Failures in Preparedness

In May the GAO released a report titled “National Preparedness: Additional Actions Needed to Address Gaps in the Nation’s Emergency Management Capabilities”. I encourage everyone to read the report for themselves and also reflect on my commentary from several years of National Preparedness Reports. I’ll summarize all this though… it doesn’t look good. The National Preparedness Reports really tell us little about the state of preparedness across the nation, and this is reinforced by the GAO report as they state “FEMA is taking steps to strengthen the national preparedness system, but has yet to determine what steps are needed to address the nation’s capability gaps across all levels of government”.

First of all, let me be clear about where the responsibility of preparedness lies – EVERYONE. Whole community preparedness is actually a thing. It’s not FEMA’s job to ensure we are prepared. As also made evident in the GAO report (for those who haven’t worked with federal preparedness grants), most preparedness grants are pretty open, and as such, the federal government can’t force everyone to address the most critical capability gaps. Why wouldn’t jurisdictions want to address the most critical capability gaps, though? Here are some of the big reasons:

  • Most or all funding may be used to sustain the employment of emergency management staff, without whom there would be no EM program in that jurisdiction
  • The jurisdiction has prioritized sustaining other core capabilities which they feel are more important
  • The jurisdiction has decided that certain core capabilities are not for them to address (deferring instead to state or federal governments)
  • Shoring up gaps is hard
  • Response is sexier

The GAO report provided some data to support where priorities lie. First, let’s take a look at spending priorities by grant recipients:

While crosscutting capabilities (Operational Coordination, Planning, and Public Information and Warning) were consistently the largest expenditures, I would surmise that Operational Coordination was the largest of the three, followed by Planning, with Public Information and Warning coming in last. And I’m pretty confident that while these are cross cutting, these mostly lied within the Response Mission Area. Assuming my predictions are correct, there is fundamentally nothing wrong with this. It offers a lot of bang for the buck, and I’ve certainly spoken pretty consistently about how bad we are at things like Operational Coordination and Planning (despite some opinions to the contrary). Jumping to the end of the book, notice that Recovery mission area spending accounts for 1% of the total. This seems like a poor choice considering that three of the five lowest rated capabilities are in the Recovery mission area. Check out this table also provided in the GAO report:

Through at least a few of these years, Cybersecurity has been flagged as a priority by DHS/FEMA, yet clearly, we’ve not made any progress on that front. Our preparedness for Housing recovery has always been abysmal, yet we haven’t made any progress on that either. I suspect that those are two areas, specifically, that many jurisdictions feel are the responsibility of state and federal government.

Back in March of 2011, the GAO recommended that FEMA complete a national preparedness assessment of capability gaps at each level of government based on tiered, capability-specific performance objectives to enable prioritization of grant funding. This recommendation has not yet been implemented. While not entirely the fault of FEMA, we do need to reimagine that national preparedness system. While the current system is sound in concept, implementation falls considerably short.

First, we do need a better means of measuring preparedness. It’s difficult – I fully acknowledge that. And for as objective as we try to make it, there is a vast amount of subjectivity to it. I do know that in the end, I shouldn’t find myself shaking my head or even laughing at the findings identified in the National Preparedness Report, though, knowing that some of the information there can’t possibly be accurate.

I don’t have all the answers on how we should measure preparedness, but I know this… it’s different for different levels of government. A few thoughts:

  • While preparedness is a shared responsibility, I don’t expect a small town to definitively have the answers for disaster housing or cybersecurity. We need to acknowledge that some jurisdictions simply don’t have the resources to make independent progress on certain capabilities. Does this mean they have no responsibility for it – no. Absolutely not. But the current structure of the THIRA, while allowing for some flexibility, doesn’t directly account for a shared responsibility.
  • Further, while every jurisdiction completing a THIRA is identifying their own capability targets, I’d like to see benchmarks established for them to strive for. This provides jurisdictions with both internal and external definitions of success. It also allows them an out, to a certain extent, on certain core capabilities that have a shared responsibility. Even a small town can make some progress on preparedness for disaster housing, such as site selection, estimating needs, and identifying code requirements (pro tip… these are required elements of hazard mitigation plans).
  • Lastly, we need to recognize that it’s difficult to measure things when they aren’t the same or aren’t being measured the same. Sure, we can provide a defined core capability, but when everyone has different perspective on and expectation of that core capability and how it should be measured, we aren’t getting answers we can really compare. Everyone knows what a house is, but there is a considerable difference between a double wide and a McMansion. Nothing wrong with either of them, but the differences give us very different base lines to work from. Further, if we need to identify how big a house is and someone measures the length and width of the building, someone else measures the livable square footage of a different building, and a third person measures the number of floors of yet another house, we may have all have correct answers, but we can’t really compare any of them. We need to figure out how to allow jurisdictions to contextualize their own needs, but still be playing the same game.

In regard to implementation, funding is obviously a big piece. Thoughts on this:

  • I think states and UASIs need to take a lot of the burden. While I certainly agree that considerable funding needs to be allocated to personnel, this needs to be balanced with sustaining certain higher tier capabilities and closing critical gaps. Easier said than done, but much of this begins with grant language and recognition that one grant may not fit all the needs.
  • FEMA has long been issuing various preparedness grants to support targeted needs and should not only continue to do so, but expand on this program. Targeted grants should be much stricter in establishing expectations for what will be accomplished with the grant funds.
  • Collaboration is also important. Shared responsibility, whole community, etc. Many grants have suggested or recommended collaboration through the years, but rarely has it been actually required. Certain capabilities lend themselves to better development potential when we see the realization of collaboration, to include the private sector, NGOs, and the federal government. Let’s require more of it.
  • Instead of spreading money far and wide, let’s establish specific communities of practice to essentially act as model programs. For a certain priority, allocate funds for a grant opportunity with enough to fund 3-5 initiatives in the nation. Give 2-3 years for these programs to identify and test solutions. These should be rigorously documented so as to analyze information and potentially duplicate, so I suggest that academic institutions also be involved as part of the collaborative effort (see the previous bullet). Once each of the grantees has completed their projects, host a symposium to compare and contrast, and identify best practices. Final recommendations can be used to benchmark other programs around the nation. Once we have a model, then future funding can be allocated to support implementation of that model in other areas around the nation. Having worked with the National Academies of Sciences, Engineering, and Medicine, they may be an ideal organization to spearhead the research component of such programs.
  • Recognize that preparedness isn’t just long term, it’s perpetual. While certain priorities will change, the goals remain fundamentally the same. We are in this for the long haul and we need to engage with that in mind. Strategies such as the one in the previous bullet point lend themselves to long-term identification of issues, exploration of solutions, and implementation of best practices.
  • Perhaps in summary of all of this, while every jurisdiction has unique needs, grant programs can’t be so open as to allow every grantee to have a wholly unique approach to things. It feels like most grant programs now are simply something thrown at a wall – some of it sticks, some of it falls right off, some might not even make it to the wall, some slowly drips off the wall, and some dries on permanently. We need consistency. Not necessarily uniformity, but if standards are established to provide a foundational 75% solution, with the rest open for local customization, that may be a good way to tackle a lot of problems.

In the end, while FEMA is the implementing agency, the emergency management community needs to work with them to identify how best to measure preparedness across all levels and how we can best implement preparedness programs. Over the past few years, FEMA has been very open in developing programs for the emergency management community and I hope this is a problem they realize they can’t tackle on their own. They need representatives from across the practice to help chart a way ahead. This will ensure that considerations and perspectives from all stakeholder groups are addressed. Preparedness isn’t a FEMA problem, it’s an emergency management problem. Let’s help them help us.

What thoughts do you have on preparedness? How should we measure it? What are the strengths and areas for improvement for funding? Do you have an ideal model in mind?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

NEW: 2020 HSEEP Revision

Earlier today FEMA dropped the latest version of the Homeland Security Exercise and Evaluation Program (HSEEP) doctrine.  Doing a quick comparison between this new version and the previous (2013) version, I’ve identified the following significant changes:

  • They replaced the ‘Elected and Appointed Officials’ mentions within the document with ‘Senior Leaders’. This makes sense, since often the elected and appointed officials simply aren’t involved in many of these activities.  The previous terminology is also exclusionary of the private sector and NGOs.
  • The document specifically references the Preparedness Toolkit as a go-to resource.
  • A big emphasis through the document is on the Integrated Preparedness Cycle (see the graphic with this post). The Integrated Preparedness Cycle covers all POETE (Planning, Organizing, Equipping, Training, and Exercising) elements plus Evaluate/Improve.  The graphic also eludes to these activities not necessarily happing in a specific order, as well as the consideration of Preparedness Priorities and Threats, Hazards, and Risks.  Developing a preparedness plan is something I wrote about back in 2016.
  • Integrated Preparedness Cycle
    • Going along with the Integrated Preparedness Cycle, they have done away with the Training and Exercise Plan (TEP) and replaced it with the Integrated Preparedness Plan (IPP), which is developed through input obtained during an Integrated Preparedness Planning Workshop (IPPW). I serious HOPE this shift is successful, as I’ve mentioned in the past how often the training aspect of the TEP was ignored or phoned in.  This approach also does a lot to integrate planning, organizing, and equipping (but ESPECIALLY planning) into the effort.  This is all tied together even more if a jurisdiction has completed a THIRA.  The Integrated Preparedness Cycle and IPP are the things I’m happiest about with the updated document.
  • The new document provides easier to find and read layouts for information associated with exercise types and each of the planning meetings.
  • For years, HSEEP doctrine has suggested (though thankfully not required) an ICS-based organization for exercise planning. I’ve never used this as I found it awkward at best (though I know others often use it and have success in doing so).  The update provides a different suggestion (better, in my opinion) of a functionally organized planning team organization.  Consider that this is still a suggestion, and that you can use it, or a version of it, or an ICS-based one, or anything else you desire.
  • The update provides better delineation between the planning and conduct needs of discussion-based exercises vs those of operations-based exercises. Those of us who have been doing it for a while know, but for those who are new to exercises this should be very helpful.
  • Lastly, the document suggests making corrective actions SMART, as these are really objectives.

FEMA is hosting a series of webinars (listed on the HSEEP website) to discuss these changes.

I’m very happy with the changes made to the doctrine.  It’s a great continued evolution of HSEEP and preparedness as a whole.  For as much as I’m a champion of the Integrated Preparedness Plan, though, having it (thus far) only included in the HSEEP doctrine makes it easy to miss or dismiss by some.  I’m hopeful broader promotion of this concept, perhaps even including it as an emergency management performance grant requirement, will help adoption of this concept.

What are your thoughts?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Thoughts on How to Improve the Planning Standard

I hope everyone is settling into the new year nicely.  One of the things I started off this year doing was going through CPG 101 and providing input to FEMA for the update of this foundational document.  (note: if you haven’t yet, get your comments in now as the deadline is soon approaching!)  CPG 101, and its predecessors, are time tested and well honed in the guidance provided on the process used for planning.  While it’s frustrating to see and hear that some people still don’t use it, that’s no fault of the document itself, but rather one of human implementation, or lack thereof.

I thought I’d share some of the feedback I sent along to FEMA on what I would like to see in the CPG 101 update.  Looking over my submission, there were two main themes I followed:

  1. Integration of other doctrine and standards
  2. Development of job aids to support use and implementation

I feel that integration of other relevant doctrine and standards into CPG 101 is incredibly important.  We know that preparedness covers an array of activities, but planning is the foundational activity, which all other activities reflect upon.  In past articles I’ve addressed the need to identify these various standards collectively, to show that while these are individual activities with their own outputs, identifying how they can and should be interconnected, offering greater value if used together.  Things like Community Lifelines, THIRA/SPR, HSEEP, and Core Capabilities need to not only be mentioned often, but with examples of how they interconnect and support planning and even each other.

Job aids are tools that support implementation.  I think job aids can and should be developed and included in the updated CPG 101 for each step of the planning process.  While some of us write plans fairly often, there are many who don’t or are going into it for the first time.  These are essentially the ideal conditions for job aids.  They help guide people through the key activities, provide them with reminders, and ultimately support better outcomes. Not only would I like to see job aids, such as check lists and work sheets, for each step, I’d also think that something that covers the whole process comprehensively, essentially a project management perspective, would be incredibly helpful to many people.

There were a couple of one-off suggestions that might not fit the categories mentioned above.  One of which was having more emphasis on the value of data from the jurisdiction’s hazard mitigation plan.  The hazard analysis conducted for hazard mitigation planning is considerably thorough, and can provide great information to support a hazard analysis (or even a THIRA for those brave enough) for purposes of emergency planning.  To be honest, this was something I didn’t really learn until about ten years into my career.  Many of the people I learned from in Emergency Management often leaned so far into response that they disregarded the value of things like mitigation or recovery.  I still find this a lot in our profession.  Once I finally took the time to go through a hazard mitigation plan, I realized the incredible amount of information contained within.  In many cases, there is more information than what is needed for the hazard analysis of an emergency plan, as the narrative and analysis in a hazard mitigation plan often goes into a measure of scientific detail, but this, too, can certainly have value for emergency planning.  Similarly, I also suggested that FP 104-009-2 (the Public Assistance Program and Policy Guide) be included as a reference in CPG 101.  Jurisdictions will strongly benefit from having plans, such as those on debris management, meeting FEMA’s reimbursement guidelines.

Lastly, I encouraged FEMA to include any content that will support plan writers in developing plans that are simply more useful.  So many plans are just a lot of boilerplate narrative, that in the end don’t tell me WHO is responsible for WHAT and HOW things will get done.  It’s so easy for us to be dismissive of action steps when writing a plan, assuming that people will know who has the authority to issue a public alert or the steps involved in activating an EOC.  CPG 101 should reinforce the need for plans to define processes and actions, identify authority, and assign responsibility.  Flow charts, decision trees, maps, charts, and other graphics and job aids are incredibly helpful to ensure that a plan is thorough while also being useful.

That’s the feedback I provided to FEMA, along with a bit of narrative as to why those things are important for inclusion in an updated CPG 101.  I’m curious to hear about the feedback that others provided.  We all tackle these documents from different perspectives, and that’s why I truly appreciate the efforts FEMA makes in these public calls for comment when they are updating certain key documents.

© 2020 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®℠

 

An Updated Community Lifelines Toolkit and Relationships to Incident Management

Earlier this year, FEMA released guidance on the Community Lifelines.  I wrote a piece in the spring about integrating the concept into our preparedness and response activities.  Last month, FEMA issued updated guidance for Community Lifeline Implementation through Toolkit 2.0.  In this update, FEMA cites some lessons learned in actually applying the Lifeline concept in multiple exercises across the nation, as well as from feedback received by stakeholders. Based on these lessons learned and feedback, they have made some adjustments to their toolkit to reflect how they understand, prioritize, and communicate incident impacts; the structure and format for decision-making support products. And planning for these impacts and stabilization prior to and during incidents.  They have also made some changes based upon the updated National Response Framework.  The documents associated with the updated Community Lifelines all seem to reflect an inclusion in the efforts of the National Response Framework.  It’s great to see FEMA actually tying various efforts together and seeking to provide grounded guidance on application of concepts mentioned in doctrine-level documents.

The biggest addition to the Community Lifelines update is the inclusion of the FEMA Incident Stabilization Guide.  The ‘operational draft’ is intended to serve as a reference to FEMA staff and a resource to state, local, and tribal governments on how “FEMA approaches and conducts response operations”.  It’s a 77-page document the obviously leans heavily into the Community Lifelines as a standard for assessing the impacts to critical infrastructure and progress toward restoration, not only in response, but also into recovery operations.  It even reflects on bolstering Community Lifelines in resilience efforts, and ties in the THIRA and capability analysis efforts that states, UASIs, and other governments conduct.  I’m not sure the document is really a review of how FEMA conducts operations, as they say, but it does review the ideology of a portion of those operations.  Overall, there is some very useful information and references contained in the document, but this brings me to a couple of important thoughts:

  1. The utility of this document, as with the entire Community Lifelines concept, at the state and local level is only realized through integration of these concepts at the state and local levels.
  2. We finally have guidance on what ‘incident stabilization’ really entails.

To address the first item… In my first piece on Community Lifelines, I had already mentioned that if states or communities are interested in adopting the concept of Community Lifelines, that all starts with planning.  An important early step of planning is conducting assessments, and the most pertinent assessment relative to this initiative would be to identify and catalog the lifelines in your community.  From there the assessment furthers to examine their present condition, vulnerabilities, and align standards for determining their operational condition aligned with the Community Lifelines guidelines.  I would also suggest identifying resiliency efforts (hopefully these are already identified in your hazard mitigation plan) which can help prevent damages or limit impacts.  As part of your response and short-term recovery lexicon, procedures should be developed to outline how lifeline assessments will be performed, when, and by who, as well as where that information will be collected during an incident.

As for my second item, the concept of incident stabilization has an interesting intersection with a meeting I was invited to last week.  I was afforded the opportunity to provide input to an ICS curriculum update (not in the US – more on this at a later time), and as part of this we discussed the standard three incident priorities (Life Safety, Incident Stabilization, and Property Conservation).  We identified in our discussions that incident stabilization is incredibly broad and can ultimately mean different things to different communities, even though the fundamental premise of it is to prevent further impacts.  This Incident Stabilization Guide is focused exclusively on that topic.  In our endeavor to make ICS training better, more grounded, less conceptual, and more applicable; there is a great deal of foundational information that could be distilled from this new document for inclusion in ICS training to discuss HOW we actually accomplish incident stabilization instead of making a one-off mention of it.

Going a bit into my continued crusade against the current state of ICS training… I acknowledge that any inclusion of this subject matter in ICS training would still be generally brief, and really more of a framework, as implementation still needs to be grounded in community-level plans, but this document is a great resource.  This also underscores that “learning ICS” isn’t just about taking classes.  It’s about being a professional and studying up on how to be a more effective incident manager.  ICS is simply a tool we use to organize our response… ICS is NOT inclusive of incident management.  Not only are we teaching ICS poorly, we are barely teaching incident management.

While I’ve been away for a while working on some large client projects, I’m looking forward to ending the year with a bang, and getting in a few more posts.  It’s great that in my travels and interactions with colleagues, they regularly mention my articles, which often bring about some great discussion.  I’m always interested in hearing the thoughts of other professionals on these topics.

© 2019 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Preparedness: Integrating Community Lifeline Considerations

Much of preparedness is about getting us ready to conduct situational assessment and prioritization of actions.  We train people and develop resources, such as drones, field-deployed apps, and geographic information systems (GIS) to support situational assessment.  The information we obtain from these assessments help in the development and maintenance of situational awareness and, when shared across disciplines, agencies, and jurisdictions, a common operating picture.  Based upon this information, leaders at all levels make decisions.  These decisions often involve the prioritization of our response and recovery actions.  Ideally, we should have plans in place that establish standards for how we collect, analyze, and share information, and also to support the decision making we must do in prioritizing our actions.  Exercises, of course, help us to validate those plans and practice associated tasks.

One significant hurdle for us is how overwhelming disasters can be.  With just slight increases in the complexity of a disaster, we experience factors such as large geography, extensive damages, high numbers of lives at risk, hazardous materials, and others.  Certainly, we know from Incident Command System training that our broad priorities are life safety, incident stabilization, and property conservation – but with all that’s happening, where do we start?

One thing that can help us both assessment and prioritization are community lifelines.  From FEMA: “Community lifelines reframe incident information to provide decision-makers with impact statements and root causes.”  By changing how we frame our data collection, analysis, thinking, and decision-making, we can maximize the effectiveness of our efforts.  This shouldn’t necessitate a change in our processes, but we should incorporate community lifelines into our preparedness activities.

The community lifelines, as identified by FEMA, are:

  • Safety and Security
  • Food, Water, and Sheltering
  • Health and Medical
  • Energy
  • Communications
  • Transportation
  • Hazardous Materials

If this is your first time looking at community lifelines, they certainly shouldn’t be so foreign to you.  In many ways, these are identified components of our critical infrastructure.  By focusing our attention on this list of items, we can affect a more concerted response and recovery.

FEMA guidance goes on to identify essential elements of information (EEI) we should be examining for each community lifeline.  For example, the lifeline of Health and Medical includes the EEIs of:

  • Medical Care
  • Patient Movement
  • Public Health
  • Fatality Management
  • Health Care Supply Chain

Of course, you can dig even deeper when analyzing any of these EEIs to identify the status and root cause of failure, which will then support the prioritization of actions to address the identified failures.  First we seek to stabilize, then restore.  For example, within just the EEI of Fatality Management, you can examine components such as:

  • Mortuary and post-mortuary services
  • Transportation, storage, and disposal resources
  • Body recovery and processing
  • Family assistance

The organization of situation reports, particularly those shared with the media, public, and other external partners might benefit from being organized by community lifelines.  These are concepts that are generally tangible to many people, and highlight many of the top factors we examine in emergency management.

Back in March of this year, FEMA released the Community Lifelines Implementation Toolkit, which provides some great information on the lifelines and some information on how to integrate them into your preparedness.  These can go a long way, but I’d also like to see some more direct application as an addendum to CPG-101 to demonstrate how community lifelines can be integrated into planning.  Further, while I understanding that FEMA is using the community lifeline concept for its own assessments and reporting, the community aspect of these should be better emphasized, and as such identifying some of the very FEMA- and IMAT-centric materials on this page as being mostly for federal application.

Has your jurisdiction already integrated community lifelines into your preparedness?  What best practices have you identified?

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC℠®

Reviewing The 2018 National Preparedness Report

The 2018 National Preparedness Report was released last week.  For the past few years, I’ve provided my own critical review of these annual reports (see 2017’s report here).  For those not familiar with the National Preparedness Report (NPR), it is mandated by the Post-Katrina Emergency Management Reform Act (PKEMRA).  The information is compiled by FEMA from the State Preparedness Reports (SPR), including the Threat and Hazard Identification and Risk Assessment (THIRA) data submitted by states, territories, and Urban Area Security Initiative (UASI) – funded regions.  The data presented is for the year prior.  The SPRs and NPR examine the condition of our preparedness relative to the 32 Core Capabilities identified in the National Preparedness Goal.

Overall, the NPR provides little information, certainly nothing that is really shocking if you pay attention to the top issues in emergency management.  Disappointingly, the report only covers those Core Capabilities identified for sustainment or improvement, with no more than a graphic summary of the other Core Capabilities.

Core Capabilities to Sustain

Operational Coordination was identified as the sole Core Capability to sustain in this year’s report.  I’ve got some issues with this right off.  First of all, they summarize their methodology for selecting Core Capabilities to sustain: ‘To be a capability to sustain, the Nation must show proficiency in executing that core capability, but there must also be indications of a potentially growing gap between the future demand for, and the performance of, that capability.’  To me, what this boils down to is ‘you do it well, but you are going to have to do it better’.  I think most EM professionals could add to this list significantly, with Core Capabilities such as Planning; Public Information and Warning; Public Health, Healthcare, and EMS; Situational Assessment; and others.  Distilling it down to only Operational Coordination shows to me, a severe lack of understanding in where we presently are and the demands that will be put on our systems in the future.

Further, the review provided in the report relative to Operational Coordination is pretty soft.  Part of it is self-congratulatory, highlighting advances in the Core Capability made last year, with the rest of the section identifying challenges but proving little analysis.  Statements such as ‘Local governments reported challenges with incident command and coordination during the 2017 hurricane season’ are put out there, yet their single paragraph on corrective actions for the section boils down to the statement of ‘we’re looking at it’.  Not acceptable.

Core Capabilities to Improve

The 2018 report identifies four Core Capabilities to improve:

  • Infrastructure Systems
  • Housing
  • Economic Recovery
  • Cybersecurity

These fall under the category of NO KIDDING.  The writeups within the NPR for each of these superficially identifies the need, but doesn’t have much depth of analysis.  I find it interesting that the Core Capability to sustain has a paragraph on corrective actions, yet the Core Capabilities to Improve doesn’t.  They do, instead, identify key findings, which outline some efforts to address the problems, but are very soft and offer little detail.  Some of these include programs which have been in place for quite some time which are clearly having limited impact on addressing the issues.

What really jumped out at me is the data provided on page 9, which charts the distribution of FEMA Preparedness grants by Core Capability for the past year.  The scale of their chart doesn’t allow for any exact amounts, but we can make some estimates.  Let’s look at four of these in particular:

  • Infrastructure Systems – scantly a few million dollars
  • Housing – None
  • Economic Recovery – Less than Infrastructure Systems
  • Cybersecurity – ~$25 million

With over $2.3 billion in preparedness funding provided in 2017 by FEMA, it’s no wonder these are Core Capabilities that need to be improved when so few funds were invested at the state/territory/UASI level.  The sad thing is that this isn’t news.  These Core Capabilities have been identified as needing improvement for years, and I’ll concede they are all challenging, but the lack of substantial movement should anger all emergency managers.

I will agree that Housing and Cybersecurity require a significant and consolidated national effort to address.  That doesn’t mean they are solely a federal responsibility, but there is clear need for significant assistance at the federal level to implement improvements, provide guidance to states and locals, and support local implementations.  That said, we can’t continue to say that these areas are priorities when little funding or activity is demonstrated to support improvement efforts.  While certain areas may certainly take years to make acceptable improvements, we are seeing a dangerous pattern relative to these four Core Capabilities, which continue to wallow at the bottom of the list for so many years.

The Path Forward

The report concludes with a two-paragraph section titled ‘The Path Forward’, which simply speaks to refining the THIRA and SPR methodology, while saying nothing of how the nation needs to address the identified shortcomings.  Clearly this is not acceptable.

~~

As for my own conclusion, while I saw last year’s NPR as an improvement from years previous, I see this one as a severe backslide.  It provides little useful information and shows negligible change in the state of our preparedness over the past year.  The recommendations provided, at least of those that do exist, are translucent at best, and this report leaves the reader with more questions and frustration.  We need more substance beginning with root cause analysis and including substantial, tangible, actionable recommendations.  While I suppose it’s not the fault of the report itself that little improvement is being made in these Core Capabilities, the content of the report shows a lack of priority to address these needs.

I’m actually surprised that a separate executive summary of this report was published, as the report itself holds so little substance, that it could serve as the executive summary.  Having been involved in the completion of THIRAs and SPRs, I know there is information generated that is simply not being analyzed for the NPR.  Particularly with each participating jurisdiction completing a POETE analysis of each Core Capability, I would like to see a more substantial NPR which does some examination of the capability elements in aggregate for each Core Capability, perhaps identifying trends and areas of focus to better support preparedness.

As always, I’m interested in your thoughts.  Was there anything you thought to be useful in the National Preparedness Report?

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

An Updated Comprehensive Preparedness Guide 201 (THIRA/SPR)

In late May, FEMA/DHS released an updated version of Comprehensive Preparedness Guide (CPG) 201.  For those not familiar, CPG 201 is designed to guide communities and organizations through the process of the Threat and Hazard Identification and Risk Assessment (THIRA).  This is the third edition of a document that was originally released in April 2012.  This third edition integrates the Stakeholder Preparedness Review (SPR) into the process.  Note that ‘SPR’ has commonly been an acronym for State Preparedness Report, which is also associated with the THIRA.  The goal of the Stakeholder Preparedness Review appears to be fundamentally similar to that of the State Preparedness Report which some of you may be familiar with.

Picture1

First of all, a few noted changes in the THIRA portion of CPG 201.  First, FEMA now recommends that communities complete the THIRA every three years instead of annually.  Given the complexity and depth of a properly executed THIRA, this makes much more sense and I fully applaud this change.  Over the past several years many jurisdictions have watered down the process because it was so time consuming, with many THIRAs completed being more of an update to the previous year’s than really being a new independent assessment.  While it’s always good to reflect on the progress relative to the previous year, it’s human nature to get stuck in the box created by your reference material, so I think the annual assessment also stagnated progress in many areas.

The other big change to the THIRA process is elimination of the fourth step (Apply Results).  Along with some other streamlining of activities within the THIRA process, the application of results has been extended into the SPR process.  The goal of the SPR is to assess the community’s capability levels based on the capability targets identified in the THIRA.  Despite the THIRA being changed to a three-year cycle, CPG 201 states that the SPR should be conducted annually.  Since capabilities are more prone to change (often through deliberate activities of communities) this absolutely makes sense. The SPR process centers on three main activities, all informed by the THIRA:

  1. Assess Capabilities
  2. Identify and Address Gaps
  3. Describe Impacts and Funding Sources

The assessment of capabilities is intended to be a legacy function, with the first assessment establishing a baseline, which is then continually reflected on in subsequent years.  The capability assessment contributes to needs identification for a community, which is then further analyzed for the impacts of that change in capability and the identification of funding sources to sustain or improve capabilities, as needed.

An aspect of this new document which I’m excited about is that the POETE analysis is finally firmly established in doctrine.  If you aren’t familiar with the POETE analysis, you can find a few articles I’ve written on it here.  POETE is reflected on several times in the SPR process.

So who should be doing this?   The document references all the usual suspects: state, local, tribal, territorial, and UASI jurisdictions.  I think it’s great that everyone is being encouraged to do this, but we also need to identify who must do it.  Traditionally, the state preparedness report was required of states, territories, and UASIs as the initial recipients of Homeland Security Grant Program (HSGP) sub-grants.  In 2018, recipients of Tribal Homeland Security Grant Program funds will be required to complete this as well.  While other jurisdictions seem to be encouraged to use the processes of CPG 201, they aren’t being empowered to do so.

Here lies my biggest criticism…  as stated earlier, the THIRA and SPR processes are quite in-depth and the guidance provided in CPG 201 is supported by an assessment tool designed by FEMA for these purposes.  The CPG 201 website unfortunately does not include the tool, nor does CPG 201 itself even make direct reference to it.  There are vague indirect references, seeming to indicate what kind of data can be used in certain steps, but never actually stating that a tool is available.  The tool, called the Universal Reporting Tool, provides structure to the great deal of information being collected and analyzed through these processes.  Refined over the past several years as the THIRA/SPR process has evolved, the Universal Reporting Tool is a great way to complete this.  As part of the State Preparedness Report, the completed tool was submitted to the FEMA regional office who would provide feedback and submit it to HQ to contribute to the National Preparedness Report.  But what of the jurisdictions who are not required to do this and wish to do this of their own accord?  It doesn’t seem to be discouraged, as jurisdictions can request a copy from FEMA-SPR@fema.dhs.gov, but it seems that as a best practice, as well as a companion to CPG 201, the tool should be directly available on the FEMA website.  That said, if the THIRA/SPR is being conducted by a jurisdiction not required to do so, the tool would then not be required – although it would help.

Overall, I’m very happy with this evolution of CPG 201.  It’s clear that FEMA is paying attention to feedback received on the process to streamline it as best they can, while maximizing the utility of the data derived from the analysis.  A completed THIRA/SPR is an excellent foundation for planning and grant funding requests, and can inform training needs assessments and exercise program management (it should be used as a direct reference to development of a Training and Exercise Plan).

For those interested, EPS’ personnel have experience conducting the THIRA/SPR process in past years for a variety of jurisdictions and would be happy to assist yours with this updated process.  Head to the link below for more information!

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

New Release: Core Capability Development Sheets

Today’s FEMA Daily Digest Bulletin announced the release of Core Capability Development Sheets which are intended to help jurisdictions build or sustain each capability by integrating:

  • Available training courses
  • Capability targets for the THIRA
  • Nationally typed resources
  • Partners to support development of capabilities
  • Exercise support and guidance to validate capabilities
  • Assistance from the FEMA National Preparedness Directorate

In all, there are 48 Core Capability Development Sheets.  This made me raise an eyebrow when I first read it, as there are 32 Core Capabilities.  The 48 sheets account for the common Core Capabilities (Planning, Public Information and Warning, and Operational Coordination) being carried across each of the five mission areas, as well as other Core Capabilities that are carried across more than one mission area, such as Infrastructure Systems.  This is smart, since, for example, Operational Coordination has some different applications between mission areas, such as Prevention and Recovery.

The sheets themselves offer some good information and make a nice quick reference, particularly for those who aren’t hip-deep in the Core Capabilities on a regular basis.  Matching the National Preparedness Goal, each Core Capability starts off identification of the applicable mission area and a description.  The sheets also identify some training programs across DHS training consortium entities, such as EMI and CDP, which can support the capability.

I like the inclusion of example capability targets, which compliments THIRA development, but also helps users wrap their heads a bit more around the concept of each Core Capability, how progress can be measured, and what can be strived for.  They also offer some identification of resource types that fall in line with the national Resource Typing Library Tool.  I’m a bit ambivalent about this, as the resources identified are response-oriented resources.  For example, the Planning Core Capability identifies two resources – Planning Section Chief (Type 3) and an EOC Planning Section Chief.  Yes, there is obviously a strong case for operational planning in an incident (i.e. the ICS Planning Process), but there is no acknowledgment in this area of resources needed for pre-planning, even though the recommended training does focus on pre-planning.

Each sheet also provides summaries of information on potential partners to help support capability development as well as resources to assist in validating capabilities, the latter being largely exercise focused.  Every sheet has a number of links and even email addresses to DHS program areas which can provide additional information, which may be one of the best aspects of these sheets.

While it’s not indicated that the Core Capability Development Sheets are in any kind of draft form, FEMA’s Technical Assistance program does ask that feedback and comments are emailed to them at FEMA-TARequest@fema.dhs.gov.

I like the concept of these sheets and most of the information contained within.  They are a good quick reference for those that don’t work with the Core Capabilities all the time, and I envision these being circulated for study ahead of meetings, such training and exercise planning workshops (TEPWs) and THIRA/SPR meetings to make sure there is a foundational understanding of each Core Capability and some ideas on how they can be further developed for a jurisdiction.  Kudos to FEMA’s Technical Assistance program on these!  I hope they continue to develop as we all gain a better understanding of how to grow our capabilities.

I’m always interested in the thoughts of readers.  Please look these over and share what you think about them.

© 2017 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC

 

Measuring Preparedness – An Executive Academy Perspective

A recent class of FEMA’s Emergency Management Executive Academy published a paper titled Are We Prepared Yet? in the latest issue of the Domestic Preparedness Journal.  It’s a solid read, and I encourage everyone to look it over.

First off, I wasn’t aware of the scope of work conducted in the Executive Academy.  I think that having groups publish papers is an extremely important element.  Given that the participants of the Executive Academy function, presently or in the near future, at the executive level in emergency management and/or homeland security, giving others the opportunity to learn from their insight on topics discussed in their sessions is quite valuable.  I need to do some poking around to see if papers written by other groups can be found.

As most of my readers are familiar, the emphasis of my career has always been in the realm of preparedness.  As such, it’s an important topic to me and I tend to gravitate to publications and ideas I can find on the topic.  The authors of this paper bring up some excellent points, many of which I’ve covered in articles past.  They indicate a variety of sources, including literature reviews and interviews, which I wish they would have cited more completely.

Some points of discussion…

THIRA

The authors discuss the THIRA and SPR – two related processes/products which I find to be extremely valuable.  They indicate that many believe the THIRA to be complex and challenging.  This I would fully agree with, however I posit that there are few things in the world that are both simple and comprehensive in nature.  In particular regard to emergency management and homeland security, the inputs that inform and influence our decisions and actions are so varied, yet so relevant, that to ignore most of them would put us at a significant disadvantage.  While I believe that anything can be improved upon, THIRA and SPR included, this is something we can’t afford to overly simplify.

What was most disappointing in this topic area was their finding that only a scant majority of people they surveyed felt that THIRA provided useful or actionable information.  This leaves me scratching my head.  A properly done THIRA provides a plethora of useful information – especially when coupled with the SPR (POETE) process.  Regardless, the findings of the authors suggest that we need to take another look at THIRA and SPR to see what can be improved upon, both in process and result.

Moving forward within the discussion of THIRA and SPR, the authors include discussion of something they highlight as a best practice, that being New York State’s County Emergency Preparedness Assessment (CEPA).  The intent behind the CEPA is sound – a simplified version of the THIRA which is faster and easier to do for local governments throughout the state.  The CEPA includes foundational information, such as a factual overview of the jurisdiction, and a hazard analysis which ranks hazards based upon likelihood and consequence.  It then analyses a set of capabilities based upon the POETE elements.  While I love their inclusion of POETE (you all know I’m a huge fan), the capabilities they use are a mix of the current Core Capabilities (ref: National Preparedness Goal) and the old Target Capabilities, along with a few not consistent with either and a number of Core Capabilities left out.  This is where the CEPA falls apart for me.  It is this inconsistency with the National Preparedness Goal that turns me off.  Any local governments looking to do work in accordance with the NPG and related elements, including grants, then need to cross walk this data, as does the state in their roll-up of this information to their THIRA and SPR.

The CEPA continues with an examination of response capacity, along the lines of their response-oriented capabilities.  This is a valuable analysis and I expect it becomes quite a reality check for many jurisdictions.  This is coupled with information not only on immediate response, but also sustained response over longer periods of time.  Overall, while I think the CEPA is a great effort to make the THIRA and POETE analysis more palatable for local jurisdictions, it leaves me with some concerns in regard to the capabilities they use.  It’s certainly a step in the right direction, though.  Important to note, the CEPA was largely developed by one of the authors of the paper, who was a former colleague of mine working with the State of New York.

The Process of Preparedness

There are a few topic areas within their paper that I’m lumping together under this discussion topic.  The authors make some excellent points about our collective work in preparedness that I think all readers will nod their heads about, because we know when intuitively, but sometimes they need to be reinforced – not only to us as practitioners, but also to other stakeholders, including the public.  First off, preparedness is never complete.  The cycle of preparedness – largely involving assessment, planning, organizing, equipping, training, and exercising – is just that – a cycle.  It’s endless.  While we do a great deal of work in each of these, our accomplishments are really only temporary.

The authors also mention that our information is not always precise.  We base a lot of what we do in preparedness on information, such as a hazard analysis.  While there are some inputs that are factual and supported by science, there are many that are based on speculation and anecdote.  This is a reality of our work that we must always acknowledge.  As is other of their points – there is no silver bullet.  There is no universal solution to all our woes.  We must constantly have our head in the game and consider actions that we may not have ever considered before.

ICS Improvement Officer

The authors briefly discuss a conceptual position within the ICS Command Staff they call the ICS Improvement Officer.  The concept of this fascinating, if not a bit out of place in this paper given other topics of discussion.  Essentially, as they describe this position, it is someone at the Command Staff level who is responsible for providing quality control to the incident management processes and implementations of the organization.  While I’ve just recently read this paper and haven’t had a lot of time to digest the concept, I really can’t find any fault with the concept.  While the planning process itself is supposed to provide some measure of a feedback loop, there isn’t anyone designated in the organization to shepherd that process beginning to end and ultimately provide the quality control measures necessary.  In practice, I’ve seen this happen collaboratively, among members of the Command and General Staff of a well-staffed structure, as well as by the individual who has the best overall ICS insight and experience in an organization – often the Planning Section Chief.  The authors elude to this position also feeding an AAR process, which contributes to overall preparedness.  I like this idea and I hope it is explored more, either formally or informally.

Conclusion

There are a number of other topic areas of this paper which I haven’t covered here, but I encourage everyone to read on their own.  As mentioned earlier, I’d like to see more of the research papers that come from FEMA’s Emergency Management Executive Academy available for public review.  Agree or disagree with their perspectives, I think their discussions on various topics are absolutely worth looking at.  It’s these discussions like these which will ultimately drive bigger discussions which will continue to advance public safety.

I’m always interested in the perspectives of my readers.  Have you read the paper?  What do you think of the discussion topics they presented?

© 2017 – Timothy M Riecker, CEDP

Emergency Preparedness Solutions, LLC

 

In a POETE State of Mind

One of the searches that has most often brought people to my blog over the last couple of years has been POETE.  In case you forgot, POETE stands for Planning, Organizing, Equipping, Training, and Exercising.  If you conduct an internet search for POETE, there are very few relevant results.  Along with a few of my blog posts, there are a couple of articles published by others, and a few FEMA documents that include obscure references to POETE.  Sadly, there is nothing available that provides (official) guidance, much less doctrine.

Why is it that such a great tool has so few tangible references?  Unfortunately, I don’t have an answer to that.  I hope that will soon change.

POETE was most widely indoctrinated several years ago as an analysis step within the State Preparedness Reports (SPRs), which are annual submissions completed by every state, UASI (Urban Area Security Initiative-funded program), and territory.  Note: The SPR templates and guidance are generally not publicly posted, as they are sent directly to the points of contact for each jurisdiction – thus they generally don’t come up in internet search results.

The SPR is a step beyond the THIRA (Threat and Hazard Identification and Risk Analysis), which is a very in-depth hazard analysis.  The SPR examines each jurisdiction’s level of preparedness for hazards, referencing the 32 Core Capabilities.  Each Core Capability is then analyzed through the lens of POETE.

As a conceptual example, let’s use the Operational Communications Core Capability.  The POETE analysis will examine the jurisdiction’s preparedness by examining:

  • Planning (are plans adequate? Have they been tested?  What improvements need to be made?);
  • Organizing (are there organizational barriers to success? What human operational communications resources are available?  Are there gaps?  Have teams been exercised? What improvements need to be made?);
  • Equipment (does the jurisdiction have equipment necessary for operational communications? What needs are there relative to the resource management cycle?);
  • Training (what training has been provided? What training gaps exist?  When/how will they be addressed?);
  • Exercises (what exercises have been conducted that include the operational communications Core Capability? What were the findings of the AAR/IPs?  What future exercises are scheduled that include this Core Capability?).

Along with answering a few questions on each element, jurisdictions are asked to rate their status for each POETE element for each Core Capability.  If they look at their reports submitted historically, they can see the measure of progress (or lack thereof) with each.  They also have a tracking of identified action items to help them improve their measure of preparedness.

While this analysis can be quite tedious, it’s extremely insightful and informative.  Often, stakeholders have conceptual ideas about the state of preparedness for each Core Capability, but absent conducting this type of in-depth analysis, they rarely see the details, much less have them written down.  Documenting these helps with recognition, awareness, tasking, tracking, and accountability.  It’s a valuable activity that I would encourage all jurisdictions and organizations to conduct.

What else can POETE be applied to?  In the past few years, POETE is being included in DHS preparedness grants.  They often want applicants to identify key tasks within the POETE structure, and awardees to chart progress along the same lines.

I’ve advocated in the past to use the POETE structure in improvement plans, which are a step beyond after action reports from exercises, events, and even incidents.  Having key activities identified across each POETE element for the Core Capabilities analyzed is extremely helpful, and ensures that issues are being identified comprehensively.

Using the POETE concept across all preparedness efforts helps to tie them together.  By documenting each element for each Core Capability, you will have full visibility and reference to your current status and what needs to be improved upon.  It helps drive accountability, a comprehensive approach, and reduces duplication of efforts – especially in larger organizations.  While implementing such a program will take some investment up front to begin to identify, organize, and chart progress and establish an organizational system to do so, I feel it’s an investment that will pay off.

I’m hopeful that the use of POETE continues to see adoption across all of emergency management and homeland security, and that it is further reinforced as a standard through DHS, FEMA, NFPA, and other organizations which hold sway for settings standards and/or requirements.

How does your organization, agency, or jurisdiction use POETE?

© 2017 – Timothy M Riecker, CEDP

Emergency Preparedness Solutions, LLC