Tag Tim Riecker

Critical Infrastructure Dependencies

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Homeland Security Today published an article recently on the FCC’s examination of wireless network issues post Hurricane Sandy.  While the article speaks mostly on the need to bolster the wireless telecom infrastructure, it does mention the obvious dependencies that wireless has on our energy infrastructure.  These types of dependencies can be seen throughout all our critical infrastructure, linking them intimately, and demonstrating how fragile we really are without proper preparedness efforts and redundancies.  The illustration below outlines eight (of eighteen) of our critical infrastructure sectors: Fuel, Communications, Water, Banking, Electric Power, Transportation, Emergency Services, and Government Services.  I take no credit for the graphic, which was simply found on Google Images, but it is a great example depicting a number of the linkages (i.e. dependencies) that each of these sectors has on one another.  Like dominos, multiple sectors can be made to topple by exploiting vulnerabilities in one or more of them.  We’re not just talking about terrorism here, although preventing the intentional interference with critical infrastructure is obviously a major concern, but we’re also looking at natural hazards.

Critical Infrastructure Dependencies

Critical Infrastructure Dependencies

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

We’ve seen from real life on multiple occasions what damages to our infrastructure can cause.  Our electrical infrastructure is perhaps the most fragile, but is also the one linked to every other sector – no wonder there is so much attention paid to preparedness and mitigation efforts to make this sector more resilient.  The above graphic shows, not accidentally, the electrical sector being in the middle of all others.

There has been further attention brought to the matter recently by the National Infrastructure Coordinating Center (NICC).  In this article by Homeland Security Today, it was announced that the National Infrastructure Coordinating Center will be hiring contractor support as a force multiplier in their monitoring activities.  Last week FEMA just released IS-913, their Independent Study course on Critical Infrastructure Protection: Achieving Results Through Partnership & Collaboration.  This course compliments other critical infrastructure protection-oriented training programs of FEMA’s.  FEMA Independent Study courses are free and open to all US citizens.  I would strongly encourage that you explore what they have to offer if you haven’t already.

Critical Infrastructure Protection (CIP) is an important topic spanning all of emergency management and homeland security.  Additional information on CIP can be found from the DHS CIP website and other sources.

The Emergency Manager as a Consultant

Tim Riecker, The Contrarian Emergency Manager 4 Comments

Lately I’ve gotten into watching these reality consulting shows like Bar Rescue and Restaurant: Impossible.  Both of these shows use a similar model, providing a prolific expert (Bar Rescue’s Jon Taffer and Restaurant: Impossible’s Robert Irvine) in their respective fields to aid a failing business.  These consultants are supported by a team of specialists and often a construction crew to remodel the business.  Sometimes it’s a just a few tweaks of the menu that’s needed, other times it’s a whole new way of thinking on the part of owners, management, and employees.  These are some of the best shows out there displaying conceptually some of the things consultants can do, albeit in a compressed and slightly dramatic mode.

Robert Irvine, the Consultant with Restaurant: Impossible

Robert Irvine, the Consultant with Restaurant: Impossible

That said, as many of my readers know, I work as an emergency management and homeland security consultant.  I’ve worked in the ranks of emergency management and public safety now for nearly 19 years.  Through this time, I’ve had the pleasure of working with a multitude of emergency management professionals at many levels; including counties and local jurisdictions and corporations.  These emergency managers, I’ve found, often play the part of a consultant.

While other department heads in county and local governments or corporations often make recommendations to CEOs (in this case Chief Elected Officials or Chief Executive Officers) these usually only impact their own department or have minimal impact on other parts of the organization.  Emergency managers make recommendations that often times impact the entire jurisdiction or organization – be they recommendations on mitigation, preparedness, recovery – and especially response.  Sometimes, unfortunately, the emergency manager doesn’t report to the CEO on a daily basis – which I think is a major mistake.  While others may be primarily concerned with saving their own operations in the event of disaster, the emergency manager’s goal is to preserve as much of the jurisdiction or organization as possible – with the priorities being life safety, incident stabilization, and property conservation.  These three tenants, preached mostly in Incident Command System courses, are applicable to both government and the private sector.  In both sectors, these priorities lead us logically to business continuity, ensuring that we minimize our losses and are able to continue operations.

As the profession of the emergency manager continues to evolve, including myriad training opportunities, education up to and including Ph.Ds., and professional certifications, the emergency manager is viewed more and more as a specialist and subject matter expert.  Emergency managers are expected to provide expert advice and guidance.  The emergency manager needs to stay current and up to date with the profession; not that the ‘science’ of emergency management changes much, but there are certainly new best practices, trends, and legal and regulatory requirements that need to be kept up on.  Whether an organization calls upon the emergency manager as an employee or brings in an actual consultant, this person is providing expert recommendations that impact the jurisdiction or organization as an enterprise system, not just a name or a spot on a map.  Just like in Bar Rescue or Restaurant: Impossible, the emergency manager may make recommendations that some people don’t like; but they called upon the emergency manager for their expertise.  The emergency manager is the consultant that can save your organization!

States Rushing to Limit the Use of Drones by Law Enforcement

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Tim RieckerInspired by this Washington Times article.  I must say I don’t understand why people are protesting the use of drones (aka unmanned aerial vehicles or UAVs) domestically.  Yes, they fly; and they have cameras with telephoto lenses.  Their use, however, from a law enforcement perspective is largely no different from that of helicopters or small fixed-wing aircraft – except at a much lower cost and no danger of physical harm to individuals, such as pilots or crew, which occur far too often – mostly with helicopters.  I think portions of the public have greatly overreacted to what they have seen of the military versions of these drones by way of mass media.  They certainly do have great capability in that theater, but use domestically is vastly different – especially being that they aren’t armed with hellfire missiles and the like.  Now with politicians weighing in, the over-reaction continues, and at a detriment to public safety.

I truly hope that a compromise can be found with people realizing that the use of drones, within all current standards of surveillance, warrants, etc., is not a threat to their privacy.  It is, in fact, a demonstration of smart government, leveraging technology to enhance capabilities at a lower cost and increased safety.  In aerial surveillance, drones can be used for nearly anything a helicopter or small fixed-wing aircraft could be used for; including rapid deployment after a shooting or robbery to look for a subject, or to find an Alzheimer’s patient gone missing.  These are noble and proper efforts that I hope won’t be impeded by knee jerk reactions based upon misinformation.

What are your thoughts?  Am I missing something here?

NY Times Allows Cyber Attacks for the Sake of Research

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Timothy RieckerJust read a very interesting article about the New York Times falling victim to cyber attacks from China – and allowing it!  As the article states, the Times took a gamble for a period of four months, allowing these hackers to repeatedly penetrate their servers and steal information.  This was a calculated decision by the NY Times, however, made with the assistance of a cyber security firm, and with the intentions of analyzing patterns to build better defenses.  Essentially, it seems, the cyber security firm used by the Times would deftly parry certain attacks by the hackers, allowing some blows through their defenses and letting a bit of blood.  Slowly, as the patterns of attack were recognized, the firm would tighten up their defenses until they shut down the attack completely.  A dangerous gamble, given the information the NY Times may have on its computers, but seemingly worthwhile.  An interesting bit of information from the article was that the hackers installed 45 pieces of custom malware over this period of time, with only one of them being recognized and stopped by their Symantec antivirus software.

I commend the NY Times for this effort, but certainly don’t recommend it!  It’s a heck of a gamble and a great deal of damage could have been done.

Planning in Perspective

Tim Riecker, The Contrarian Emergency Manager Leave a comment

planI just finished reading an article by Lucien Canton, CEM – who is a well-respected and often published emergency management professional.  He maintains a blog, which he posts to often, and provides great insight to various EM-related topics.  The article that struck my interest was ‘Paper Plans and Fantasy Documents’.  Canton poses the question as a subtitle to his article – ‘Are we over-thinking planning?’.  In all actuality, based on his article and my own experiences, no – in fact we’re under-thinking it by maintaining a cookie cutter approach across the entire nation.

Canton’s commentary is similar to the thoughts I had in an earlier post on the (mis)use of templates in emergency planning.  Standards are good to have in every industry, certainly in emergency management and homeland security.  There are folks who become true experts through a great deal of experience, research, and trial and error.  The best ones share their expertise with the rest of the world in the hopes that we can all benefit.  Eventually, these standards become embraced by ‘standard setters’ – those in government or regulatory bodies who can pass laws, regulations, or codes to compel others to adhere to these standards.  This is all absolutely necessary – but, as Canton mentions, these standards become the basis for how people plan.

Just like I often write in my training-related posts, it’s all about the audience.  Our planning priority must be to meet the needs of the jurisdiction/company/organization who will be using the plan.  The plan must have utility – i.e. it must be usable.  Just because a plan meets established standards, does not mean that it can be operationalized.  Obviously our plans must still meet standards, but that really is a secondary concern to usability.  I think we are missing the forest for the trees and need to seriously re-think how we plan.

Any ideas?

Safeguarding our Electrical Grid – Reblog

Tim Riecker, The Contrarian Emergency Manager Leave a comment

More thoughts on the vulnerabilities of our electrical grid.  Great post.

Andy (אברהם נפתלי) Blumenthal's avatarandyblumenthal

Image

Popular Science (28 January 2013) has an interesting article on “How To Save The Electrical Grid.”

Power use has skyrocketed with home appliances, TVs, and computers, causing a significant increase in demand and “pushing electricity through lines that were never intended to handle such high loads.”

Our electrical infrastructure is aging with transformers “now more than 40 years old on average and 70% of transmission lines are at least 25 years old” while at the same time over the last three decades average U.S. household power consumption has tripled!

The result is that the U.S. experiences over 100 mass outages a year to our electrical systems from storms, tornados, wildfires and other disasters.

According to the Congressional Research Service, “cost estimates from storm-related outages to the U.S. economy at between $20 billion and $55 billion annually.”

For example, in Hurricane Sandy 8 millions homes in 21 states lost power, and…

View original post 350 more words

Audience Analysis Worksheet

Tim Riecker, The Contrarian Emergency Manager 1 Comment

Go to this site to view the article posted about the audience analysis worksheet assembled by Andrew Dlugan with Six Minutes Speaking and Presentation Skills.  Andrew has a great website filled with plenty of tips on public speaking and presentations.  This worksheet is part of his recent Audience Analysis series.  This series and the worksheet are great reminders that in teaching and presenting we need to always be focused on our audience and their needs.  You should be able to run through this worksheet well in advance of the actual speaking engagement, and the data derived will help you to shape the format and content of your presentation and presentation style.

From Emergency Management Magazine – Catastropic Power Outages Post Significant Recovery Challenges

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Emergency Management Magazine posted a great article written by Adam Stone about catastrophic power outages.  The article lays out some interesting facts and prompts many thoughts on how our society would sustain with limited power.  Mr. Stone also mentions how vulnerable our grids are to both cyber attacks and squirrels!

Managing an Exercise Program – Part 7: Develop Exercise Documentation

Tim Riecker, The Contrarian Emergency Manager Leave a comment

This post is part of a 10-part series on Managing an Exercise Program. In this series I provide some of my own lessons learned in the program and project management aspects of managing, designing, conducting, and evaluating Homeland Security Exercise and Evaluation Program (HSEEP) exercises. Your feedback is appreciated!

Managing an Exercise Program – Part 1

Managing an Exercise Program – Part 2: Develop a Preparedness Strategy

Managing an Exercise Program – Part 3: Identify Program Resources and Funding

Managing an Exercise Program – Part 4: Conduct an Annual Training & Exercise Planning Workshop.

Managing an Exercise Program – Part 5: Securing Project Funding

Managing an Exercise Program – Part 6: Conducting Exercise Planning Conferences

Managing an Exercise Program – Part 7: Develop Exercise Documentation

Managing an Exercise Program – Part 8: Preparing Support, Personnel, & Logistical Requirements

Managing an Exercise Program – Part 9: Conducting an Exercise

Managing an Exercise Program – Part 10: Evaluation and Improvement Planning

 

First I’d like to say that this series of exercise articles has gotten a fair amount of traffic, which I’m quite grateful for.  I’m hopeful that my thoughts and ideas have been able to help those who are looking for experienced insight into emergency management and homeland security exercises.  Certainly if you have anything that you’d like to contribute or have any questions, please post a comment.

We can’t avoid paperwork – ever.  Documentation in exercises, just like in the incident command system (ICS), is a necessity.  Don’t see it as a burden, though, instead view these documents as outcomes of the planning and decision-making process of exercise design.  Just like an incident action plan (IAP) is the result of the planning process in ICS, the primary documents used in exercises (Exercise Plans, Control and Evaluation Plans, Exercise Evaluation Guides, Situation Manual, and Master Scenario Events List) are outcomes of the processes of exercise design.  The graphic below is from HSEEP Volume 2 and provides a quick reference of each document I just listed.  As you will see, each document meets a specific need and is intended for a specific audience.  I will outline some of my tips on each document (except the presentation) below.

Primary HSEEP Documents

Primary HSEEP Documents

Exercise Evaluation Guides (EEGs)  The National Exercise Program provides a variety of EEG templates on their website.  These are an excellent start for your exercise.  Remember that these can and should be customized for your exercise!  While we use capabilities-based exercise planning concepts, and the capabilities are standardized, both the capacity available to anyone in each capability and the means by which a capability is implemented is going to very broadly across the country.  Bottom line: we don’t all do things the same way and we may not be evaluating an entire capability as it’s commonly defined.  EEGs need to be focused on evaluating objectives within given capabilities.  This means that exercise objectives need to be very well-developed to ensure that we are 1) designing an exercise effectively, and 2) evaluating that exercise appropriately.  If we fail in any of these steps (objective development, exercise design, exercise evaluation) we are simply wasting our time.  If need be, draw in your subject matter experts (likely the folks who will be evaluating these areas of the exercise) and get their input on the development of the EEG.  Also consider what the purpose of the EEG is: it helps guide the evaluator in providing constructive commentary on each exercise objective, which will ultimately contribute toward the After Action Report (AAR).

Situation Manual (SitMan)  A SitMan, as stated in the chart above, is used only in discussion-based exercises and is available to all participants.  It should include all information participants need to know to effectively play their role in the exercise.   The most important aspect of this is context and background of the scenario.  Without a well-developed scenario, players have a difficult time getting their ‘head in the game’.  The SitMan will also outline the exercise structure and rules of play, which can vary widely between exercise types (i.e. seminar, workshop, or table top).  Having a good understanding of this information will help players to know what is expected of them.  Be sure to have this (and all) documents reviewed for readability – your focus should be on the audience!  Under most circumstances, the SitMan can be distributed to participants ahead of time.

Controller/Evaluator Plan/Handbook  This document is very audience-focused and as such should very clearly outline the expectations you have of the controllers and evaluators.  It should fully describe their positions, schedules, locations, and scope, as well as expectations.

Exercise Plan (ExPlan)  The ExPlan is often times the core document that everyone wants a copy of – and largely everyone should have access to.  Consider the ExPlan just like the IAP of an incident.  It fully describes what is taking place, where, when, how, and who is involved.  This document will be as complex as your exercise.  For exercises involving multiple venues, each venue should have its own sub-section in the ExPlan describing all the details of what is happening there.

Master Scenario Events List (MSEL)  The MSEL is the script of the exercise.  It should capture everything that is scheduled to occur – from StartEx to EndEx and everything in between.  The bulk of the document is injects, which should be written in detail and carefully reviewed and edited for content and accuracy.  Contingency or back-up injects should also be included but specially indicated as such.  Simulators should keep track of the actual time an inject was performed and what the response was, if any.  This data can be important for both in-exercise follow-up as well as post-exercise evaluation.

Other Documents  Don’t get stuck within the confines of what’s defined by HSEEP.  If you find that you need something else, create it and use it.  I’ve found on several exercises that a very detailed scenario, perhaps even including simulated situation reports and incident action plans is needed.  We’ve come to regard this document as a Ground Truth.  The information in a ground truth doesn’t necessarily need to go to everyone (thus not including it in the ExPlan), especially if the exercise will cover multiple operational periods/shift changes, as the ground truth information is largely only relevant to the starting players.

What tips or experiences do you have with exercise documents?  What other documents have you formulated to meet needs?

Thanks for reading, and be on the look out for Managing an Exercise Program – Part 8: Prepare Support Personnel and Logistical Requirements

 

 

 

 

 

Reblog – School Security

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Excellent guidance, not only for schools but for other facilities as well.

diamondsecurite's avatarDiamond Security

School EntranceAlthough the facts remain unclear as to how Adam Lanza, 20, was able to enter Sandy Hook Elementary School and kill 26 children and adults on Friday, news reports indicate he forced his way into the front entrance, possibly by shooting out or somehow breaking glass in the office’s door or window. It has also been reported that the front entrance was equipped with an intercom/camera system designed to screen visitors. Additionally, all of the other entrances/exits to the school were locked by the time Lanza entered the school.

What the official investigation will reveal remains to be seen. That said, considering the attack began at the school’s front door, it would behoove K-5 officials to review the security of their campuses’ entrances.

If anything good can come from Sandy Hook, it’s the knowledge that the security upgrades recently implemented at the school, as well as the heroic actions of…

View original post 595 more words