Tag Timothy Riecker

The POETE Analysis – Emergency Planning and Beyond

Tim Riecker, The Contrarian Emergency Manager 7 Comments

POETE stands for Planning, Organizing, Equipping, Training, and Exercising. These are the five elements that each jurisdiction should be examining their own capabilities by. By examining their capabilities through each of these elements, a jurisdiction can better define their strengths and areas for improvement.

The POETE analysis, often completed as part of a THIRA (Threat and Hazard Identification and Risk Assessment) is actually a component of the State Preparedness Report (SPR) (note that this was the definition of the acronym at the time of the original post. It is now Stakeholder Preparedness Report), which incorporates THIRA data into this annual submission. When properly conducted, a POETE analysis will examine a jurisdiction’s capability targets. These capability targets, through the THIRA process, are individually defined by each jurisdiction, based upon the capability definitions of each of the 31 Core Capabilities (Note: at the time of my original post there were 31 Core Capabilities. There are now 32). The Core Capabilities were identified in the National Preparedness Goal and are an evolution of the legacy Target Capabilities. Gone are the days when many jurisdictions struggled with the definitions of the Target Capabilities and trying to determine how they applied to jurisdictions large and small across the nation. The new Core Capabilities are divided amongst five mission areas – Prevention, Protection, Response, Recovery, and Mitigation. By referencing Core Capabilities in our preparedness efforts, we have a consistent definition of each area of practice.

When a jurisdiction’s stakeholders conduct a POETE analysis, each element is rated on a scale of 1 to 5 – a rating of 5 indicating that the jurisdiction has all the resources needed and has accomplished all activities necessary for that element within that capability area. Using the Core Capability of Fatality Management as an example the jurisdiction will identify a desired outcome and from that a capability target. CPG-201, the guidance published by DHS/FEMA for conducting a THIRA, outlines this process in detail and provides the following capability target for illustrative purposes:

“During the first 72 hours of an incident, conduct operations to recover 375 fatalities.”

The jurisdiction will examine their efforts and resources for each POETE element for this capability target. Below are thoughts on what could be considered for each element:

Planning: What is the state of their plans for mass fatality management? Do they have a plan? Is it up to date? Does it address best practices?

Organizing: Are all stakeholders on board with mass fatality preparedness efforts? Is there a member of the community yet to be engaged? Are lines of authority during a mass fatality incident clear?

Equipping: Does the jurisdiction have the equipment and supplies available to handle the needs of a mass fatality incident? Are MOUs and contracts in place?

Training: Do responders and stakeholders train regularly on the tasks associated with managing a mass fatality incident? Is training up to date? Is training conducted at the appropriate level?

Exercising: Have exercises been conducted recently to test the plans and familiarize stakeholders with plans and equipment? Has the jurisdiction conducted discussion-based and operations-based exercises? Have identified areas for improvement been addressed?

The jurisdiction’s responses to these questions and the subsequent ratings provided for each POETE element will help them identify areas for improvement which will contribute to the overall capability. From personal experience, I can tell you that the discussions that take place amongst stakeholders which reveal both the efforts applied for each element as well as the frustrations and barriers to progress for each are generally quite productive and great information sharing sessions. It is important to capture as many of the factual elements of this discussion as possible as they add context to the numerical value assigned. Having the right people participating in the effort is critical to ensuring that inputs are accurate and relevant.

Once the POETE analysis is completed, what’s next? As mentioned earlier, the POETE analysis is actually a required component of the annual State Preparedness Report, which must be submitted to FEMA/DHS by each state and territory. Ideally, the results of the POETE analysis should be translated from raw data (numbers) to a narrative, explaining the progress and accomplishments as well as future efforts and barriers; in other words, the ratings should be factually explained and these explanations should feed an actionable strategic plan. The priority rating inherent in the THIRA process will help establish relative priority for each Core Capability within the strategic plan. While this is a requirement for states and territories, a comprehensive strategic plan for any emergency management and homeland security program at any jurisdictional level is obviously beneficial and would reflect positively in an EMAP accreditation.

POETE elements should be incorporated into other emergency management activities as well. When needs are identified and defined based upon Core Capabilities, these should be outlined in the jurisdiction’s multi-year Training and Exercise Plan, which should serve as a guiding document for many preparedness activities. The focus that a POETE analysis provides for each Core Capability can help identify training objectives which can help maintain and improve capability

Consider integrating them into your evaluation of exercises. While the Homeland Security Exercise and Evaluation Program (HSEEP) doctrine makes no mention of POETE, much of HSEEP is based upon capabilities. With a POETE analysis being an integral component of measuring our progress toward a capability, I would suggest including it into exercise evaluations. POETE elements can be included in Exercise Evaluation Guides (EEGs) to capture evaluator observations and should be outlined in the After Action Report (AAR) itself for each observation – giving suggestions for improvements based upon each POETE element. Consider how you could incorporate the POETE elements into an AAR as an outline identifying areas for improvement for the EOC management activities of the Operational Coordination Core Capability. As an example:

Planning: The jurisdiction should update the EOC management plan to incorporate all critical processes. Job aids should be created to assist EOC staff in their duties.

Organizing: Lines of authority were not clear to exercise participants in the EOC. Tasks were assigned to agencies but status of tasks was not effectively monitored.

Equipping: There were not enough computers for participating agencies. EOC management software did not facilitate tracking of resources.

Training: EOC agency representatives were not all trained in the use of EOC management software, creating delays in action and missed assignments. The EOC Manager and Planning Section Chief were well versed in the Planning Process and used it well to facilitate the Planning Process.

Exercising: Isolated drills should be conducted to test notification systems on a regular basis. Discussion based exercises will assist in identifying policy issues associated with suspension of laws and their impact on EOC operations.

The POETE analysis is a process which can help us identify strengths and areas for improvement within our emergency management and homeland security programs. While the POETE analysis can be time consuming, the information gathered for each Core Capability is valuable to any preparedness effort. With such a variety of federally-driven programs and requirements extended throughout emergency management and homeland security, we can find the greatest benefit from those which have the ability to cross multiple program areas – such as the Core Capabilities – allowing us to consolidate the evaluation of these programs into one system, providing maximum benefit and minimizing efforts.

Have you conducted a POETE analysis for your jurisdiction?  Did you find it a worthwhile process?

Looking for help with a POETE analysis?  Emergency Preparedness Solutions, LLC can help!  www.epsllc.biz 

© 2014 Timothy Riecker

Business Continuity Training in the Mohawk Valley

Tim Riecker, The Contrarian Emergency Manager Leave a comment

I’m very pleased to be working with the Mohawk Valley Small Business Development Center (SBDC) in Utica, NY to present a seminar for small business owners and others who may be interested in how to prepare their businesses for disaster.  I’ll be providing information and resources on the steps you should take to prepare your business and your employees.  The seminar will be held on Thursday July 10 at the SBDC offices at SUNY IT from 9:00 – 10:30 am.  To register please call 315-792-7547 or email palazzp@sunyit.edu.  The workshop fee is $15.

There will also be a presentation on July 17 on Cyber Security conducted by Mr. James Carroll of Security Management Partners.  Registration and fee information is the same.

I hope to see you there!

MV Business Continuity Flyer

MV Business Continuity Flyer

Are You Inviting the Right People to Your Exercises?

Tim Riecker, The Contrarian Emergency Manager Leave a comment

A couple of days ago I started reading Rumsfeld’s Rules – Leadership Lessons in Business, Politics, War, and Life.  Hopefully you have some familiarity with Donald Rumsfeld – the man was a naval aviator, US Congressman, aide to four US presidents, corporate CEO, and is the only person to ever serve as Secretary of Defense twice.  Politics aside, Mr. Rumsfeld has had quite a prolific career.  Throughout this career he has assembled a variety of mantra, proverbs, and sayings which he has used to help guide his career and serve as advice to others.

Early in the book, Mr. Rumsfeld talks about meetings.  What he mentions struck me as solid guidance not only for meetings but also for exercises.  He says “There is a balance that needs to be struck in determining who to invite to a meeting.  You want those who need to be there to contribute substance to the discussion.  But it can be useful to have people who may not be in a position to directly offer substantive input but will benefit from hearing how and why certain decision are being reached.”  Very often exercise offer great opportunity for people to learn – not only the participants but ‘shadowers’ as well.

Mr. Rumsfeld continues on to say “Including a range of people can also ensure that a variety of perspectives will be considered and help identify gaps in information and views.”  Consider that we build, conduct, and evaluate exercises primarily to test plans, polices, and procedures.  This testing is best performed by a spectrum of individuals giving different ideas and perspectives.  Someone may interpret a policy in a completely different way or have an approach to a problem that hasn’t been considered prior.  These fresh ideas, even if flawed, should be brought out into the open for discussion and consideration.

If you’ve followed this blog for any amount of time, you probably know that I prefer smaller meetings and have stressed that participants in exercises should be of a manageable number.  As Mr. Rumsfeld says, there is a balance that must be struck.  You want to be inclusive, but large numbers lend themselves to over-discussion and tangents.  For meetings do you expect the person to add value?  Should they be there given their area of responsibility?  Similarly in exercises is the individual associated with the objectives of the exercise?  (Recall that in exercises we should always reflect on the objectives throughout the entire design process).  When we add more participants to an exercise we need to ensure that they have something to participate in, so injects must be written for them and their activities must be evaluated.

A few years back my team was designing a table top exercise as a lead-in to a significant full-scale exercise.  We did not want to start the full-scale with the initial response, as so many often times are, as the objectives of that exercise were to test the extended response and to examine issues beyond the initial response.  That said, we felt it not fair for us to design such a large exercise by dictating what the first responders would do in the first 48 hours, rather we wanted them to tell us themselves.  So we designed a table top exercise to provide us with their actions both ‘boots on the ground’ as well as policy-level including emergency declarations, evacuation areas, and mutual aid requests.  We were quite fortunate that the design process for the exercise as a whole was very well received and many agencies wanted to participate – from federal, state, county, and local jurisdictions.  The exercise was centered on the state capital, which tends to garner even more attention and participation and included a scenario that most agencies have not participated in prior.  Needless to say, we had a lot of interest.  Nearly every agency invited to the table top wanted to bring not one or two additional people but often times three or four.  We discussed this matter with a few of the key agencies, asking of these were needed participants or observers.  The answer we got was that they were both.  Because of the technical nature of the incident, many agencies realized they needed their main spokesperson supported by one or more technical experts.  We realized this was a fair and reasonable request, but we still needed to figure out how to accommodate them all!

We decided to permit each representative to have a ‘second chair’ – someone seated directly behind them who could advise on technical matters.  Additional specialists were available to them in an adjacent room, which had the discussion live broadcast to them via closed circuit television.  Specialists could be ‘swapped out’ at any time based on the needs of the discussion.  This solution worked well for the exercise, keeping the number of direct participants manageable and meeting the needs of participants to have their specialists available to advise on technical matters – which truly helped inform their decisions and ultimately the outcome of the exercise.

Sometimes, though, you have to say ‘no’.  Realize that as an exercise designer you MUST set a firm deadline on additional participants.  Participants that are added late can set your design team back significantly by needing to ensure that they are written into the exercise and have sufficient activity to make their participation worth while for both them as well as the exercise as a whole – which can be particularly challenging if they are from a different jurisdiction or discipline altogether.  I’ve had to turn down several interested parties and while it’s often difficult to say no, it’s often for the better – and your design team will respect you for it.

What thoughts do you have on ‘right sizing’ your meetings and exercises?  Is there certain guidance that you use?

©2014 Timothy Riecker

Business Continuity – More than just a plan

Tim Riecker, The Contrarian Emergency Manager Leave a comment
Don't throw away all of your effort to build your business - Be prepared! (image courtesy of FEMA)

Don’t throw away all of your effort to build your business – Be prepared! (image courtesy of FEMA)

Every year businesses are forced to close due to the impacts of disaster.  Research from the National Federation of Independent Business (NFIB) tells us that the top four threats to business suffering the impact of disaster are:

  1. Power Loss
  2. Loss of Sales and Customers
  3. Length of Recovery
  4. Uninsured Loss

How can businesses protect themselves against these impacts?  Planning for them is, of course, the easy answer.  Just like governments, though, wouldn’t it make the most sense for a business to have an emergency preparedness program in place?

Consider that small business owners invest a great deal of time, energy, and funding to build and grow their business.  As an independent consultant I can be working on a variety of things on any given day including project management, marketing, and accounting.  Small business owners that deal with products (vs services) often times have even more to deal with including inventory, vendors, and distributors.  The foundation of these entrepreneurial efforts is often times the business plan.  Aspiring business owners put a lot of effort into creating this plan which describes what the business will do, what the market capacity is, what the competition looks like, and even trying to forecast revenues for several years.  A successful business may continue elements of this business plan years later through a strategic plan intended to guide growth and company-wide efforts.  Doesn’t it make sense that if we put so much effort into building and growing our businesses that we put some effort into ensuring that our businesses will survive a disaster?

As a society we generally like plans.  They are an organized tome capturing our assumptions, ideas, and strategies to accomplish something.  Plans are good and certainly help us through a great deal.  A disaster plan, though, is not a disaster program.  The plan may embody our program, helping to guide and inform our decisions in the event of a disaster, but our preparedness efforts must stretch beyond a plan if we are to be successful.  Consider DHS’ POETE capability elements – Planning, Training, Organizing, Equipping, Training, and Exercising.  With these elements in your head scroll back up to those top four threats from the NFIB and give them a moment of thought.  You probably now have some additional ideas as to how you can address and prevent each of those with activity which may go beyond planning.

This recent article from Small Business Trends (which provided my initial inspiration for this blog post) provides a good outline of initial considerations for every business relative to disaster preparedness.

What does your business do to be better prepared?

Shameless plug time: Need help building your business continuity program?  Emergency Preparedness Solutions can help!  Contact us at consultants@epsllc.biz or check out our website at www.epsllc.biz.

© 2014 Timothy Riecker

 

Hackers Endanger Public Safety With Pranks

Tim Riecker, The Contrarian Emergency Manager 2 Comments
VMS Vulnerabilities Can Have Serious Consequences (Image from Slate.com)

VMS Vulnerabilities Can Have Serious Consequences (Image from Slate.com)

Over the past few years we’ve seen some prominent occurrences of hackers gaining access to public safety systems where they make changes which, while a bit humorous at first blush, are serious examples of the vulnerability of our systems.

This article describes a vulnerability in variable message signs (VMS), which can be programmed remotely to notify drivers of hazards or give other pertinent information.  In another occurrence, in February of 2013, hackers gained access to the Emergency Alert System, broadcasting messages about a zombie attack.

The favor these pranks do for us is to identify vulnerabilities in our systems.  Both articles mention that some vulnerabilities were exploited simply because the default passwords on these systems were never changed.  Agencies that maintain any kind of public messaging system (and yes, this should also include websites and social media accounts), should adhere to the guidance we all normally hear about passwords – create strong passwords including combinations of numbers, letters, and symbols (when possible), avoid patterns or predictable passwords, and change passwords regularly.  As a matter of information security, these passwords should only be known by a select few.

Why are these occurrences serious?  Obviously (to most of us) they are taken in jest, but these are public safety systems which should only be accessed by public safety professionals.  The information and instructions provided over these systems need to come from reliable sources to ensure that the public takes the messages seriously and follows the instructions given.  We should be thankful these instances were pranks, as someone with malicious intent could have provided information which could have endangered the public.

All levels of government and any other organizations which maintain public alerting systems, including colleges and universities and even highway construction firms need to make a thorough examination of their systems, identify potential vulnerabilities, and take steps to ensure they are protected.

What other systems offer vulnerabilities to hacking?

 

© 2014 Timothy Riecker

 

 

Engaging a Nation in Preparedness – Learning from History

Tim Riecker, The Contrarian Emergency Manager Leave a comment

June 14, 1954 saw the first nation-wide civil defense drill conducted in the United States.  The Civil Defense Administration organized and promoted the event, which included operations in 54 cities around the country, including Puerto Rico, the US Virgin Islands, Alaska, and Hawaii.  Canada had also participated in the event.  The History Channel website has a nice write-up on the event.  The History Channel’s article explains some of the activities conducted during the event, which largely consisted of sheltering drills.

Today we do see some nation-wide exercises which engage citizens through the Shake Out earthquake drills.  Their website has a great deal of information on the program, including how you can participate.  The statistics on their site are great, showing not only the US regional exercises but also Shake Out exercises conducted in nations around the world (something I was not familiar with until visiting their site this morning).  The earthquake hazard in the US and around the globe is significant – in fact we just saw two large earthquakes late yesterday – a 7.9 near Alaska and a 7.2 near New Zealand.  While the core activity of the Shake Out exercises is the ‘Drop, Cover, and Hold on’ (similar to the ‘duck and cover’ of the civil defense days), their website also promotes preparedness activities including a ‘hazard hunt’ for items which may fall during an earthquake, a family disaster plan, business and organizational continuity planning, and emergency supply kits.  This is the type of preparedness activity we need to continue, but we also need to do more.  Unfortunately the message still isn’t getting through to many people.

How do you think we should get the message out?

 

© 2014 Timothy Riecker

 

 

Kansas City Changing the Paradigm In Shooter Responses

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Despite some discussions going back to late last year about changing they way we respond to mass shootings, I’ve not heard of any major municipalities actually make these changes – until now.  Responders in Kansas City, MO (KCM) have exercised their new plan regarding early insertion of EMS personnel into an active shooter scenario.  The exercise appears to be very early stage, using it as a learning experience from which to further develop plans.  (another great use of exercises!)

I commented on the discussed changes back in January and I still have the same concerns today that I did then.  I had posted some discussion threads similar to my blog post onto LinkedIn discussion boards which prompted some very spirited discussion.  Most people agreed that getting EMS into an active shooter area early can save lives, but it needs to be done the right way.  KCM seems to be going in the right direction by developing plans and protocols jointly with law enforcement and working out the kinks and questions via drills and other exercises.  Carrying the preparedness cycle further, I’m sure they will work toward training and equipping EMTs appropriately for such a situation.  Constant practice of these protocols by all parties will be very important.  Responder safety needs to be the utmost concern.  While there have been incidents to the contrary, we as responders and we as a society are not used to EMTs and firefighters being shot at, much less killed in action by an aggressor.  Certainly the first EMT fatality in an incident such with an early insertion protocol will result in the protocol being aggressively questioned – as it should.  I just hope that those doing the questioning keep the appropriate context.

Just as there is no easy answer on how to stop mass shootings, there are no easy answers on how best to respond to them.  I’m hoping KCM is willing to share their worked out plan and protocols with the responder community so we can learn from them.  Such sharing will be very important to the evolution of responses to these types of incidents.

© 2014 Timothy Riecker

Hazard Analysis – Looking Beyond Your Borders

Tim Riecker, The Contrarian Emergency Manager Leave a comment

In the radiological emergency preparedness niche field of emergency management we conduct a lot of preparedness activities for a hazard which may not even be within our jurisdiction.  The emergency planning zone (EPZ) for a nuclear power plant often times transcends multiple towns, cities, villages, counties, and even state lines.  While I have some issues with the effectiveness and implementation of radiological emergency planning, they at least address the reality of the hazard crossing the artificial borders we humans have established.  For other hazards, this premise usually does not hold true.

In January of this year a chemical leaked from a storage tank at a coal processing facility in Charleston, West Virginia.  This chemical leaked into the Elk River and both directly and indirectly impacted hundreds of thousands of citizens, businesses, and governments requiring evacuations and preventing water use for several weeks. The DHS Lessons Learned Information Sharing (LLIS) website has posted a brief by The Joint Commission on this incident with specific citations on the impacts to area hospitals, mostly through contracted laundry services.

In the private sector, we often encourages businesses to examine the vulnerabilities of suppliers and distributors as part of their hazard vulnerability analysis (HVA) and business impact assessment (BIA).  This is not something often considered by governments.  For example, in my town, there is only one very small gas station, so due their limited hours (fuel is not available 24/7) government services and the town’s contracted fire company must leave the town for fuel.  That is a significant dependency on a supplier outside the jurisdiction.  I’ve sure there are many other suppliers used by the town which lie outside their borders.  Additionally, what are the potential impacts of an incident that occurs in a neighboring jurisdiction?  Such an incident could either directly impact you, such as a chemical plume entering your jurisdiction; or would require your jurisdiction to address sheltering, traffic, or mutual aid needs.

I would suggest, as part of the hazard analysis phase of your planning process, that you obtain copies of the hazard analysis of neighboring jurisdictions.  The hazards they indicate may be quite eye-opening to you and may require you to better prepare for a hazard beyond your borders.

©2014 Timothy Riecker

FEMA National Preparedness System Updates

Tim Riecker, The Contrarian Emergency Manager Leave a comment

This afternoon EMForum.org hosted Donald ‘Doc’ Lumpkins, the Director of the National Integration Center from the National Preparedness Directorate. Doc had some great information on their current and near future activities regarding updates to the National Incident Management System (NIMS) and new Comprehensive Preparedness Guides (CPGs) expected to be released this year.  This is great news as we are always seeking additional national guidance and revisions which help us to maintain standards of practice.

Regarding NIMS, the guiding document has not been revised since 2008.  Doc specifically mentioned updates to NIMS to include:

  • the National Preparedness Goal and the National Preparedness System
  • Expanding NIMS across all five mission areas (Prevention, Protection, Mitigation, Response, and Recovery)
  • Encouraging whole community engagement and understanding
  • Continued emphasis that NIMS is more than just the Incident Command System (ICS)
  • Integrating incident support structures (such as EOCs – more on EOCs later)
  • Integrating situational awareness content
  • Incorporating lessons learned from exercises and real world events (Doc mentioned his office’s activity of culling through LLIS.gov to gain much of this information)
  • Including stakeholder feedback in the revision efforts
  • NIMS update activities will be conducted through the summer with an expected release of a new document this fall

As a significant component of the NIMS update, there will also be continued efforts to update the resource typing list.  Priority will be given to resources which are often requested.

The next topic of discussion was the Comprehensive Preparedness Guides (CPGs).  I was very excited to see a list of likely and potential CPGs either currently under development or expected to be developed soon.  These included:

  • Updating CPG 101
  • A CPG for Strategic Planning (This should shape out to be excellent guidance and essentially serves as a ‘catch all’ for many of the strategic planning tasks we do in emergency management)
  • Incident Action Planning (Doc said this will not be anything new or a replacement of best practices such as the Planning P.  Rather this document will serve to capture these best practices and ensure currency and critical linkages)
  • Planning for mass casualty incidents
  • Social media (a critical aspect of emergency management that is still changing regularly, and I don’t yet feel that we have a firm grasp on it and how to best use it.)
  • Access/Re-Entry to disaster sites
  • Improvised Explosive Devices (crafting hazard-specific annexes)
  • EOC guidelines (I’m hoping this document, while outlining best practices, provides flexibility for different management models of EOCs)
  • Search and rescue management

I’ve come to greatly appreciate that the National Preparedness System is a blanket thrown over the five mission areas, recognizing that each mission area (again – Prevention, Protection, Mitigation, Response, and Recovery) must be prepared for at every level of government to achieve the greatest measure of effectiveness.  There are many critical linkages within preparedness that are found within each or at least most mission areas and the continued efforts of the National Preparedness Directorate seem to be going in a good direction and incorporating the right people and information in their efforts.  Within this frame of thought, Doc mentioned that all of these efforts will utilize subject matter experts from across the country, with many drafts having public comment periods.  Be on the look out for these (I’ll post them as I see them) and be sure to review and comment on them.

As a final note, this was the last broadcast for EMForum.  After 17 years they are shutting down their program.  There has been no mention as to why they are shutting down.  While I’ve not attended every webinar, I do catch a few each year when the topic and/or speaker interest me.  The loss of EMForum is a loss to emergency management and the spirit of sharing information we have.  Through EMForum, there have been many great webinars, such as this one, where new programs and best practices are shared.  I’m hopeful the function that EMForum has served in facilitating this soon replaced so we can continue to stay up to date on what is transpiring.

©2014 Timothy Riecker