of the incident, there are other things to first be applied.  With all that said, in any re-writing and restructuring of the ICS curriculum, we need to consider what the CORE COMPETENCIES of incident management are.

What are core competencies?  One of the most comprehensive descriptions I found of core competencies comes from the University of Nebraska – Lincoln, which I summarized below.  While their description is largely for a standing organization (theirs), these concepts easily apply to an ad-hoc organization such as those we establish for incident management.

Competency: The combination of observable and measurable knowledge, skills, abilities and personal attributes that contribute to enhanced employee performance and ultimately result in organizational success. To understand competencies, it is important to define the various components of competencies.

  • Knowledge is the cognizance of facts, truths and principles gained from formal training and/or experience. Application and sharing of one’s knowledge base is critical to individual and organizational success.
  • A skill is a developed proficiency or dexterity in mental operations or physical processes that is often acquired through specialized training; the execution of these skills results in successful performance.
  • Ability is the power or aptitude to perform physical or mental activities that are often affiliated with a particular profession or trade such as computer programming, plumbing, calculus, and so forth. Although organizations may be adept at measuring results, skills and knowledge regarding one’s performance, they are often remiss in recognizing employees’ abilities or aptitudes, especially those outside of the traditional job design.

When utilizing competencies, it is important to keep the following in mind:

  • Competencies do not establish baseline performance levels
  • Competencies support and facilitate an organization’s mission 
  • Competencies reflect the organization’s strategy; that is, they are aligned to short- and long-term missions and goals.
  • Competencies focus on how results are achieved rather than merely the end result. 
  • Competencies close skill gaps within the organization.
  • Competency data can be used for employee development, compensation, promotion, training and new hire selection decisions.

So what are the CORE COMPETENCIES OF INCIDENT MANAGEMENT?  What are the knowledge, skills, and abilities (KSAs) that drive organizational success in managing and resolving an incident?  Particularly for this application, we need to focus on WHAT CAN BE TRAINED.  I would offer that knowledge can be imparted through training, and skills can be learned and honed through training and exercises; but abilities are innate, therefore we can’t weigh them too heavily when considering core competencies for training purposes.

All in all, the current ICS curriculum, although in need of severe restructuring, seems to cover the knowledge component pretty well – at least in terms of ICS ‘doctrine’.  More knowledge needs to be imparted, however, in areas that are tangential to the ICS doctrine, such as emergency management systems, management of people in the midst of chaos, and other topics.  The application of knowledge is where skill comes in. That is where we see a significant shortfall in the current ICS curriculum.  We need to introduce more SCENARIO-BASED LEARNING to really impart skill-based competencies and get participants functioning at the appropriate level of Bloom’s Taxonomy.

Aside from the key concepts of ICS (span of control, transfer of command, etc.), what core competencies do you feel need to be trained to for the average management/supervisor level responder (not an IMT member)?  What knowledge and skills do you feel they need to gain from training?  What do we need a new ICS curriculum to address?

(hint: this is the interactive part!  Feedback and comments welcome!)

As always, thanks to my fellow crusaders for reading.

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLC