FEMA’s First Lessons Learned From COVID-19

FEMA recently released the Pandemic Response to Coronavirus Disease 2019 (COVID-19): Initial Assessment Report (January – September 2020). The report has many elements of a traditional after-action report. The authors reinforce that the report only evaluates FEMA’s response, not those of other agencies or entities. That said, emergency management, by nature is collaborative and FEMA’s interactions with other agencies and entities are cited as necessary. The report covers five primary areas of evaluation:

  1. Coordinating Structures and Policy
  2. Resources
  3. Supporting State, Local, Tribal, and Territorial (SLTT) Partners
  4. Preparedness and Information Analysis
  5. Organizational Resilience

Also, with similarity to a traditional after-action report, this report provides a table of key findings and recommendations as Appendix A.

Here are some of my primary observations:

Following the executive summary is a the COVID-19 Pandemic Overview, which is a well-constructed piece providing a combined narrative timeline and topical highlights, providing information and context to the pandemic and the response, as well as some of the complexities encountered. While the report does well to acknowledge the myriad disasters that SLTT partners and federal agencies responded to over 2020, I find it shameful that they very obviously ignore the societal impacts of the US political climate (related to the pandemic and otherwise) as well as events surrounding the BLM movement. I firmly believe this report should fully acknowledge these factors and could have done so without itself making a political statement. These were important, impactful, and far-reaching, certainly influencing the operating environment, public information, and other very real facets of the response. I feel that the exclusion of these factors leaves this report incomplete.

Relative to the Coordinating Structures and Policy section, FEMA reinforces many, many times that they were put into a leadership position for this disaster that was unexpected and perhaps led to some coordination problems. I feel FEMA should always be a lead or co-lead agency for the federal response for large disasters regardless of the hazard. While a pandemic is certainly a public health hazard, FEMA has practiced experience in federal coordination to major disasters, mobilization of resources and logistical support, SLTT coordination, and overall incident management. The Unified Coordination Group is a sound application in situations where other federal agencies share significant authority. The kinks should be worked out of this, with the National Response Framework updated to reflect such.

Also mentioned within this section is the creation of a White House Task Force which was intended to make executive decisions of the highest level. This is not unprecedented and should certainly be expected for other large-scale disasters in the future. I feel, however, that removing the FEMA Administrator from having a direct line of communication with the White House during ‘peace time’ has significant impact on FEMA leadership’s ability to integrate. Positioning FEMA subordinate to the Secretary of Homeland Security is akin to putting a police officer in charge of a pool and keeping the lifeguard in the breakroom. Sure, the police officer can do a lot, but there are specific skills needed which necessitate that the lifeguard has a constant presence at the pool rather than only being called in when something gets bad enough. 

FEMA makes a point about inheriting eight task forces created by HHS which then needed to be integrated into the NRCC organization. These task forces had some overlap with the existing NRCC and ESF structure, resulting in duplications of effort and coordination problems. While FEMA says they were able to overcome this over time, it is obviously something that, given the National Response Framework, should have not happened in the first place. FEMA’s recommendations associated with this matter do not once cite the National Response Framework and instead point the finger at NIMS/ICS use, fully ignoring that the foundation of preparedness is planning. Either HHS made these task forces up on the fly or had a plan in place that accounted for their creation. Either way, it’s the National Response Framework that was ignored. NIMS/ICS helps support plan implementation.

The next section on resource management demonstrates that FEMA learned a lot about some intricacies of resource management they may have not previously encountered. With the full mobilization of resources across the nation for the pandemic, along with targeted mobilizations for other disasters, the system was considerably stressed. FEMA adapted their systems and processes, and in some cases developed new methodologies to address resource management needs. One key finding identified was a need to better integrate private sector partners, which isn’t surprising. I think we often take for granted the resources and systems needed to properly coordinate with the private sector on a large scale during a disaster. One of the largest disasters within this disaster was that of failed supply chains. Granted, the need was unprecedented, but we certainly need to bolster our preparedness in this area.

To help address supply chain issues, novel solutions such as Project Airbridge and specific applications of the Defense Production Act were used. The best practices from these strategies must be memorialized in the form of a national plan for massive resource mobilizations.

SLTT support for the time period of the report was largely successful, which isn’t a surprise since it’s fundamentally what FEMA does as the main coordination point between SLTT partners and federal agencies. Significant mobilizations of direct federal support to SLTT partners took place. The pandemic has provided the best proof of concept of the FEMA Integration Teams (FIT) since their development in 2017. With established relationships with SLTT partners and knowledge of needs of the federal system, they provided support, liaised, and were key to shared situational awareness. I appreciate that one of the recommendations in this section was development of a better concept of operations to address the roles and responsibilities of FIT and IMATs.

One item not directly addressed in this section was that in emergency management we have a great culture of sharing resources and people. Sharing was pretty limited in the pandemic since everyone was impacted and everyone needed resources. This caused an even greater demand on FEMA’s resources since SLTT partners largely weren’t able to support each other as they often do during disasters.

The section on preparedness and information analysis was interesting, especially on the information analysis side. The preparedness findings weren’t really much of a surprise, including not anticipating supply chain issues or SLTT needs. What this boils down to is a lack of effective plans for nation-wide disasters. On the information side, the key findings really boil down to not only improved defining of data sets and essential elements of information relative to specific needs, audiences, functions, capabilities, and lines of effort. It appears a lot was learned about not only the information needed, but also how to best utilize that information. Analytics makes data meaningful and supports better situational awareness and common operating picture.

The last section on FEMA’s organizational resilience is a good look at some of the inner workings and needs of FEMA as an agency and how they endured the pandemic and the varied demands on the agency. FEMA has always had a great culture of most employees having a disaster job which they are prepared to move into upon notice. They learned about some of the implications associated with this disaster, such as issues with engaging such a large portion of their employees in long-term deployments, public health protection, and mental health matters.

Ultimately, despite my disagreement with a couple of recommendations and leaving out some very important factors, the report is honest and, if the corrective actions are implemented, will support a stronger FEMA in the future. I’m hopeful we see a lot of these AAR types of documents across federal agencies, state agencies, local governments, the private sector, etc. EVERYONE learned from this pandemic, and continues to learn. That said, while the efforts of individual entities hold a lot of value, there also needs to be a broader, more collective examination of ‘our’ response to this disaster. This would be a monumental first task for a National Disaster Safety Board, would it not? 

© 2021 Timothy Riecker, CEDP

The Contrarian Emergency Manager™

Emergency Preparedness Solutions, LLC®

The Contrarian Emergency Manager

Going into the new year, I’ve changed the title of my blog to The Contrarian Emergency Manager. It’s a moniker I don’t take lightly, and I feel it reflects many of my positions and attitudes on our field of practice. Emergency management struggles with a number of issues, including a bit of an identity crisis, accountability (mostly to ourselves), and complacency. Yes, we have an incredibly hard working, dedicated slate of professionals and those who have been reading my blog know that it’s a rare exception for me to sling mud at any persons specifically. Our culture, systems, perceptions, and attitudes are what I endeavor to shed light on. Some positive, some negative, some simply are what they are.

Perhaps one of my most consistent pursuits has been to crack open some of the things which emergency managers are too accepting of. Through the years I’ve ranted about things like ICS training and National Preparedness Reports. The state of those, and others, is simply not good, yet not holding accountability for those responsible for them coupled with a complacent attitude about the current state of them has us stuck in the mud. It is not a role of emergency managers to look at things differently than others and to solve problems?

Words have meaning and provide us with some interesting lexicons and perceptions. The word ‘contrarian’ seems to often have a negative connotation, one of someone who is constantly a nay-sayer. In reality, it’s defined as someone who challenges the norm, which I think is often a healthy reality check. Complacency is an enemy of which we must always be vigilant. Challenges, to serve proper purpose, should also be constructive. I’ve worked with and for obstructionists. People who aren’t challenging norms or providing constructive feedback; these are people who dig in on anything that opposes their opinions and perceptions. Obstructionists thrive in negativity. While I’ve pointed out many of the things in emergency management I feel need to be fixed, I’ve also celebrated accomplishments. In holding myself accountable, I endeavor to give thoughtful critiques to the subjects about which I write. Simply saying something is bad is superficial and not at all helpful. I like to dig deeper, give some thoughtful analysis, and explain why I have the opinions I do, and as often as possible, provide my thoughts on alternative approaches which could lend improvement.

Emergency management is a practice that often thrives on theory, despite some harsh realities of implementation and impacts. We do many things a certain way because that’s how they’ve been done for years. We do other things because there is no convenient alternative. There is much we accept simply because we don’t really take the time to peel back some layers. We like to think things are better than they are, even though we live in a world of ‘what-ifs’. Perhaps doing so is overwhelming to some, but we need to remember that our work impacts the lives of real, actual people. Our work is more than just words in a plan or a training certificate or a pat on the back after an exercise. We may not perceive that impact because we aren’t putting water on fires or stopping bleeding. That, unfortunately, is a reflection of attitudes that others have of us. Our work is just as important, if not more so, because we address the big picture of emergencies and disasters.

Emergency management is an amalgamation of a field, inheriting practices from partner public safety disciplines and other sources. Those practices may work well in those disciplines, but they may not for us. Change and evolution can be difficult pills to swallow. I feel that often as a culture we’re also afraid of being critical. I think this stems from the essence of emergency management – collaboration. By nature we must work well with other agencies and organizations because that’s how emergency management as a concept works. Our fear of offending holds us back. Let’s not equate critical thinking and analysis with making offense.

I’ve railed on FEMA pretty hard over the years on things like ICS training, doctrine, and other matters. They unfortunately become the target because they are the action agent at the center of so much in emergency management. They are, however, heavily influenced by politics, priorities from external entities, and (lack of) budget. I get quite a bit of feedback from folks at FEMA, which I greatly appreciate. It’s a rare occasion they can comment publicly or in writing, but the phone calls I receive from professionals in FEMA are encouraging. Believe it or not, I’ve been thanked, with sincerity, for many of the perspectives I’ve offered. I’m told that I’ve been able to unknowingly serve as their proxy for fights they aren’t allowed to take up. I know I’ve pissed some people off, too. That’s generally not my intent, though that’s a reality I accept. My goal is to satisfy most of the people most of the time with thoughtful diatribes.

The goal of what I write is to encourage the emergency management community to consider our attitudes, practices, perceptions, and ways of thinking. For some of our practices, the status quo may very well be fine; but we should pull back the curtain and shine a light on others. There are many areas in which I feel we can do better and be better.

As we start the new year, please remember that your thoughts and feedback are always appreciated. The absolute best way for us to learn is through dialogue (the topic of my wife’s doctoral dissertation).

© 2021 Timothy Riecker, CEDP

The Contrarian Emergency Manager

Emergency Preparedness Solutions, LLC®

Contingency Planning

I’m going to wrap up 2020 by discussing contingency planning, which is a practice not seen often enough. Before I get started, I should contextualize my use of the term ‘contingency plan’. My general use of the term, at least in emergency management applications, is intended to refer to a plan which may be needed to address the disruption of current event management, incident response, or recovery operations. Essentially, it’s the emergency plan to use while dealing with an emergency, in the event that something bad occurs.

When might you need a contingency plan? Contingency plans should be developed for the kind of situations that have you looking over your shoulder or asking ‘what if…’. Weather events are often good examples, such as a response taking place during some very active tornado weather. You might be responding to the impacts of an earlier tornado, or something completely unrelated, but a tornado warning is in effect, meaning that one could materialize at any time. This could also be a response taking place in a low-lying area during a flash flood warning. We sometimes build contingency plans into our standard operating guidelines or procedures (SOPs/SOGs) by having back-up teams, such as rapid intervention teams (RITs) in the fire service, which are standing by to rescue firefighters in trouble during an interior firefighting operation. Assessing risks on an ongoing basis and developing contingency plans should be part of your incident management battle rhythm.

Where to start with contingency planning? Let’s fall back to the CPG 101 planning process. Yep, that works here, too. The first step is to build your planning team. Contingency planning is a responsibility of the Planning Section, but others need to be involved. Working from a traditional ICS structure, I’d certainly suggest involving Safety and Operations, at a minimum, but depending on circumstances, you may wish to expand this, such as considerations for failures in the supply chain (thus Logistics and Finance/Admin), which may be less of a life safety matter, but can heavily impact operational continuity.

With consideration to the Safety Officer, I’d argue that tactical safety is the primary focus of the Safety Officer; while things that can have much broader impact to the incident, while still a concern of the Safety Officer, may require more in-depth and coordinated planning, thus why I tag the Planning Section to lead contingency planning efforts. My experience has always had the Planning Section taking the lead in this. That said, your incident management organization may decide to assign this to the Safety Officer or an assistant Safety Officer. That’s totally fine in my book, so long as it’s being addressed.

Step two of the planning process is to understand the situation. Some of your risks might be really apparent, such as the tornado warning, but others may require a bit more assessment and discussion. If you need to dig deeper, or are looking at a potential need for a variety of contingency plans, I’d recommend using a risk assessment matrix to help assess the likelihood and impacts of the risks you are examining. Here’s an example of a risk assessment matrix from the United States Marine Corps. Sadly, the risk assessment matrix is not yet a common tool in our incident management doctrine and practices in the US, though I do see it referenced elsewhere. In looking at the tool, obviously those with higher probabilities and severity of impact are the priorities on which to focus. Be sure to consider cascading impacts! Keep in mind that this risk assessment, depending on the duration and kinetics of your response and the dynamics of the environment, may need to be performed more than once throughout your operations. It should at least be considered every operational period.

Step three is to identify goals and objectives. Of course, in the broadest sense, our operational priority is always life safety, but we need to refine this a bit based on the specific hazard we are planning for. Second to life safety, we should also be considering operational continuity, ensuring that we can return to current operations with the least disruption possible OR be able to immediately respond to emergent needs created by the hazard in the event of the hazard creating a more kinetic environment. Your plan may also need to address impacts to the public at large (essentially anyone not part of your incident management organization). Depending on your operational scope and the area of responsibility, this may actually exceed the capacity and mandate of your incident management organization. You will need to determine how to ‘right size’ the scope of your planning efforts. This is perhaps a good opportunity to consult the local emergency manager. Don’t lose focus, though. The contingency plan is not intended to save the world. Remember, responder safety is our number one priority.

Step four is developing the plan. This is largely an outline of the essential elements. There are a number of components to consider for your plan. First, with consideration of cascading impacts, we should identify what aspects of the hazard we can mitigate and how. If there are hasty mitigation steps we can take, those may help limit the risk to life, resources, and operations. Next, consider your concept of operations for the life safety aspect of this plan. As with any other emergency operations type of plan, we need to maintain situational awareness and have protocols for notification and warning. Using the tornado warning (during an active response) as an example, who is responsible for maintaining a watchful eye on the skies and keeping tabs on dynamic weather products? If they see something of concern, who do they notify and how? Is there an emergency radio frequency that everyone’s radio will automatically go to if used? Perhaps three blasts of an air horn? Identify what will work for your operating environment. Keep in mind that if the matter is of urgent life safety, you want to minimize the number of steps and the amount of time taken between awareness and notification to responders. Next, upon notification, what is the emergency action plan – i.e., what needs to take place? Evacuation? Shelter in place? Some other action? A great reference for this from the wildfire incident management community is Lookouts, Communications, Escape Routes, and Safety Zones (LCES), which is part of their incident safety analysis.

What happens after those protective actions? Ideally some kind of status check-in of the impacted personnel for accountability and continued situational awareness. Who is responsible for communicating that and to whom is it communicated? Is it wise to have some sort of rescue team standing by incase anyone is in trouble? If so, what resources need to be tasked to it, what is its organization, and what are their operating protocols? Can you reasonably keep the rescue team out of harm’s way to help ensure continuity of their capability?

You may also have a continuity of operations (COOP) aspect to this plan, to address how the incident management organization will minimize down time, restore prior operations, and possibly even identify alternate methods of operations. Depending on the hazard, a reassessment of the operation may need to take place to see if objectives will change to address a new situation created by impacts from this secondary incident.

Consider the current operational environment that every jurisdiction is facing at this moment. Jurisdictions, EOCs, and others should certainly have a contingency plan in place right now that addresses things like potential Coronavirus exposures, symptomatic personnel, and personnel that test positive. Many have been dealing with it, but do they have their protocols in writing? Most do not. In New York State, all public employers are now required to develop a plan to address these and other factors for public health emergencies.

Step 5 is plan preparation, review, and approval. This is the actual writing of the plan. Of course, you are in the middle of an incident, and it’s likely that the contingency(ies) you are planning for is breathing down your neck. Depending on how much haste is needed, your plan might be a few bullet points, or it could be a few pages long with more detail. Obviously do whatever is appropriate. Have the planning team members review the plan to ensure that it addresses all critical points and accurately reflects the necessary steps. Have you identified what will trigger the plan? Who is responsible for monitoring the situation? Who is responsible or activating the plan? How will they activate it and notify others? What are the responsibilities of others once they are notified?  Once you and the planning team are satisfied that you’ve addressed all the important points, the plan should be forwarded to the appropriate authority for approval, such as the incident commander, EOC manager, agency administrator, etc.

I’ll also note here that if you have multiple threats and/or hazards for which you are developing contingency plans, try to keep your contingency operations as similar as possible. The more complexity you have, especially to deal with different hazards, the more problems can occur during implementation. For example, your means and methods for notifying personnel of a tornado and a flash flood can likely be the same if their protective actions are also the same.

Lastly, step 6 is implementation of the plan. This is where someone should be working on any mitigation actions that you identified and personnel should be briefed on the plan, so they know what they are responsible for and what they need to do, when, and how.

It seems like a long process, but it can be done in a few minutes for urgent hazards. Some contingency plans may certainly be longer and more complex, especially if you are preparing for something that has a lower risk factor or something that isn’t yet a hazard, like a distant weather front. Several years back, I was part of the overhead team for a state-wide months-long debris removal initiative in the aftermath of a late season hurricane. As operations went on, we eventually entered the next hurricane season, and with that we identified the threat of future tropical storms to our area of operations (an entire state) and the operations we were responsible for. We needed to identify who and how systems would be monitored, trigger points for activation of the plan, and how to communicate emergency actions to several debris removal and debris monitoring contractors. We had time leading into hurricane season and were able to develop a well-crafted plan to meet this need. Fortunately, we didn’t have to use it.

Have you written contingency plans for incidents and events? What lessons have you learned from contingency planning?

~~

As a final bit on 2020, we are all certainly happy to see it pass. Keep in mind that while the new year offers a mental benchmark, we still have months ahead of us continuing to manage the consequences of the pandemic and our response to it. We have learned a lot of lessons from this response, which every organization should be capturing, if you haven’t already. As we go into the new year, resolve to do something meaningful with those lessons learned. Don’t just let them languish in yet another after-action report. Implement those corrective actions!

Stay safe.

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Learning from the 2009 H1N1 Pandemic Response (Guest Post)

Another great article from Alison Poste. Please be sure to check out her blog – The Afterburn – at www.afterburnblog.com.

I’m looking forward to reading about the adaptations to ICS she references in this article.

-TR

~~

Learning from the 2009 H1N1 Pandemic Response

The ICS model remains a universal command and control standard for crisis response. In contrast to traditional operations-based responses, the COVID-19 pandemic has required a ‘knowledge-based’ framework. 

A fundamental element of ICS is the rapid establishment of a single chain of command. Once established, a basic organization is put in place including the core functions of operations, planning, logistics and finance/administration. In the face of a major incident, there is potential for people and institutions to work at cross purposes. The ICS model avoids this by rapidly integrating people and institutions into a single, integrated response organization preserving the unity of command and span of control. Support to the Incident Commander (the Command Staff) includes a Public Information Officer (PIO), a Liaison Officer and a Safety Officer.

In a study done by Chris Ansell and Ann Keller for the IBM Center for the Business of Government in 2014, the response of the U.S. Center for Disease Control and Prevention (CDCP) to the 2009 H1N1 Pandemic was examined in depth. In examining the response, a number of prior outbreak responses were reviewed. Prior to the widespread adoption of ICS, “the CDCP viewed its emergency operations staff as filling an advisory role rather than a leadership role during the crisis” (Ansell and Keller, 2014). This advisory function was the operating principle of the 2003 SARS outbreak response.

ICS was created to coordinate responses that often extend beyond the boundaries of any individual organizations’ capacity to respond. Considering the 2009 H1N1 pandemic response, the authors outline three features complicated the use of the traditional ICS paradigm:

  • The overall mission in a pandemic response is to create authoritative knowledge rather than the delivery of an operational response;
  • The use of specialized knowledge from a wide and dispersed range of sources; and 
  • The use of resources to manage external perceptions of the CDCP’s response.

In response to these unique features, the authors of the study have advocated seven adaptations to the ‘traditional’ ICS structure. These adaptations will be examined in depth in a future post.

Notwithstanding the unique challenges of a ‘knowledge-based’ response, the ‘traditional’ ICS structure is well-equipped to adapt and scale to the needs of any incident. While it is true that a ‘knowledge-based’ response differs from an operational one, this is not inconsistent with the two top priorities of the ICS model: #1: Life Safety and #2: Incident (Pandemic) Stabilization. The objectives of the incident will determine the size of the organization. Secondly, the modular ICS organization is able to rapidly incorporate specialized knowledge and expand/contract as the demands of the incident evolve. Finally, assigning resources to monitor external communications will remain the purview of the PIO as a member of Command Staff.

When the studies are written on the use of ICS in the COVID-19 pandemic, what do you think will be the key take-aways? As always, I’m interested to hear your thoughts and ideas for future topics.

Reference

Ansell, Chris and Ann Keller. 2014. Adapting the Incident Command Model for Knowledge-Based Crises: The Case of the Centers for Disease Control and Prevention. IBM Center for the Business of Government. Retrieved August 16, 2020 from http://www.businessofgovernment.org/sites/default/files/Adapting%20the%20Incident%20Command%20Model%20for%20Knowledge-Based%20Crises.pdf 

How BC is Acing the Pandemic Test (Guest Post)

I’m excited and honored to promote a new blog being written by Alison Poste. Alison has led major disaster response and recovery efforts in Alberta, Canada, including the 2013 floods and the Fort McMurray wildfires, and currently works as a consultant specializing in business continuity, emergency management, and crisis communications. Her new blog, The Afterburn – Emergency Management Lessons from Off the Shelf, takes a critical look at lessons learned and how they are applied.

I’ve pasted her first post below, but also be sure to click the link above to follow her blog. I’m really excited about the insight Alison will be providing!

– TR

~~

The pandemic has upended how those in the emergency management field have seen traditional response frameworks. Lessons learned from the pandemic response will be useful to governments and the private sector alike in the coming years.

The ICS framework for emergency response is well equipped to address the unique needs of any disaster, including a global pandemic. The rapid scalability of the structure allows the response to move faster than the speed of government. It provides the framework for standardized emergency response in British Columbia (B.C.).

The B.C. provincial government response to the coronavirus pandemic, led by Dr. Bonnie Henry, the Provincial Health Officer (PHO) has received international acclaim. It is useful therefore to learn from the best practises instituted early on in the pandemic to inform future events. 

In February 2020, the Province of B.C. published a comprehensive update to the British Columbia Pandemic Provincial Coordination Plan outlining the provincial strategy for cross-ministry coordination, communications and business continuity measures in place to address the pandemic. Based on ICS, the B.C. emergency response framework facilitates effective coordination by ensuring the information shared is consistent and effective. The Province of B.C. has provided a daily briefing by Dr. Henry and Adrian Dix, the B.C. Minister of Health as a way to ensure B.C. residents receive up to date information from an authoritative source.

While we may consider the COVID-19 pandemic to be a unique event, a number of studies have provided guidance to emergency response practitioners of today. The decisive action taken by the B.C. PHO on COVID-19, has focused on the twin pillars of containment and contact tracing. Early studies regarding the effect of contract tracing on transmission rates have seen promising results, however the tracing remains a logistical burden. As studies indicate, these logistical challenges have the potential to overwhelm the healthcare system should travel restrictions be relaxed, leading to the possible ‘importation’ of new infections. 

B.C. has instituted robust contract tracing mechanisms to reduce the spread of COVID-19 in alignment with best practises in other jurisdictions. When instituted methodically, contact tracing, consistent communication, and Dr. Henry’s mantra to “Be calm. Be kind. Be safe.” remain critical tools to ensure limited spread, a well-informed and socially cohesive population.

How has your organization helped to slow the spread of COVID-19?  As always, I welcome your feedback and suggestions for how to improve the blog.

It’s Not Too Late To Prepare

The phrase I’ve been using lately when I speak to people has been “It’s not too late to prepare”.  Many people perceive that in the middle of a disaster we are unable to prepare.  Quite the contrary, we have the potential to integrate all of our preparedness steps into a response.  Because we have problems in front of us that need to be addressed, we have an opportunity to continuously improve, ensuring that organizationally we are offering the very best we can. 

There is a reason why there isn’t a mission area for preparedness in the National Preparedness Goal.  This is because preparedness is ongoing.  It’s not a separate or distinct activity.  Rather it is comprised of activities that support all mission areas, no matter when they are actioned.  Preparedness is continuous.

Assessment

Assessment is a key activity within preparedness.  In fact, assessment is foundational in understanding what’s going on.  During a disaster, good management practices dictate that we should be monitoring our response and adjusting as needed.  What exactly should we be monitoring?  Similar to evaluating an exercise, consider the following:

  • What was the effectiveness of deliberate planning efforts? 
    • Were planning assumptions correct?
    • Was the concept of operations adequate in scope and detail? 
    • What was lacking?
    • What worked well?
  • What was the effectiveness of plan implementation?
    • If aspects of plan implementation need improvement, what was the reason for the shortfall?
      • A poor plan
      • Lack of job aids
      • Lack of/poor/infrequent training
      • Lack of practice
      • Lack of the proper resources or capabilities
      • The plan wasn’t followed
  • Did resources and capabilities meet needs?  If not, why?

Planning

While some planning gaps will require a longer time period to address, I’m aware of many jurisdictions and organizations which have been developing plans in the midst of the pandemic.  They recognized a need to have a plan and convened people to develop those plans.  While some of the planning is incident-specific, many of the plans can be utilized in the future we as well, either in the form they were written or adjusted to make them more generally applicable without the specific details of this pandemic.  I’d certainly suggest that any plans developed during the pandemic are reviewed afterwards to identify the same points listed above under ‘assessment’ before they are potentially included in your organization’s catalogue of plans. Also consider that we should be planning for contingencies, as other incidents are practically inevitable.

Training

Training is another fairly easy and often essential preparedness activity which can performed in the midst of a disaster.  Many years ago FEMA embraced the concept of training during disasters.  FEMA Joint Field Offices mobilize with training personnel.  These personnel not only provide just in time training for new personnel or to introduce new systems and processes, but they provide continuing training a variety of topics throughout response and recovery, providing a more knowledgeable workforce.  I’ve seen some EOCs around the country do the same.  Recently, my firm has been contracted to provide remote training for the senior leadership of a jurisdiction on topics such as continuity of operations and multi-agency coordination, which are timely matters for them as they continue to address needs related to the pandemic. 

Exercises

While assessments, planning, and training are certainly activities that may take place during a disaster, exercises are probably less likely, but may, if properly scoped and conducted, still have a place.  Consider that the military will constantly conduct what they call battle drills, even in active theaters of war, to ensure that everyone is familiar with plans and protocols and practiced in their implementation.  Thinking back on new plans that are being written in the midst of the pandemic, it’s a good idea to validate that plan with a tabletop exercise.  We know that even the best written plans will still have gaps that during a blue-sky day we would often identify through an exercise.  Plans written in haste during a crisis are even more prone to have gaps simply because we probably don’t have the opportunity to think everything through and be as methodical and meticulous as we would like.  A tabletop exercise doesn’t have to be complex or long, but it’s good to do a talk through of the plan.  Depending on the scope of the plan and the depth of detail (such as a new procedure, conducting a walk-through of major movements of that plan (that’s a drill) can help ensure validity of the plan and identify any issues in implementation.  While you aren’t likely to go the extent of developing an ExPlan, an evaluator handbook, or exercise evaluation guides (yes, that’s totally OK), it’s still good to lay out a page of essential information to include objectives and methodology since taking the time to write these things down is one more step to ensure that you are doing everything you need for the validation to be effective.  Documentation is still important, and while it can be abbreviated, it shouldn’t be cut out entirely.  It’s also extremely important to isolate the exercise, ensuring that everyone is aware that what is being performed or discussed is not yet part of the response activity.  Evaluators should still give you written observations and documented feedback from participants.  You probably don’t need a full AAR, especially since the observations are going to be put into an immediate modification of the plan in question, but the documentation should still be kept together as there may still be some observations to record for further consideration. 

Evaluation and After Action

Lastly, incident evaluation is something we shouldn’t be missing.  We learn a lot about incident evaluation from exercise evaluation.   I’ve written on it before, which I encourage you to look at, but the fundamentals are ensuring that all actions and decisions are documented, that a hotwash is conducted (or multiple hotwashes to capture larger numbers of people or people who were engaged in very different functions), and that an after action report is developed.   Any incident should provide a lot of lessons learned for your organization, but the circumstances of a pandemic amplify that considerably.  Ensure that everyone in your organization, at all levels, is capturing observations and lessons learned daily.  Ensure that they are providing context to their observations as well, since once this is over, they may not recall the details needed for a recommendation. You may want to consider putting together a short form for people to capture and organize these observations – essentially identifying the issue, providing context, and putting forth a recommendation to address the issue. Don’t forget to encourage people to also identify best practices.  In the end, remember that if lessons learned aren’t actually applied, nothing will change. 

I welcome any insight on how we can continue to apply preparedness in the midst of a disaster. 

Be smart, stay safe, stay healthy, and be good to each other. 

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

8 Predicted Changes to Emergency Management Post-Pandemic

In public safety we learn from every incident we deal with.  Some incidents bring about more change than others.  This change comes not just from lessons learned, but an effort to apply change based upon those lessons. In recent history, we’ve seen significant changes in emergency management practice come from disasters like the 9/11 terrorist attacks and Hurricane Katrina, with many of the changes so significant that they are actually codified and have led to new doctrine and new practices at the highest levels.  What changes can we expect from the Coronavirus pandemic?

Of course, it’s difficult to predict the future.  We’re also still in the middle of this, so my thoughts may change a month or two into the future.  Any speculation will begin with idealism, but this must be balanced with pragmatism.  Given that, the items I discuss here are perhaps more along the lines of changes I would like to see which I think have a decent chance of actually happening. 

  1. Legislation.  Similar to the aforementioned major disasters, this too will spawn legislation from which doctrine and programs will be derived.  We are always hopeful that it’s not politicians who pen the actual legislation, but subject matter experts and visionaries with no political agendas other than advancing public health preparedness and related matters. 
  2. More public health resources. This one, I think, is pretty obvious.  We need more resources to support public health preparedness, prevention, and detection efforts.  Of course, this begins with funding which will typically be spawned from the legislation mentioned previous.  Public health preparedness is an investment, though like most preparedness efforts, it’s an investment that will dwindle over time if it’s not properly maintained and advanced to address emerging threats and best practices.  Funding must address needs, programs to address those needs, and the resources to implement those programs. 
  3. Further integration of public health into emergency management.  Emergency management is a team sport.  Regardless of the hazard or the primary agencies involved, disasters impact everyone and many organizations and practices are stakeholders in its resolution and can contribute resources to support the resolution of primary impacts and cascading effects.  Despite some gains following 9/11, public health preparedness has still been treated like an acquaintance from another neighborhood. The legislation, doctrine, programs, and resources that we see MUST support an integrated and comprehensive response.  No longer can we allow public health to be such an unfamiliar entity to the rest of the emergency management community (to be clear – the fault to date lies with everyone). 
  4. Improved emergency management preparedness.  Pulling back to look at emergency management as a whole, we have certainly identified gaps in preparedness comprehensively.  Plans that were lacking or didn’t exist at all.  Equipment and systems that were lacking or didn’t exist at all.  People who didn’t know what to do.  Organizations that weren’t flexible or responsible enough.  Processes that took too long.  Poor assumptions on what impacts would be. We can and must do better.
  5. An increase in operational continuity preparedness.  We’ve been preaching continuity of operations/government for decades, yet so few have listened. The Coronavirus pandemic has shown us so many organizations jumping through their asses as they figure it all out for the first time.  By necessity they have figured it out, some better than others.  My hope here is that they learned from their experience and will embrace the concepts of operational continuity and identify a need to leverage what they have learned and use that as a basis for planning, training, exercises, and other preparedness efforts to support future continuity events. 
  6. Further expansion of understanding of community lifelines and interdependencies of critical infrastructure.  This pandemic gave us real world demonstrations of how connected we are, how vulnerable some of our critical infrastructure is, and what metrics (essential elements of information) we should be monitoring when a disaster strikes.  I expect we will see some updated documents from DHS and FEMA addressing much of this. 
  7. More/better public-private partnerships.  The private sector stepped up in this disaster more than they previously ever had. Sure, some mistakes were made, but the private sector has been incredibly responsive and they continue to do so.  They have supported their communities, customers, and governments to address needs they identified independently as well as responding to requests from government.  They changed production.  Increased capacity.  Distributed crisis messages.  Changed operations to address safety matters.  Some were stretched to capacity, despite having to change their business models.  Many companies have also been providing free or discounted products to organizations, professionals, and the public.  We need to continue seeing this kind of awareness and responsiveness.  I also don’t want to dismiss those businesses, and their employees, that took a severe financial hit.  Economic stabilization will be a big issue to address in recovery from this disaster, and I’m hopeful that our collective efforts can help mitigate this in the future. 
  8. An improved preparedness mindset for individuals and families.  Despite the panic buying we saw, much of the public has finally seemed to grasp the preparedness messaging we have been pushing out for decades.  These are lessons I hope they don’t forget. Emergency management, collectively, absolutely must capitalize on the shared experience of the public to encourage (proper) preparedness efforts moving forward and to keep it regularly in their minds. 

In all, we want to see lasting changes – a new normal, not just knee-jerk reactions or short-lived programs, that will see us eventually sliding backwards.  I’m sure I’ll add more to this list as time goes on, but these are the big items that I am confident can and (hopefully) will happen.  I’m interested in your take on these and what you might add to the list.

Be smart, stay safe, stay healthy, and be good to each other. 

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Emergency Management and Public Safety Should Prepare Like a Sports Team

When and how did a once-annual exercise become the standard for preparedness?  I suppose that’s fine for a whole plan, but most plans can be carved into logical components that can be not only exercised to various degrees, but training can also be provided to support and compliment each of those components.  There are a lot of elements and activities associated with preparedness.  Consider how sports teams prepare. They are in a constant yet dynamic state of readiness.

Sports teams will review footage of their opponents playing as well as their own games.  We can equate those to reviews of after-action reports, not only of their own performance, but also of others – and with high frequency.  How well does your organization do with this quiz?

  • Do you develop after action reports from incidents, events, and exercises?
  • Are they reviewed with all staff and stakeholders or just key individuals?
  • Are they reviewed more than once or simply archived?
  • Are improvements tracked and reviewed with staff and stakeholders?
  • Do your staff and stakeholders review after action reports from other incidents around the nation?

Planning is obviously important – it’s the cornerstone of preparedness.  Coaches look at standards of practice in the sport, best practices, and maybe come up with their own innovations.  They examine the capabilities of their players and balance those with the capabilities of the opposing team.  They have a standard play book (plan), but that may be modified based upon the specific opponent they are facing.  Their plans are constantly revisited based upon the results of practices, drills, and games.  Plans let everyone know what their role is.

  • Do your plans consider the capabilities of your organization or jurisdiction?
  • Do they truly include the activities needed to address all hazards?
  • Are your plans examined and updated based upon after action reports from incidents, events, and exercises?
  • Are your plans flexible enough for leadership to call an audible and deviate from the plan if needed?
  • Is your organization agile enough to adapt to changes in plans and audibles? How are ad-hoc changes communicated?

Training is a tool for communicating the plan and specific roles, as well as giving people the knowledge and skills needed to execute those roles with precision.  Sports players study their playbooks.  They may spend time in a classroom environment being trained by coaches on the essential components of plays.  Training needs are identified not only from the playbook, but also from after action reviews.

  • Is your training needs-based?
  • How do you train staff and stakeholders to the plan?
  • What training do you provide to help people staffing each key role to improve their performance?

Lastly, exercises are essential.  In sports there are drills and practices.  Drills are used to hone key skill sets (passing, catching, hitting, and shooting) while practices put those skill sets together.  The frequency of drills and practices for sports teams is astounding.  They recognize that guided repetition builds familiarity with plans and hones the skills they learned.  How well do you think a sports team would perform if they only exercised once a year?  So why do you?

  • What are the essential skill sets your staff and stakeholders should be honing?
  • What is your frequency of exercises?
  • Do your exercises build on each other?

I also want to throw in a nod to communication.  Even if you aren’t a sports fan, go attend a local game.  It could be anything… hockey, baseball, soccer, basketball, football… whatever.  It doesn’t necessarily have to be pro.  Varsity, college, or semi-pro would certainly suffice.  Even if you don’t stay for the whole game, there is a lot you can pick up.  Focus on the communication between and amongst players and coaches.  Depending on where you are sitting, you might not be able to hear or understand what they are saying, but what you will notice is constant communication.  Before plays, between plays, and during plays.  Sometimes that communication isn’t just verbal – it might be the tapping of a hockey stick on the ice, clapping of hands, finger pointing, or a hand wave or other silent signal.  Coaches are constantly talking to each other on the bench and with players, giving direction and encouragement.  There is a lot going on… strategy, tactics, offense, defense.  What lessons can you apply to your organization?

Lastly, accomplishments should be celebrated.  In public safety, we tend to ignore a lot of best practices not only of sports teams, but also in general employee relations.  Because of the nature of emergency management and other public safety endeavors, it’s easy to excuse getting stuck in the same rut… we get ready for the next incident, we respond to that incident, and we barely have time to clean up from that incident before the next one comes.  Take a moment to breathe and to celebrate accomplishments.  It’s not only people that need it, but also organizations as a whole.

What lessons can you apply from sports teams to your organization?

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC℠

Hurricane Harvey AAR – Lessons for Us All

Harris County, Texas has recently released their After Action Report (AAR) for Hurricane Harvey that devastated the area last year.  I applaud any AAR released, especially one for an incident of this magnitude.  It requires opening your doors to the world, showing some incredible transparency, and a willingness to discuss your mistakes.  Not only can stakeholders in Harris County learn from this AAR, but I think there are lessons to be learned by everyone in reviewing this document.

First, about making the sausage… The AAR includes an early section on the means and methods used to build the AAR, including some tools provided in the appendix.  Why is this important?  First, it helps build a better context for the AAR and lets you know what was studied, who was included, and how it was pulled together.  Second, it offers a great example for you to use for future incidents.  Developing an AAR for an incident has some significant differences from developing an AAR for an exercise.  Fundamentally, development of an AAR for an exercise begins with design of the exercise and is based upon the objectives identified for that exercise.  For an incident, the areas of evaluation are generally identified after the fact.  These areas of evaluation will focus the evaluation effort and help you cull through the volumes of documentation and stories people will want to tell.  The three focus areas covered in the AAR are Command and Control, Operations, and Mass Care and Sheltering.

Getting into the Harvey AAR itself… My own criticism in the formatting is that while areas for improvement in the AAR follow an Issue/Analysis/Recommendation format, identified strengths only have a sentence or two.  Many AAR writers (for incidents, events, or exercises) think this is adequate, but I do not.  Some measure of written analysis should be provided for each strength, giving it context and describing what worked and why.  I’m also in favor of providing recommendations for identified strengths.  I’m of the opinion that most things, even if done well and within acceptable standards, can be improved upon.  If you adopt this philosophy, however, don’t fall into the trap of simply recommending that practices should continue (i.e. keep doing this).  That’s not a meaningful recommendation.  Instead, consider how the practice can be improved upon or sustained.  Remember, always reflect upon practices of planning, organizing, equipping, training, and exercises (POETE).

As for the identified areas for improvement in AAR, the following needs were outlined:

  • Developing a countywide Continuity of Operations Plan
  • Training non-traditional support personnel who may be involved in disaster response operations
  • Transitioning from response to recovery operations in the Emergency Operations Center
  • Working with the City of Houston to address the current Donations Management strategy

If anything, for these reasons alone, the AAR and the improvement planning matrix attached should be reviewed by every jurisdiction.  Many jurisdictions that I encounter simply don’t have the POETE in place to be successful in addressing these areas.

What is your biggest take away from this AAR?

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC™

The Hawaii Saga

I simply don’t think I can refrain from some extended commentary on the Hawaii missile notification incident any longer.  I’ve tossed a few Tweets on this topic in the past couple of weeks, but as the layers of this onion are peeled back, more and more is being revealed.  I’m not a conspiracy theorist, but the number of half-truths that have been reported on this incident lead me to believe we still don’t know everything that transpired that morning.  Now that the FCC has leaned into this investigation, more and more information is being revealed, despite reports that the employee at the center of it gave limited cooperation in the investigation (likely at the advice of an attorney).  Most of my commentary is based upon information reported by the Business Insider and Washington Post which includes information from the ongoing FCC investigation.

eas_logo_rev1_3

First, why was public notification of a false missile strike such a big deal?  The effective practice of notification and warning in emergency management relies on the transmission of accurate, timely, and relevant information.  Since emergency management is already challenged by a percentage of citizens that willfully don’t pay attention to warnings, don’t care about them enough to take action, or otherwise refuse to take action, the erosion of any of these pillars will degrade public trust in an already less than ideal environment.  We sometimes struggle to get accurate weather-related warnings issued, but when a warning is sent for a ballistic missile strike that isn’t occurring, that’s a significant error.  We certainly saw across social media the stories of people on the Hawaiian Islands as well as those in the continental US with friends and family in Hawaii.  The notification of an impending ballistic missile strike is terrifying to a population.  Imagine saying good bye to your family and loved ones for what you think is the last time.  What truly made this erroneous notification unforgivable was the 38-minute time span it took for it to be rectified.

While there is a lot of obvious focus on the employee who actually activated the alert, I see this person as only one piece of the chain of failures that occurred that morning.  It was first reported that the employee accidentally selected the wrong option in a drop-down menu; selecting an actual alert instead of a test.  While mistakes can and do happen in any industry, the processes we use should undergo reviews to minimize mistakes.  Those processes include the tools and technology we use to execute.  Certainly, any system that issues a mass notification should have a pop-up that says ‘ARE YOU REALLY SURE YOU WANT TO DO THIS???’ or a requirement for verification by another individual.  I’ll note that the Business Insider article says there is a verification pop-up in the system they used, so clearly that wasn’t enough.

Findings released from the initial FCC investigation found that the employee apparently thought this was a real incident instead of an exercise, therefore, their action was intentional.  So, we have another mistake.  As mentioned before, the processes and systems we have in place should strive to minimize mistakes.  A standard in exercise management is to use a phrase similar to ‘THIS IS AN EXERCISE’ in all exercise communications.  By doing so, everyone who receives these communications, intentionally or otherwise, is aware that what is being discussed is not real.  I would hope that if the warning point employee heard that phrase with the order to issue an emergency alert, the outcome would have been different.  According to the FCC report, the phrase ‘Exercise, exercise, exercise’ was used, but so was the phrase ‘this is not a drill’.  While reports indicate some issues with past performance of this employee, I would caution that messages such as this are confusing and should never be issued in this manner.  They need to take a serious look at their exercise program and how it is managed and implemented.

Next, 38 minutes of time passed before a retraction was issued.  Forgive me here, but what the fuck happens in 38 minutes that you can’t issue a retraction?  There are timelines posted in the Business Insider and Washington Post articles on this matter.  I believe that what I’m reading is factual, but I shake my head at the ineptitude of leadership that existed, ranging from the employee’s supervisor, to the agency director, and all the way up to the Governor.  There is no reason a retraction could not have been issued within minutes of this false alarm.  We see things in this timeline such as ‘drafting a retraction’ and ‘lost Twitter password’.  Simply bullshit.  There isn’t much to draft for an initial retraction other than ‘False Alarm – No missile threat’.  We know from later in the timeline that this could have been sent through the same system that sent the initial message.

It’s noted that Hawaii EMA didn’t have a plan in place for issuing retractions on messages.  An easy enough oversight, I suppose, but when they report that this same employee had issued false messages on two previous occasions, a plan would have been developed for something that was an obvious concern.

A possible path to correction is a bill that may be introduced by Sen. Brian Schatz which would give the US Departments of Defense and Homeland Security the responsibility to notify the public of an incoming missile attack.  Is this a perfect fix? No.  Consider that weather alerts can be issued by the National Weather Service, or by state or local emergency management agencies based upon NWS information or what they are actually observing on the ground.  I’m a big believer in state’s rights as well as their ultimate responsibility to care for their populations, so I believe the states should have the ability to issue such alerts, however they should generally be defaulting to DoD, as DoD has the technology to detect an incoming attack.

There are numerous layers of failure in this situation which need to be examined and addressed through rigorous preparedness measures.  It obviously was an embarrassing occurrence for Hawaii EMA and I’m sure they are working to address it.  The intent of my article isn’t to harp on them, but to identify the potential points of failure found in many of our systems.  Unfortunately, this situation makes for a case study that we all can learn from.  Current technology provides every state, county, city, town, and village the ability to access an emergency alert system of some type.  Some are municipal systems, some are regional, some are state, and some are national (IPAWS).  We access these systems through custom developed programs or commercially available interfaces.  These systems will instantly issue alerts to cell phones, email accounts, social media, radio, and TV; and some will still activate sirens in certain localities.  The technology we have enables us to reach a high percentage of our populations and issue critical communications to them.  While the technology is great and the message we send is important, it’s only one element of a good public information and warning program.  Clearly, we see from the occurrence in Hawaii, that we need to have solid plans, policies, procedures, systems, training, and exercises to ensure that we can effectively and efficiently issue (and retract) those messages.  So crack open your own plans and start making a list of what needs to be improved.

© 2018 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC SM