Tag THIRA

Reviewing The 2018 National Preparedness Report

Tim Riecker, The Contrarian Emergency Manager Leave a comment

The 2018 National Preparedness Report was released last week.  For the past few years, I’ve provided my own critical review of these annual reports (see 2017’s report here).  For those not familiar with the National Preparedness Report (NPR), it is mandated by the Post-Katrina Emergency Management Reform Act (PKEMRA).  The information is compiled by FEMA from the State Preparedness Reports (SPR), including the Threat and Hazard Identification and Risk Assessment (THIRA) data submitted by states, territories, and Urban Area Security Initiative (UASI) – funded regions.  The data presented is for the year prior.  The SPRs and NPR examine the condition of our preparedness relative to the 32 Core Capabilities identified in the National Preparedness Goal.

Overall, the NPR provides little information, certainly nothing that is really shocking if you pay attention to the top issues in emergency management.  Disappointingly, the report only covers those Core Capabilities identified for sustainment or improvement, with no more than a graphic summary of the other Core Capabilities.

Core Capabilities to Sustain

Operational Coordination was identified as the sole Core Capability to sustain in this year’s report.  I’ve got some issues with this right off.  First of all, they summarize their methodology for selecting Core Capabilities to sustain: ‘To be a capability to sustain, the Nation must show proficiency in executing that core capability, but there must also be indications of a potentially growing gap between the future demand for, and the performance of, that capability.’  To me, what this boils down to is ‘you do it well, but you are going to have to do it better’.  I think most EM professionals could add to this list significantly, with Core Capabilities such as Planning; Public Information and Warning; Public Health, Healthcare, and EMS; Situational Assessment; and others.  Distilling it down to only Operational Coordination shows to me, a severe lack of understanding in where we presently are and the demands that will be put on our systems in the future.

Further, the review provided in the report relative to Operational Coordination is pretty soft.  Part of it is self-congratulatory, highlighting advances in the Core Capability made last year, with the rest of the section identifying challenges but proving little analysis.  Statements such as ‘Local governments reported challenges with incident command and coordination during the 2017 hurricane season’ are put out there, yet their single paragraph on corrective actions for the section boils down to the statement of ‘we’re looking at it’.  Not acceptable.

Core Capabilities to Improve

The 2018 report identifies four Core Capabilities to improve:

  • Infrastructure Systems
  • Housing
  • Economic Recovery
  • Cybersecurity

These fall under the category of NO KIDDING.  The writeups within the NPR for each of these superficially identifies the need, but doesn’t have much depth of analysis.  I find it interesting that the Core Capability to sustain has a paragraph on corrective actions, yet the Core Capabilities to Improve doesn’t.  They do, instead, identify key findings, which outline some efforts to address the problems, but are very soft and offer little detail.  Some of these include programs which have been in place for quite some time which are clearly having limited impact on addressing the issues.

What really jumped out at me is the data provided on page 9, which charts the distribution of FEMA Preparedness grants by Core Capability for the past year.  The scale of their chart doesn’t allow for any exact amounts, but we can make some estimates.  Let’s look at four of these in particular:

  • Infrastructure Systems – scantly a few million dollars
  • Housing – None
  • Economic Recovery – Less than Infrastructure Systems
  • Cybersecurity – ~$25 million

With over $2.3 billion in preparedness funding provided in 2017 by FEMA, it’s no wonder these are Core Capabilities that need to be improved when so few funds were invested at the state/territory/UASI level.  The sad thing is that this isn’t news.  These Core Capabilities have been identified as needing improvement for years, and I’ll concede they are all challenging, but the lack of substantial movement should anger all emergency managers.

I will agree that Housing and Cybersecurity require a significant and consolidated national effort to address.  That doesn’t mean they are solely a federal responsibility, but there is clear need for significant assistance at the federal level to implement improvements, provide guidance to states and locals, and support local implementations.  That said, we can’t continue to say that these areas are priorities when little funding or activity is demonstrated to support improvement efforts.  While certain areas may certainly take years to make acceptable improvements, we are seeing a dangerous pattern relative to these four Core Capabilities, which continue to wallow at the bottom of the list for so many years.

The Path Forward

The report concludes with a two-paragraph section titled ‘The Path Forward’, which simply speaks to refining the THIRA and SPR methodology, while saying nothing of how the nation needs to address the identified shortcomings.  Clearly this is not acceptable.

~~

As for my own conclusion, while I saw last year’s NPR as an improvement from years previous, I see this one as a severe backslide.  It provides little useful information and shows negligible change in the state of our preparedness over the past year.  The recommendations provided, at least of those that do exist, are translucent at best, and this report leaves the reader with more questions and frustration.  We need more substance beginning with root cause analysis and including substantial, tangible, actionable recommendations.  While I suppose it’s not the fault of the report itself that little improvement is being made in these Core Capabilities, the content of the report shows a lack of priority to address these needs.

I’m actually surprised that a separate executive summary of this report was published, as the report itself holds so little substance, that it could serve as the executive summary.  Having been involved in the completion of THIRAs and SPRs, I know there is information generated that is simply not being analyzed for the NPR.  Particularly with each participating jurisdiction completing a POETE analysis of each Core Capability, I would like to see a more substantial NPR which does some examination of the capability elements in aggregate for each Core Capability, perhaps identifying trends and areas of focus to better support preparedness.

As always, I’m interested in your thoughts.  Was there anything you thought to be useful in the National Preparedness Report?

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

An Updated Comprehensive Preparedness Guide 201 (THIRA/SPR)

Tim Riecker, The Contrarian Emergency Manager 3 Comments

In late May, FEMA/DHS released an updated version of Comprehensive Preparedness Guide (CPG) 201.  For those not familiar, CPG 201 is designed to guide communities and organizations through the process of the Threat and Hazard Identification and Risk Assessment (THIRA).  This is the third edition of a document that was originally released in April 2012.  This third edition integrates the Stakeholder Preparedness Review (SPR) into the process.  Note that ‘SPR’ has commonly been an acronym for State Preparedness Report, which is also associated with the THIRA.  The goal of the Stakeholder Preparedness Review appears to be fundamentally similar to that of the State Preparedness Report which some of you may be familiar with.

Picture1

First of all, a few noted changes in the THIRA portion of CPG 201.  First, FEMA now recommends that communities complete the THIRA every three years instead of annually.  Given the complexity and depth of a properly executed THIRA, this makes much more sense and I fully applaud this change.  Over the past several years many jurisdictions have watered down the process because it was so time consuming, with many THIRAs completed being more of an update to the previous year’s than really being a new independent assessment.  While it’s always good to reflect on the progress relative to the previous year, it’s human nature to get stuck in the box created by your reference material, so I think the annual assessment also stagnated progress in many areas.

The other big change to the THIRA process is elimination of the fourth step (Apply Results).  Along with some other streamlining of activities within the THIRA process, the application of results has been extended into the SPR process.  The goal of the SPR is to assess the community’s capability levels based on the capability targets identified in the THIRA.  Despite the THIRA being changed to a three-year cycle, CPG 201 states that the SPR should be conducted annually.  Since capabilities are more prone to change (often through deliberate activities of communities) this absolutely makes sense. The SPR process centers on three main activities, all informed by the THIRA:

  1. Assess Capabilities
  2. Identify and Address Gaps
  3. Describe Impacts and Funding Sources

The assessment of capabilities is intended to be a legacy function, with the first assessment establishing a baseline, which is then continually reflected on in subsequent years.  The capability assessment contributes to needs identification for a community, which is then further analyzed for the impacts of that change in capability and the identification of funding sources to sustain or improve capabilities, as needed.

An aspect of this new document which I’m excited about is that the POETE analysis is finally firmly established in doctrine.  If you aren’t familiar with the POETE analysis, you can find a few articles I’ve written on it here.  POETE is reflected on several times in the SPR process.

So who should be doing this?   The document references all the usual suspects: state, local, tribal, territorial, and UASI jurisdictions.  I think it’s great that everyone is being encouraged to do this, but we also need to identify who must do it.  Traditionally, the state preparedness report was required of states, territories, and UASIs as the initial recipients of Homeland Security Grant Program (HSGP) sub-grants.  In 2018, recipients of Tribal Homeland Security Grant Program funds will be required to complete this as well.  While other jurisdictions seem to be encouraged to use the processes of CPG 201, they aren’t being empowered to do so.

Here lies my biggest criticism…  as stated earlier, the THIRA and SPR processes are quite in-depth and the guidance provided in CPG 201 is supported by an assessment tool designed by FEMA for these purposes.  The CPG 201 website unfortunately does not include the tool, nor does CPG 201 itself even make direct reference to it.  There are vague indirect references, seeming to indicate what kind of data can be used in certain steps, but never actually stating that a tool is available.  The tool, called the Universal Reporting Tool, provides structure to the great deal of information being collected and analyzed through these processes.  Refined over the past several years as the THIRA/SPR process has evolved, the Universal Reporting Tool is a great way to complete this.  As part of the State Preparedness Report, the completed tool was submitted to the FEMA regional office who would provide feedback and submit it to HQ to contribute to the National Preparedness Report.  But what of the jurisdictions who are not required to do this and wish to do this of their own accord?  It doesn’t seem to be discouraged, as jurisdictions can request a copy from FEMA-SPR@fema.dhs.gov, but it seems that as a best practice, as well as a companion to CPG 201, the tool should be directly available on the FEMA website.  That said, if the THIRA/SPR is being conducted by a jurisdiction not required to do so, the tool would then not be required – although it would help.

Overall, I’m very happy with this evolution of CPG 201.  It’s clear that FEMA is paying attention to feedback received on the process to streamline it as best they can, while maximizing the utility of the data derived from the analysis.  A completed THIRA/SPR is an excellent foundation for planning and grant funding requests, and can inform training needs assessments and exercise program management (it should be used as a direct reference to development of a Training and Exercise Plan).

For those interested, EPS’ personnel have experience conducting the THIRA/SPR process in past years for a variety of jurisdictions and would be happy to assist yours with this updated process.  Head to the link below for more information!

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

New Release: Core Capability Development Sheets

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Today’s FEMA Daily Digest Bulletin announced the release of Core Capability Development Sheets which are intended to help jurisdictions build or sustain each capability by integrating:

  • Available training courses
  • Capability targets for the THIRA
  • Nationally typed resources
  • Partners to support development of capabilities
  • Exercise support and guidance to validate capabilities
  • Assistance from the FEMA National Preparedness Directorate

In all, there are 48 Core Capability Development Sheets.  This made me raise an eyebrow when I first read it, as there are 32 Core Capabilities.  The 48 sheets account for the common Core Capabilities (Planning, Public Information and Warning, and Operational Coordination) being carried across each of the five mission areas, as well as other Core Capabilities that are carried across more than one mission area, such as Infrastructure Systems.  This is smart, since, for example, Operational Coordination has some different applications between mission areas, such as Prevention and Recovery.

The sheets themselves offer some good information and make a nice quick reference, particularly for those who aren’t hip-deep in the Core Capabilities on a regular basis.  Matching the National Preparedness Goal, each Core Capability starts off identification of the applicable mission area and a description.  The sheets also identify some training programs across DHS training consortium entities, such as EMI and CDP, which can support the capability.

I like the inclusion of example capability targets, which compliments THIRA development, but also helps users wrap their heads a bit more around the concept of each Core Capability, how progress can be measured, and what can be strived for.  They also offer some identification of resource types that fall in line with the national Resource Typing Library Tool.  I’m a bit ambivalent about this, as the resources identified are response-oriented resources.  For example, the Planning Core Capability identifies two resources – Planning Section Chief (Type 3) and an EOC Planning Section Chief.  Yes, there is obviously a strong case for operational planning in an incident (i.e. the ICS Planning Process), but there is no acknowledgment in this area of resources needed for pre-planning, even though the recommended training does focus on pre-planning.

Each sheet also provides summaries of information on potential partners to help support capability development as well as resources to assist in validating capabilities, the latter being largely exercise focused.  Every sheet has a number of links and even email addresses to DHS program areas which can provide additional information, which may be one of the best aspects of these sheets.

While it’s not indicated that the Core Capability Development Sheets are in any kind of draft form, FEMA’s Technical Assistance program does ask that feedback and comments are emailed to them at FEMA-TARequest@fema.dhs.gov.

I like the concept of these sheets and most of the information contained within.  They are a good quick reference for those that don’t work with the Core Capabilities all the time, and I envision these being circulated for study ahead of meetings, such training and exercise planning workshops (TEPWs) and THIRA/SPR meetings to make sure there is a foundational understanding of each Core Capability and some ideas on how they can be further developed for a jurisdiction.  Kudos to FEMA’s Technical Assistance program on these!  I hope they continue to develop as we all gain a better understanding of how to grow our capabilities.

I’m always interested in the thoughts of readers.  Please look these over and share what you think about them.

© 2017 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC

 

Measuring Preparedness – An Executive Academy Perspective

Tim Riecker, The Contrarian Emergency Manager 10 Comments

A recent class of FEMA’s Emergency Management Executive Academy published a paper titled Are We Prepared Yet? in the latest issue of the Domestic Preparedness Journal.  It’s a solid read, and I encourage everyone to look it over.

First off, I wasn’t aware of the scope of work conducted in the Executive Academy.  I think that having groups publish papers is an extremely important element.  Given that the participants of the Executive Academy function, presently or in the near future, at the executive level in emergency management and/or homeland security, giving others the opportunity to learn from their insight on topics discussed in their sessions is quite valuable.  I need to do some poking around to see if papers written by other groups can be found.

As most of my readers are familiar, the emphasis of my career has always been in the realm of preparedness.  As such, it’s an important topic to me and I tend to gravitate to publications and ideas I can find on the topic.  The authors of this paper bring up some excellent points, many of which I’ve covered in articles past.  They indicate a variety of sources, including literature reviews and interviews, which I wish they would have cited more completely.

Some points of discussion…

THIRA

The authors discuss the THIRA and SPR – two related processes/products which I find to be extremely valuable.  They indicate that many believe the THIRA to be complex and challenging.  This I would fully agree with, however I posit that there are few things in the world that are both simple and comprehensive in nature.  In particular regard to emergency management and homeland security, the inputs that inform and influence our decisions and actions are so varied, yet so relevant, that to ignore most of them would put us at a significant disadvantage.  While I believe that anything can be improved upon, THIRA and SPR included, this is something we can’t afford to overly simplify.

What was most disappointing in this topic area was their finding that only a scant majority of people they surveyed felt that THIRA provided useful or actionable information.  This leaves me scratching my head.  A properly done THIRA provides a plethora of useful information – especially when coupled with the SPR (POETE) process.  Regardless, the findings of the authors suggest that we need to take another look at THIRA and SPR to see what can be improved upon, both in process and result.

Moving forward within the discussion of THIRA and SPR, the authors include discussion of something they highlight as a best practice, that being New York State’s County Emergency Preparedness Assessment (CEPA).  The intent behind the CEPA is sound – a simplified version of the THIRA which is faster and easier to do for local governments throughout the state.  The CEPA includes foundational information, such as a factual overview of the jurisdiction, and a hazard analysis which ranks hazards based upon likelihood and consequence.  It then analyses a set of capabilities based upon the POETE elements.  While I love their inclusion of POETE (you all know I’m a huge fan), the capabilities they use are a mix of the current Core Capabilities (ref: National Preparedness Goal) and the old Target Capabilities, along with a few not consistent with either and a number of Core Capabilities left out.  This is where the CEPA falls apart for me.  It is this inconsistency with the National Preparedness Goal that turns me off.  Any local governments looking to do work in accordance with the NPG and related elements, including grants, then need to cross walk this data, as does the state in their roll-up of this information to their THIRA and SPR.

The CEPA continues with an examination of response capacity, along the lines of their response-oriented capabilities.  This is a valuable analysis and I expect it becomes quite a reality check for many jurisdictions.  This is coupled with information not only on immediate response, but also sustained response over longer periods of time.  Overall, while I think the CEPA is a great effort to make the THIRA and POETE analysis more palatable for local jurisdictions, it leaves me with some concerns in regard to the capabilities they use.  It’s certainly a step in the right direction, though.  Important to note, the CEPA was largely developed by one of the authors of the paper, who was a former colleague of mine working with the State of New York.

The Process of Preparedness

There are a few topic areas within their paper that I’m lumping together under this discussion topic.  The authors make some excellent points about our collective work in preparedness that I think all readers will nod their heads about, because we know when intuitively, but sometimes they need to be reinforced – not only to us as practitioners, but also to other stakeholders, including the public.  First off, preparedness is never complete.  The cycle of preparedness – largely involving assessment, planning, organizing, equipping, training, and exercising – is just that – a cycle.  It’s endless.  While we do a great deal of work in each of these, our accomplishments are really only temporary.

The authors also mention that our information is not always precise.  We base a lot of what we do in preparedness on information, such as a hazard analysis.  While there are some inputs that are factual and supported by science, there are many that are based on speculation and anecdote.  This is a reality of our work that we must always acknowledge.  As is other of their points – there is no silver bullet.  There is no universal solution to all our woes.  We must constantly have our head in the game and consider actions that we may not have ever considered before.

ICS Improvement Officer

The authors briefly discuss a conceptual position within the ICS Command Staff they call the ICS Improvement Officer.  The concept of this fascinating, if not a bit out of place in this paper given other topics of discussion.  Essentially, as they describe this position, it is someone at the Command Staff level who is responsible for providing quality control to the incident management processes and implementations of the organization.  While I’ve just recently read this paper and haven’t had a lot of time to digest the concept, I really can’t find any fault with the concept.  While the planning process itself is supposed to provide some measure of a feedback loop, there isn’t anyone designated in the organization to shepherd that process beginning to end and ultimately provide the quality control measures necessary.  In practice, I’ve seen this happen collaboratively, among members of the Command and General Staff of a well-staffed structure, as well as by the individual who has the best overall ICS insight and experience in an organization – often the Planning Section Chief.  The authors elude to this position also feeding an AAR process, which contributes to overall preparedness.  I like this idea and I hope it is explored more, either formally or informally.

Conclusion

There are a number of other topic areas of this paper which I haven’t covered here, but I encourage everyone to read on their own.  As mentioned earlier, I’d like to see more of the research papers that come from FEMA’s Emergency Management Executive Academy available for public review.  Agree or disagree with their perspectives, I think their discussions on various topics are absolutely worth looking at.  It’s these discussions like these which will ultimately drive bigger discussions which will continue to advance public safety.

I’m always interested in the perspectives of my readers.  Have you read the paper?  What do you think of the discussion topics they presented?

© 2017 – Timothy M Riecker, CEDP

Emergency Preparedness Solutions, LLC

 

In a POETE State of Mind

Tim Riecker, The Contrarian Emergency Manager 2 Comments

One of the searches that has most often brought people to my blog over the last couple of years has been POETE.  In case you forgot, POETE stands for Planning, Organizing, Equipping, Training, and Exercising.  If you conduct an internet search for POETE, there are very few relevant results.  Along with a few of my blog posts, there are a couple of articles published by others, and a few FEMA documents that include obscure references to POETE.  Sadly, there is nothing available that provides (official) guidance, much less doctrine.

Why is it that such a great tool has so few tangible references?  Unfortunately, I don’t have an answer to that.  I hope that will soon change.

POETE was most widely indoctrinated several years ago as an analysis step within the State Preparedness Reports (SPRs), which are annual submissions completed by every state, UASI (Urban Area Security Initiative-funded program), and territory.  Note: The SPR templates and guidance are generally not publicly posted, as they are sent directly to the points of contact for each jurisdiction – thus they generally don’t come up in internet search results.

The SPR is a step beyond the THIRA (Threat and Hazard Identification and Risk Analysis), which is a very in-depth hazard analysis.  The SPR examines each jurisdiction’s level of preparedness for hazards, referencing the 32 Core Capabilities.  Each Core Capability is then analyzed through the lens of POETE.

As a conceptual example, let’s use the Operational Communications Core Capability.  The POETE analysis will examine the jurisdiction’s preparedness by examining:

  • Planning (are plans adequate? Have they been tested?  What improvements need to be made?);
  • Organizing (are there organizational barriers to success? What human operational communications resources are available?  Are there gaps?  Have teams been exercised? What improvements need to be made?);
  • Equipment (does the jurisdiction have equipment necessary for operational communications? What needs are there relative to the resource management cycle?);
  • Training (what training has been provided? What training gaps exist?  When/how will they be addressed?);
  • Exercises (what exercises have been conducted that include the operational communications Core Capability? What were the findings of the AAR/IPs?  What future exercises are scheduled that include this Core Capability?).

Along with answering a few questions on each element, jurisdictions are asked to rate their status for each POETE element for each Core Capability.  If they look at their reports submitted historically, they can see the measure of progress (or lack thereof) with each.  They also have a tracking of identified action items to help them improve their measure of preparedness.

While this analysis can be quite tedious, it’s extremely insightful and informative.  Often, stakeholders have conceptual ideas about the state of preparedness for each Core Capability, but absent conducting this type of in-depth analysis, they rarely see the details, much less have them written down.  Documenting these helps with recognition, awareness, tasking, tracking, and accountability.  It’s a valuable activity that I would encourage all jurisdictions and organizations to conduct.

What else can POETE be applied to?  In the past few years, POETE is being included in DHS preparedness grants.  They often want applicants to identify key tasks within the POETE structure, and awardees to chart progress along the same lines.

I’ve advocated in the past to use the POETE structure in improvement plans, which are a step beyond after action reports from exercises, events, and even incidents.  Having key activities identified across each POETE element for the Core Capabilities analyzed is extremely helpful, and ensures that issues are being identified comprehensively.

Using the POETE concept across all preparedness efforts helps to tie them together.  By documenting each element for each Core Capability, you will have full visibility and reference to your current status and what needs to be improved upon.  It helps drive accountability, a comprehensive approach, and reduces duplication of efforts – especially in larger organizations.  While implementing such a program will take some investment up front to begin to identify, organize, and chart progress and establish an organizational system to do so, I feel it’s an investment that will pay off.

I’m hopeful that the use of POETE continues to see adoption across all of emergency management and homeland security, and that it is further reinforced as a standard through DHS, FEMA, NFPA, and other organizations which hold sway for settings standards and/or requirements.

How does your organization, agency, or jurisdiction use POETE?

© 2017 – Timothy M Riecker, CEDP

Emergency Preparedness Solutions, LLC

Do We Need Different Systems for Catastrophic Incidents?

Tim Riecker, The Contrarian Emergency Manager 2 Comments

We’ve long heard, albeit in small pockets, people proclaiming that emergency management and public safety need different systems for larger incidents vs smaller incidents.  For years, the Incident Command System (ICS) fought that stigma, with many saying that ICS is only used for hazardous materials incidents (specifically because of OSHA requirements) or for large incidents that required such a high degree of organization.  Following the release of HSPD-5 and the resultant requirements for everyone to use the National Incident Management System (NIMS), we finally seemed to transcend that mentality – although we are still seeing people apply ICS poorly, and often with the thought that it will all work out fine when a large incident occurs.

Since the mid-2000s, coupled with the push for ‘catastrophic planning’, I’ve been hearing people proclaiming that catastrophic incidents require different systems – be it for planning or management.  Recently, I’m hearing this mentioned again.  Yet, interestingly enough, none of the arguments identify specifically what it is about our current systems of preparedness or incident management that fail at the sight of a catastrophic incident.

While I’m a critic of various aspects of our current systems, I’m a believer in them overall.  Do we need a new system of planning?  No, we just need to do it better.  When we plan for a catastrophic level event, we must consider that NOTHING will work in the aftermath of such an incident.  I’m shocked that some people are still counting on the existence and functionality of critical infrastructure following a catastrophic event.  No roads, no communications, no life lines.  These surprised disclosures are revealed in the After Action Reports (AARs) of incidents and exercises that test catastrophic incidents, such as the recent Cascadia Rising exercise.

Fundamentally, are these losses all that different than what we experience in smaller disasters?  Not so much.  Smaller disasters still take out our roads and disable our communications systems – but such disasters are small enough that we can work around these issues.  So how is it a surprise that a large hurricane or earthquake will do even more damage?  It really shouldn’t be.  It’s essentially a matter of scale.

That said, I certainly acknowledge the difficulties that come with the combined impacts of a catastrophic disaster, coupled with the sheer magnitude of it all.  There are challenges offered that we don’t normally see, but a new system of planning is not the answer.  The current frameworks and standards, such as CPG-101 and NFPA 1600 are absolutely substantial.  The processes are not flawed.  The issue is a human one.  We can’t blame the standards.  We can’t blame the plans.  The responsibility lies with the people at the table crafting the plan.  The responsibility lies with them to fully understand the hazards and the potential impacts of those hazards.  Conducting a hazard analysis is the first step for a planning team to accomplish, and I think this is often taken for granted.  While the traditional hazard analysis has value, the current standard is the Threat and Hazard Identification and Risk Assessment (THIRA).  It is an exhausting and detailed process, but it is highly effective, with engaged teams, to reveal the nature and impacts of disasters that can impact a community.  Without a solid and realistic understanding of hazards, including those that can attain catastrophic levels, WE WILL FAIL.  It’s that simple.

As we progress through the planning process and identify strategies to accomplish objectives, alternate strategies must be developed to address full failures of infrastructure and lack of resources.  Assumptions are often made in plans that we will be able to apply the resources we have to fix problems; and if those resources are exhausted, we will ask for more, which will magically appear, thus solving our problems.  Yes, this works most of the time, but in a catastrophic incident, this is pure bullshit.  This assumption needs to be taken off the table when catastrophic incidents are concerned.  The scarcity of resources is an immediate factor that we need to address along with acknowledging that a severely damaged infrastructure forces us out of many of the technological and logistical comforts we have become accustomed to.  It doesn’t require a new system of planning – just a realistic mentality.

This all logically ties to our incident management system – ICS.  ICS is fully able to accommodate a catastrophic-level incident.  The difficulties we face are with how we apply it (another human factor) and integration of multiple ICS organizations and other incident management entities, such as EOCs.  The tenant in ICS is that one incident gets one incident command system structure.  This is obviously not a geo-political or practical reality for a catastrophic incident that can have a large footprint.  This, however, doesn’t mean that we throw ICS out the window.  This is a reality that we deal with even on smaller disasters, where different jurisdictions, agencies, organizations, and levels of government all have their own management system established during a disaster.  Through implementations such as unified command, multi-agency coordination, agency representatives and liaison officers, and good lines of communication we are able to make effective coordination happen.  (Side note: this is absolutely something I think we need to plan for and tighten up conceptually.  It’s often pulled together a bit too ad-hoc for my comfort).

While some time and effort needs to be applied to develop some solid solutions to the issues that exist, I’m confident that we DO NOT need to create alternate preparedness or response systems for addressing catastrophic incidents – we simply need to apply what we have better and with a more realistic perspective.  The answers won’t come easy and the solutions might be less than ideal, but that’s the nature of a catastrophic event.  We can’t expect it to be easy or convenient.

© 2016 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLCYour Partner in Preparedness

Must Read – Evaluating Preparedness at Different Levels of Analysis by Brandon Greenberg

Tim Riecker, The Contrarian Emergency Manager 1 Comment

In the past I’ve made references to the DisasterNet blog written by Brandon Greenberg.  If you aren’t reading his blog, you certainly should be, as he routinely posts great material.  Yesterday’s post was no exception.

Brandon has been doing some research on evaluating preparedness, which is a topic I’ve also written about in the past and I feel is of great importance to continued improvements in emergency management.  His article, Evaluating Preparedness at Different Levels of Analysis provides a number of insightful thoughts and information which are certainly going down the right path.  With all hope, Brandon’s continued work may help us find better ways to evaluate preparedness.

-TR

 

 

 

Planning for Preparedness

Tim Riecker, The Contrarian Emergency Manager 2 Comments

Yes, planning is part of preparedness, but organizations must also have a plan for preparedness.  Why?  Preparedness breaks down into five key elements  – remember the POETE mnemonic – Planning, Organizing, Equipping, Training, and Exercising.  I’m also in favor of including assessment as a preparedness element.  Needless to say, we do a lot when it comes to preparedness.  Each of these elements alone involves significant activity, and together there are opportunities for activities to be synchronized for maximum benefit.  In smaller organizations, these elements may be addressed by one or two people, which itself can be challenging as these are the same people running the organization and addressing myriad other tasks.  In larger organizations each element alone may be addressed by a number of people, which also provides a complication of synchronizing tasks for maximum benefit.  Either way, as with all project and program management, without a plan of action, we may forget critical tasks or do things out of order.

By establishing a preparedness plan, we can address many of these issues.  The plan can be as detailed as necessary, but should at least identify and address requirements (internally and externally imposed) as well as benchmarks to success.  But what do we plan for?

Assessment – Yes, I’m including this as an element.  Assessment is something we should constantly be doing.  Just as we strive to maintain situational awareness throughout an incident, we have to be aware of and assess factors that influence our state of readiness.  There are a variety of assessments that we do already and others that can be done as they relate to the other five elements.  In fact, assessments will inform our preparedness plan, helping us to identify where we are and where we need to be.  We can review after action reports from incidents, events, and exercises to determine what improvements must be made.  We can research best practices and examine funding requirements, legal requirements, and standards such as EMAP or NFPA 1600 which can broadly influence our programs.  We assess current plans to identify what our gaps are and what plans need to be revisited.  We can assess our organization to determine if staffing is maximized and that policy, procedure, and protocol support an agile organization.  The status of equipment can be assessed to determine what is operational and ready to deploy.  We can conduct a training needs assessment to identify what training is needed; and lastly, we can assess opportunities to exercise.  Not only should our assessments inform what needs to be accomplished for each of the POETE elements, but regular assessment check ins and activities should be identified, nay planned for, within our preparedness plan.  Consider what else can inform our preparedness plan.  A recent hazard analysis, THIRA, or state preparedness report (SPR) can feed a lot of information into a preparedness plan – especially the state preparedness report, as it is specifically structured to identify POETE gaps.

Planning – We should always examine what we have.  If plan reviews aren’t scheduled, they often fall to the wayside.  Plan review teams should be identified for each plan, and a review schedule or cycle established.  Benchmark activities for plan review activities should also be identified.  The need for new plans should also be highlighted.  Based on standards, requirements, best practices, or other need, what plans do you organization need to assemble in the next year or two?  Again, identify benchmarks for these.

Organization – Assessments of your organization, either as direct efforts or as part of after action reports or strategic plans can identify what needs to be accomplished organizationally.  Maybe it’s a reorganization, an increase in staffing levels, an impending change in administration, expected attrition, union matters, or something else that needs to be addressed.  As with many other things, some matters or organization are simple, while others are very difficult to navigate.  Without a plan of action, it’s easy to allow things to fall to the wayside.  What changes need to be made?  Who is responsible for implementing them?  Who else needs to be involved? What’s a reasonable timeline for making these changes happen?

Equipping – Many logisticians are great at keeping accurate records and maintenance plans.  This measure of detail isn’t likely needed for your preparedness plan, but you still should be documenting the big picture.  What benchmarks need to be established and followed?  Are there any large expenditures expected for equipment such as a communications vehicle?  Is there an impending conversion of equipment to comply with a new standard?  Are there any gaps in resource management that need to be addressed?

Training – Informed by a training needs assessment, a training plan can be developed.  A training plan should identify foundational training that everyone needs as well as training needed for people functioning at certain levels or positions.  Ideally, you are addressing needs through training programs that already exist, either internally or externally, but there may be a need to develop new training programs.  A training plan should identify what training is needed, for who, and to what level (i.e. to steal from the hazmat world – Awareness? Operations? Technician?).  The plan should identify who will coordinate the training, how often the training will be made available, and how new training will be developed.

Exercises – We have a standard of practice for identifying exercises into the future – it’s called the multi-year training and exercise plan (MYTEP).  While it’s supposed to include training (or at least training related to the identified exercises), training often falls to the wayside during the training and exercise planning workshop (TEPW).  The outcomes of the TEPW can be integrated into your preparedness plan, allowing for an opportunity to synchronize needs and activities across each element.

Just as we do with most of our planning efforts, I would suggest forming a planning team to shepherd your preparedness plan, comprised of stakeholders of each of the elements.  I envision this as a group that should be in regular communication about preparedness efforts, with periodic check-ins on the preparedness plan.  This engagement should lead to synchronization of efforts.  Identify what activities are related and how.  Has a new plan been developed?  Then people need to be trained on it and the plan should be exercised.  Has new equipment been procured?  Then people should be trained in its use and plans should account for the new or increased capability.

Like any effort, endorsement from leadership is necessary, especially when multiple stakeholders need to be brought together and working together.  Many emergency management and homeland security organizations have positions responsible for preparedness, often at the deputy director level.  The formation and maintenance of a comprehensive preparedness plan should be a foundation of their efforts to manage preparedness and forecast and synchronize efforts.

Does your organization have a plan for preparedness beyond just a multi-year training and exercise plan?  What elements do you tie in?  Do you find it to be a successful endeavor?

Do you need assistance in developing a preparedness plan?  Contact us!

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLCYour Partner in Preparedness

2016 National Preparedness Report Released

Tim Riecker, The Contrarian Emergency Manager 3 Comments

The fifth National Preparedness Report has been released by FEMA.  The National Preparedness Report is based upon, as the report states, input of more than 450 data sources and 190 stakeholders, including 66 non-federal organizations (which would account for state preparedness report submissions and information from Urban Area Security Initiative regions).  The report is intended as a summary of where the nation stands in regard to each of the 32 Core Capabilities outlined in the National Preparedness Goal.

As mentioned, this is the fifth National Preparedness Report to hit the streets.  While they have some value and demonstrate that the data collection that is done is actually collated, I feel that through the years they are offering less meat and more potatoes.  I appreciate the highlighting of best practices for each mission area, but, to me, there is a missed opportunity if a report is simply providing data and not recommendations.  While it’s understood that the goal of the National Preparedness Report is not to provide recommendations (it would also take longer to publish the report, and the people pulling the data together do not likely have the expertise to create recommendations), I’d like to see FEMA (and stakeholders) have follow up efforts to provide recommendations in each mission area and not miss this valuable opportunity to then apply the findings and look forward.

Below, I’ve included their overall findings with a bit of my own commentary.  Overall, I will say that there is nothing eye opening in this report for anyone who pays attention.  It’s pretty easy to guess those Core Capabilities which are at the top and those which are at the bottom.

  • Planning; Public Health, Healthcare, and Emergency Medical Services; and Risk and Disaster Resilience Assessment are the three Core Capabilities in which the Nation has developed acceptable levels of performance for critical tasks, but that face performance declines if not maintained and updated to address emerging challenges.
    • My commentary: BULLSHIT.  If these Core Capabilities are at ‘acceptable levels’, then our standards must be pretty low.  Planning is the one that disturbs me most.  We continue to see plenty of poor plans that are not realistic, can’t be operationalized, and are created to meet requirements (which are typically met by formatting and buzzwords).  Have we improved?  Sure.  But I wouldn’t say we are at ‘acceptable levels’.  As for Public Health, Healthcare, and Emergency Medical Services, we are struggling in certain areas to simply keep our heads above water.  While we are fairly solid in some areas of public health, one only needs to look at the Ebola incident to view how fragile our state of readiness is.  The findings for Planning and Public Health, to me, are nothing but shameful pandering and we need to get realistic about where we are at and the challenges we face.  Gold stars won’t stand up to the next disaster.  As for Risk and Disaster Resilience Assessment I have admittedly less experience personally.  I do know that we have some pretty incredible tools available that can help us determine impacts of various hazards for any given area under a variety of conditions, which is an amazing application of technology.  My concerns here are that there are still many who don’t know about these tools, don’t use them, and/or don’t follow the findings of information from these tools in their hazard mitigation actions.
  • Cybersecurity, Economic Recovery, Housing, and Infrastructure Systems remain national areas for improvement. Two additional Core Capabilities – Natural and Cultural Resources, and Supply Chain Integrity and Security – emerged as new national areas for improvement.
    • My commentary: NO KIDDING. While we have made a great deal of progress on Cybersecurity, we are still far behind the criminal element in most respects.  It also needs to be fully recognized in the National Preparedness Goal that Cybersecurity is a Core Capability common to all five mission areas.  Economic Recovery will always be a challenge, as every community impacted by an incident has a certain way it heals, essentially along the lines of Maslow’s Hierarchy.  A strong local economy is important to this healing, ensuring that the community has access to the resources it needs to rebuild and a return to normalcy.  While I’m sure studies have been done, we need to examine more closely how the economic recovery process evolves after a disaster to identify how it can be best supported.  Housing is the absolutely most challenging Core Capability in the National Preparedness Goal.  While I don’t have a solution for this, I do know that our current approaches, philosophies, and ways of thinking haven’t moved us an inch toward the finish line on this one.  We need to change our current way of thinking to be successful.  As for Infrastructure Systems, I could go on for days about this.  I’ve written previously, several times, (as have many others) on the critically fragile state of our infrastructure.  It’s no big secret.
  • States and territories continue to be more prepared to achieve their targets for Response Core Capabilities, while they are least prepared to meet their targets in the Recovery Mission Area.
    • This is another NO KIDDING. While we must always have a greater focus on Response, as that’s where lives are saved and the immediate danger is addressed, we can’t lose sight of Recovery.  Some recovery activities are more clear cut than others, and FEMA often muddies the waters more by inadvertently intimidating state and local governments when it comes to disaster recovery, as the focus becomes centered more on reimbursable activities vs doing what needs to be done.  The report included some interesting findings (take a look in the Recovery Mission Area drop down on the web site) on ‘mixed trends in exercising recovery capabilities’.  Again, this is nothing earth shattering, but it’s nice to see the matter addressed.  Yes, we clearly need to exercise Recovery Mission Area Core Capabilities better and more often.

These reports are always worth looking through, even though much of the information is generally known by those of us in the profession.  There are always little nuggets of learning available, and data from the report may be used to support your own endeavors for additional funding or resources for your own program.

As always, I’m interested in your insights and thoughts on this post and the National Preparedness Report.

© 2016 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC – Your Partner in Preparedness

 

Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports

Tim Riecker, The Contrarian Emergency Manager 3 Comments

A lot of money is spent within the emergency management and homeland security enterprise.  Looking just at the last couple of years of annual Homeland Security Grant Program (HSGP) (this is the annual grant provided by the US Federal government to states and urban areas), $1.044 billion was allocated in FFY 2015 and $1.043 billion allocated in FFY 2014.  These billions of dollars only account for a portion of spending within EM/HS.  There are other federal initiatives as well as state, tribal, territorial, and locally funded efforts.  Businesses and NGOs also invest significantly in emergency management, homeland security, and business continuity activities.  But where does it all get us?

Through the past decade or so there have been a few efforts by DHS/FEMA to try to measure preparedness, ideally to identify improvements in our preparedness as the result of the billions of dollars invested.  None of these efforts have really provided obvious and tangible results.  The current measure is through annual State Preparedness Reports (SPRs), which utilize the THIRA process (Threat and Hazard Identification and Risk Assessment) outlined in Comprehensive Preparedness Guide (CPG) 201 as a foundation, but with the POETE analysis (Planning, Organizing, Equipping, Training, and Exercising) for each of the 31 Core Capabilities.  (You can find articles I’ve written on the utility and application of POETE here.) The SPR is a good methodology for identifying the current condition of preparedness for each state as viewed through the 31 Core Capabilities.  The POETE analysis helps to identify the strengths and weaknesses within each Core Capability.

The SPR, however, still falls short.  How can we improve it?

1. Include historical data for trend analysis. The SPR largely provides only a snapshot of current conditions.  The format of the SPR does not provide for any analysis of historical data to identify trends (i.e. improvements or otherwise) in the state’s assessed condition of its 31 Core Capabilities.  FEMA regional offices, upon receipt of an SPR, do provide a brief feedback report of the current SPR with a passing mention of the previous year’s submission, but the report provides so little information it could hardly be called an analysis.

A rudimentary table identifying trends for a selected Core Capability is below.  For those not familiar, higher scores rate a higher measure of capability.  In this table, I’ve identified POETE elements which have trended lower from year to year with a RED highlight, and those which have trended higher with a GREEN highlight.  A simple analysis such as this give an at-a-glance comparison.  To make this analysis more comprehensive, I would suggest the addition of narrative for each trend (higher or lower) which explains what has changed to warrant the new ranking.

Historical Comparison of a Core Capability

2. Include a financial analysis for the current year to identify return on investment. An identification and summary of key program area investments for the year will lay the groundwork for a return on investment (ROI) analysis.  ROI will help identify how much bang for the buck you are getting in certain areas.  It’s easy to lose sight through the year from a program management perspective on how much money was spent on certain programs and activities – especially for larger agencies with a layered bureaucracy.  Incorporating this analysis into an SPR is not only good financial and program management, but provides an opportunity to identify where money was spent and to measure, at least on a broader scale, what the results were.  Certainly we have to fund continued operations to simply sustain our capabilities, but we should also be funding, where possible, programs to enhance our high priority capabilities and those needing the most improvement.

Again, as a rudimentary example, we can build on the table provided earlier to identify where funds were spent to see if they made a difference in our level of preparedness.  As with the earlier example, a narrative should be provided for each investment to identify what it was and assess the impact.  This also provides an excellent opportunity to review the investment justification written for grants to determine if the investment met the intended objectives (which should have been to maintain or enhance some aspect of the capability).  Historic investment data can also be included for each year.  This all leads directly to identifying the return on investment – did the investment make a difference and to what extent?

Historical Analysis of a Core Capability with Identified Investments

Ultimately this added data and analysis requires more work, potentially the involvement of more people, and likely more time to complete the SPR.  However, this new process will also result in a positive return on investment itself by helping to identify trends and outcomes.  Financial information is regularly reported to DHS (for those grants that originate with them) in the form of progress reports, but that information is stovepiped and usually not associated with a more comprehensive assessment such as the THIRA/SPR.  Bringing this data together paints a much more accurate picture.

The concept of preparedness is difficult to put in a box.  It’s amorphic and challenging to identify, yet people often ask the question ‘Are we prepared?’  States, locals, DHS, and Congress often have difficulties measuring preparedness and advances in preparedness, especially relative to the dollars spent on it.  The GAO has regularly recommended efforts to better identify return on investment, yet we haven’t gotten there.  The recommendations identified here can bring us much closer to nailing down where we are and where we need to be.  Armed with this knowledge, we can make better decisions for future investments and activities.

Moving forward, I expect to write a bit on each POETE element, with my thoughts on how we can identify return on investment for each.  As always, I’m very much interested in your thoughts on the approach I identified above and how we can better identify return on investment in the realm of emergency management and homeland security.

If you are interested in utilizing this approach to better identify your return on investment for local, state, tribal, territorial, or organizational preparedness efforts (whether or not you do a State Preparedness Report), Emergency Preparedness Solutions is here to help!  Check out our website at www.epsllc.biz or contact me directly to discuss what we can do for you.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

WWW.EPSLLC.BIZ