Thursday, December 20, 2007

Chemical & Biological Preparedness from DOD

Just a couple of notes on the DoD's new Joint Service Chemical and Biological Defense Program FY 08-09 Overview. For the most part, this is a broad review of the CBDP's aims for R&D and acquisition of new tools for detection, shielding, etc.

But there are a couple of items in the doc that may be of interest to local first responders. It's interesting that the military has set up a parallel system for detection of biological and chemical agents. If I were a local leader or first responder in a community near a military base, I might want to investigate an opportunity for sharing information:

In response to the events of September 11, 2001, an antiterrorism task force was formed to come up with emergency lists for equipment for the Installation Protection Program (IPP), Army Emergency First Responder Program, and Homeland Security Biological Detection initiative.

The task force decisions resulted in PBD 289, which required a pilot program to outfit nine installations—three each for the Army, the Air Force, and the Navy/Marine Corps. The PBD stated that biological and chemical detection only is required. ...

The Joint Service Installation Pilot Program (JSIPP) demonstrated the efficacy of an integrated suite of highly effective chemical and biological sensors and support equipment installed at the previously identified installations. The suite provided tiered sampling/collection, detection, identification, and warning response capabilities. It was designed to provide early indoor/outdoor collection, detection, presumptive identification, and warning capabilities and proved the need to expand this concept.

The JPMG IPP consists of a highly effective and integrated CBR installation protection and response capability, including detection, identification, warning, information management, individual and collective protection, restoration, and medical surveillance, protection, and response. The communications network will leverage existing capabilities and be integrated into the base operational command and control infrastructure. JPMG will procure and field an effective and optimized CBR installation protection and response capability at 135 DOD installations FY06–12.
In the case of a biological or chemical event, a military Weapons of Mass Destruction - Civil Support Team (WMD-CST) will be part of the response. Advance collaboration between local officials and these teams will improve any response. The military units can bring specialized equipment and training, but it is vital to ensure communications between civilian and military units:
Weapons of Mass Destruction—Civil Support Teams (WMD-CST) ... will allow selected National Guard and Reserve Component units to respond to and contain the effects of CBRN incidents within the continental United States.

The program also funds the design, enhancement, testing, fielding, and sustainment of the Analytical Laboratory System (ALS) Increment 1 and the Unified Command Suite (UCS) Increment 1 for the WMD-CSTs. The ALS Increment 1 provides advanced technologies with enhanced sensitivity and selectivity in the detection and identification of CWAs, BWAs, TICs, and TIMs. The UCS provides communication interoperability with federal, state, and local emergency responders at a WMD incident.

Wednesday, December 19, 2007

Reducing State and Local Access to Information on Chemical Hazards

The GAO released a report on the EPA's decision to change the standards for reporting hazardous chemicals. Previously, businesses that manufactured, used, or processed any one of 581 toxic chemicals had to report to the EPA any amount of chemicals that were released into the air, water, or soil. The list of companies and chemicals was compiled each year into the Toxics Release Inventory (TRI), which can be found on EPA's website, here.

If a company had only a small amount of such chemicals, they did not have to make a report, but filed a separate form that testified that they did not need to provide such information. But in 2006, EPA changed the requirements. Companies could have released four times the amount of toxic chemicals and still be exempt from the reporting requirements. The goal was to reduce EPA's regulatory burden.

The problem? As GAO reported, state and local governments use that information:

States use TRI data, among other things, to design pollution prevention initiatives, to calculate fees on emitting facilities, and to assist in emergency preparedness.

Individual citizens and local advocacy organizations also use TRI data to learn about the type and quantity of toxic chemicals used and released in their communities.
Specifically, 20 states use TRI data to identify the location of chemical hazards, 14 states use TRI data to evaluate facilities' emergency preparedness plans, 31 states compare state TRI data with other databases, and 14 states integrated TRI data with a geographic information system (GIS) or other state mapping capabilities.

The date lost due to the new rules is not insignificant:
EPA’s estimate of the impact in terms of national-level aggregate pounds masks the impact on important toxic chemical information available to many individual communities and states. We analyzed the impact of EPA’s new Form A thresholds at the local level and found they would allow more than 3,500 facilities currently submitting Form R to submit Form A instead. As a result, detailed information about toxic chemical releases and waste management practices from more than 22,000 of the nearly 79,000 Form Rs could no longer be available to communities throughout the country.

We estimated that as many as 3,565 facilities would no longer have to report any specific quantitative information about their chemical releases and other waste management practices to the TRI.
Unless the reporting rules change, state and local preparedness professionals are going to have to
devise new ways to get this information - as today's news from Jacksonville reminds us:

Blast at Fla. Chemical Plant Hurts 13

Monday, December 10, 2007

Preventing Radicalization: What's Important?

The Danish Institute for International Studies (DIIS) has posted the proceedings of an August seminar on the radicalization process. The focus was on radicalization by Islamist groups, though some of the findings could certainly be applied to other radical groups.

As I've written - or perhaps it's "harped on" - before, understanding the radicalization process is extremely important for anyone who's interested in preventing terrorism on the local level. Recognizing a threat that's still emerging - and intervening at an early stage - can be far more effective and productive than trying to play defense against an array of more mature threats.

Unfortunately, much of the DIIS discussion focused on the question of "Who is likely to become a radical?" which I think is not the most critical question. For example, DIIS concluded that key factors in the radicalization process are:

The perception of personal marginalization combined with the perception of Western double standards in foreign policy appears to play a crucial role.

Additionally, individuals often join radical groups for political or religious reasons and in a search for empowerment but also in search for friendship and a sense of social belonging.
That's all very nice. If you wish, you can go about looking for marginalized young people who feel that the world is against them and are searching for "friendship and a sense of social belonging," along with a sense of purpose and meaning for their lives. But given that you've just described teen angst itself, you'll end up with a list so long as to be useless.

More important, from the perspective of prevention, is "During the radicalization process, what techniques and activities leave detectable traces?"

Unlike operational terrorists, for whom avoiding detection is a high priority, recruiters have to stick their heads above the ground and find the young people DIIS describes. Studying the recruiting process and recognizing its techniques will result in a more focused investigation.

There were, however, a few highlights worth noting. Kamran Bokhari from Strategic Forecasting (Stratfor) - a former member of Hizb ut-Tahrir - pointed out one of the significant vulnerabilities of radical groups:
The radical groups ... are often characterized by a “revolving door” phenomenon. Very few of the individuals who join the groups stay there in the long run. This was the case for Kamran Bokhari himself.
Another worthwhile point was made by Marco Zannoni of the Dutch Institute for Safety, Security and Crisis Management, who argued that the de-radicalization process needs to be systemic and holistic:
Multiple tasks are to be handled in a de-radicalization process. A key point is to acknowledge that different authorities should undertake different tasks in any de-radicalization process at different points in the process. Any intervention involves multiple sets of tasks such as preparing, preventing, spotting, gathering information, monitoring, interpreting and responding to radicalized individuals.

For example the roles of a teacher or a social worker are quite different from the roles of the Police and those roles are crucial at different points in time. Any intervention should be targeted at an individual who might be radicalizing, but additional interventions are needed. Those have to be targeted towards the individual’s context/situation. Possible leads for radicalization, but also for intervention, can be found in the radicalizing/radicalized individual’s immediate surroundings: at school, at work or when they perform acts such as writing messages on the internet.
I was also curious about this nugget, found in the Recommendations section:
It is recommended to find inspiration in the confetti-approach/the New Dutch model, which consists of supporting many micro-projects.
I need to find out more about the "confetti approach." It sounds like a model for innovating new approaches and finding out what works.

Overall, the seminar's findings and recommendations are difficult to argue with. Who'd take issue, for instance, with the idea that:
There is a need to look into how trust can be created between authorities and relevant communities in order to make effective counter-measures...
At a strategic level, these sorts of discussions are worthwhile. On a more tactical level, you've got to ensure that your actions are focused on the right things. It helps to start with the right question.

Friday, December 07, 2007

Fusion Centers: Status and Challenges

Just a relatively brief note on the new GAO report, which discusses the development of state fusion centers, along with the challenges they're facing.

First, a note on the current status of fusion centers:

Officials in 43 of the 58 fusion centers we contacted described their centers as operational as of September 2007. Specifically, officials in 35 states, the District of Columbia, and 7 local jurisdictions we contacted described their fusion center as operational, officials in 14 states and 1 local jurisdiction considered their centers to be in the planning or early stages of development, and 1 state (Idaho) did not have or plan to have a fusion center. In 6 states we contacted, there was more than one fusion center established.
The "all-hazards" focus has been maintained:
[O]fficials in 41 of the 43 operational centers we contacted said that their centers’ scopes of operations were broader than solely focusing on counterterrorism. For example, officials in 22 of the 43 operational centers described their centers’ scopes of operations as all crimes or all crimes and counterterrorism, and officials in 19 operational centers said that their scopes of operations included all hazards.
And it is particularly encouraging to hear that they're exploring the link between terrorism and precursor crimes:
Officials provided two primary explanations for why their fusion centers have adopted a broader focus than counterterrorism. The first explanation was because of the nexus, or link, of many crimes to terrorist-related activity. For example, officials at one fusion center said that they have an all-crimes focus because terrorism can be funded through a number of criminal acts, such as drugs, while another said that collecting information on all crimes often leads to terrorist or threat information because typically if there is terrorist-related activity there are other crimes involved as well.
As the CRS recently noted, it's important for fusion centers - which, it's important to remember, are always state or local entities - to have a close relationship with federal agencies. Without collocation and collaboration, the working relationship suffers. Fortunately, this collocation is proceeding:
Nearly all of the operational fusion centers GAO contacted had federal personnel assigned to them. For example, DHS has assigned personnel to 17, and the FBI has assigned personnel to about three quarters of the operational centers GAO contacted.

[T]he centers varied in their staff sizes and partnerships with other agencies. At least 34 of the 43 operational fusion centers we contacted had federal personnel assigned to them. For example, officials in 17 of the operational centers we contacted reported that they had DHS intelligence officers, and officials in about three quarters of the operational centers told us that they had FBI special agents or intelligence analysts assigned to their centers.
The FBI's engagement is particularly robust:
While the FBI’s role in and support of individual fusion centers varies depending on the interaction between the particular center and the FBI field office, FBI efforts to support centers include assigning FBI special agents and intelligence analysts to fusion centers, providing office space or rent for fusion center facilities, providing security clearances, conducting security certification of facilities, and providing direct or facilitated access to the FBI.

FBI personnel assigned to fusion centers are to provide an effective two-way flow of information between the fusion center and the FBI; participate as an investigative or analytical partner uncovering, understanding, reporting, and responding to threats; and ensure the timely flow of information between the fusion center and the local JTTF and FIG.
Still, there are challenges, including managing the many information systems that feed into fusion centers and the ability (or not) to get security clearances:
[F]usion center officials cited challenges accessing and managing multiple information systems. For example, officials at 31 of the 58 centers we contacted reported challenges obtaining access to federal information systems or networks.

[O]btaining and using security clearances represented a challenge for 44 of the 58 fusion centers we contacted.
More signficantly, there is apprehension on the part of state fusion center directors that the federal government has not made clear its long-term commitment for fusion centers - and that the result would be that eventually fusion centers will become, essentially, an unfunded mandate:
The federal government, through the ISE, has stated that it expects to rely on a nationwide network of fusion centers as the cornerstone of information sharing with state and local governments, but ISE plans or guidance to date do not articulate the long-term role the federal government expects to play in sustaining these centers, especially in relation to the role of their state or local jurisdictions. It is critical for center management to know whether to expect continued federal resources—such as grant funds, facility support, personnel, and information systems—over the long term.
This concern is magnified because a clear commitment to long-term sustainability has not come from the National Fusion Center Coordination Group:
[T]he PM-ISE has established a National Fusion Center Coordination Group (NFCCG), led by DHS and DOJ, to identify federal resources to support the development of a national, integrated network of fusion centers. ... However, to date, the efforts of the NFCCG have not included delineating whether such assistance is for the short-term establishment or long-term sustainability of fusion centers.
It's worth recalling that in the National Strategy for Information Sharing, the federal government pledged to assign personnel to fusion centers "where practical" and to integrate and collocate resources "to the extent practicable. It's this kind of tepid support that makes state and local officials jittery.

It certainly doesn't appear that fusion centers are in any short-term danger. There are too many resources being poured into them, and they're too central to our national strategies. But it's clear that the effort to establish and maintain them could be more coordinated and collaborative. The anxiety of state and local fusion center officials about the federal government's level of commitment is a clear sign that inter-governmental relationships are not yet built on trust.

Monday, November 19, 2007

More on HSPD 21

Over at In Case of Emergency, Jimmy Jazz has completed his review of HSPD 21: Public Health and Medical Preparedness. His series is worth reading, but here's the 30-second version:

  • On Biosurveillance, the plan is long on promises but short on deliverables.
  • On Countermeasure Distribution, the plan is waaay too optimistic that the local, state, tribal, and federal plans can get coordinated in the timeframe allotted. (That's assuming they can get coordinated at all.)
  • On Mass Casualty Care, the plan is great but not doable within the deadlines.
  • On Community Resilience, the plan is much too vague, offering little more than some additional training and bland platitudes.
  • On Everything Else, the deadlines are ridiculous.
Sometimes I think that Community Resilience is the most important, even though it may be the toughest to pull off. Americans have succeeded largely because we've been resilient, always pushing ahead in spite of hardship. Someday we will have to deal with a major catastrophe even larger than 9/11 or Katrina. I wonder if we'll be resilient once again, or if fragility will ruin us.

Terrorist Exploitation of Criminal Infrastructure

Douglas Farah reminds us of the nexus between criminal and terrorist activity, writing about this criminal case, in which "A Palestinian national and a former detective with the Colombian Department of Administrative Security (DAS) have pleaded guilty to charges of conspiring to provide material support to a foreign terrorist organization and alien smuggling."

Farah writes:

What is interesting in the case is that criminal groups are willing to knowingly transport terrorist to the United States, and not simply using the “coyote” route through Central America and Mexico.

Rather, the criminal groups offered false passports from Spain with all the supporting documents, to those posing as terrorists seeking safe passage to the United States.

This highlights numerous points of overlap between criminal and terrorist groups that are necessary. Access to secure entry and exit points of a country, the need for legal travel documents and the supporting paperwork, the need for safe travel.
Terrorism can be thought of as a specialized form of organized crime. Unlike more common crimes, terrorism requires an infrastructure. The organization has to train its people; test its plans; move money, people, weapons or other dangerous agents; gain access to the target; etc. Generally speaking, the more dangerous and deadly the terrorist threat, the greater infrastructure that's required.

Partnerships with existing criminal networks can be an efficient way for terrorists to meet their needs by accessing existing infrastructure. However, this is both an asset and a potential liability for both partners.

When terrorists "outsource" some of their needs to criminal organizations, they can become exposed through this alliance, and vice versa. It is another form of vulnerability.

Thursday, November 15, 2007

The FBI Reviews Terrorism: 2002-2005

This is a quick review of the FBI's new Terrorism 2002-2005, which reviews domestic acts of terrorism during this four-year period. It discusses only acts of terrorism that either took place or were intended to take place in the U.S. or its territories.

Interestingly, the FBI defines not just "terrorism," but also "terrorism prevention":

A terrorism prevention is a documented instance in which a violent act by a known or suspected terrorist group or individual with the means and a proven propensity for violence is successfully interdicted through investigative activity.
It's that last phrase that's key. You don't "prevent terrorism" by getting lucky. If the bomber reaches his target and it fizzles, you haven't prevented anything. (See the July 21, 2005 London bombers.)

The good news in this report is the relatively limited damage caused by the terrorist attacks that have occurred. And even most of those that have been prevented would have had limited, localized impacts (e.g., bombing a building). Also, most successful terrorism in the U.S. has not targeted people, but facilities or other objects:
In keeping with a longstanding trend, domestic extremists carried out the majority of terrorist incidents during this period. Twenty three of the 24 recorded terrorist incidents were perpetrated by domestic terrorists.

With the exception of a white supremacist’s firebombing of a synagogue in Oklahoma City, Oklahoma, all of the domestic terrorist incidents were committed by special interest extremists active in the animal rights and environmental movements. The acts committed by these extremists typically targeted materials and facilities rather than persons.
The prevented attacks were a bit more interesting, so I'll spend more time looking at them:
The terrorism preventions for 2002 through 2005 present a more diverse threat picture. Eight of the 14 recorded terrorism preventions stemmed from right- wing extremism, and included disruptions to plotting by individuals involved with the militia, white supremacist, constitutionalist and tax protestor, and anti- abortion movements.

The remaining preventions included disruptions to plotting by an anarchist in Bellingham, Washington, who sought to bomb a U.S. Coast Guard station; a plot to attack an Islamic center in Pinellas Park, Florida; and a plot by prison-originated, Muslim convert group to attack U.S. military, Jewish, and Israeli targets in the greater Los Angeles area.

In addition, three preventions involved individuals who sought to provide material support to foreign terrorist organizations, including al-Qa’ida, for attacks within the United States.
One thing I always pay attention to is the "precursor crimes" that are often committed in preparation for a potential terrorist plot. Would-be terrorists require materials for the attack and access to the target. As a result, many precursor crimes relate to acquiring money to buy these materials, or to means of gaining access. For instance, document forgery:
On April 10, 2003, the FBI arrested William Joseph Krar for fraud-related charges stemming from his attempt to deliver numerous false identification badges—including a United Nations Observer Badges, Defense Intelligence Agency identification, and a Federal Concealed Weapons Permit—to Edward Feltus, a member of the New Jersey Militia.
And counterfeiting:
On August 5, 2004, the FBI arrested Gale William Nettles in connection with his attempted sale of a half ton of ammonium nitrate to an undercover agent purportedly associated with a foreign terrorist organization. The FBI also had information that Nettles intended to use ammonium nitrate to bomb Chicago’s Dirksen Federal Office Building. Nettles planned to counterfeit U.S. currency in order to earn money to purchase bomb components for his attack.
And robbery:
On July 5, 2005, officers with the Torrance (California) Police Department arrested Levar Washington and Gregory Patterson during a commercial armed robbery in progress at a Los Angeles area gas station. Their arrest, and subsequent local and FBI investigation, revealed that Washington and Patterson were conducting the armed robberies to raise money for an alleged terrorist plot targeting U.S. military facilities, Israeli government facilities, and Jewish synagogues in the greater Los Angeles area.
It's also worth noting that, while the vast majority of successful terrorist incidents involved few or no injuries and fatalities, some of the prevented acts - and not just those by al Qaeda - posed potentially serious threats to people. For instance, at least one potential domestic terrorist plotted to use chemical weapons:
William Joseph Krar had also been identified as a potential weapons supplier associated with extremist militia activities. In a search of Krar’s Texas residence at the time of his arrest, FBI investigators found firearms, explosives, blasting caps, machine guns, over 100,000 rounds of ammunition, approximately 800 grams of sodium cyanide, and plans to weaponize the sodium cyanide.
Finally, one of the prevented incidents - involving an al Qaeda sympathizer - highlights the fact that al Qaeda remains steadfast in its intent to target the U.S. economy:

On December 5, 2005, Michael Curtis Reynolds was arrested at a motel near Pocatello, Idaho, after arranging to meet a purported al-Qa’ida contact. Reynolds offered to assist al-Qa’ida in engaging in acts of terrorism within the United States by identifying targets, planning terrorist attacks, and describing bomb-making methods.

Reynolds sought to carry out violent attacks against pipeline systems and energy facilities in an effort to reduce energy reserves, create environmental hazards, and increase anxiety. Reynolds sought payment for supplying his assistance and continuing work on behalf of al-Qa’ida. Reynolds has been charged with attempting to provide material support to a foreign terrorist organization.
Overall, the FBI's compendium of terror attacks is a rather heartening read. The lack of a major attack on U.S. soil since 9/11 can be construed only as a very good thing.

Wednesday, November 14, 2007

Europe's Counterterrorism Strategy

The EU has recently revised its Counterterrorism Strategy. The document is just 9 pages long, so it's not very detailed. After a quick review I found a few passages worthy of note and comment:

Terrorist threats should mostly be addressed at national level – even in the knowledge that the current threat is mostly international. Work at EU level complements these efforts and is built around prevention, protection, prosecution and responding if an attack occurs.
The situation in Europe is more complex than in the U.S. The number of nations involved, the different cultures and legal structures, the immigration patterns - all of it makes it more difficult to collaborate on a solution. But I'm not convinced that the most important work has to be done at the national level.

I still maintain that most of the important work has to be done on a local level. The national government can play a key supporting role - and a lead role in some instances - but in the end it requires coordinated local effort to dislodge terrorism and create an environment in which it cannot bloom again.

The strategy identifies eight key measures for combatting terrorism:
• Stopping violent radicalisation;
• Protecting our critical infrastructure;
• Improving the exchange of information between national authorities and cooperation between all stakeholders when appropriate;
• Reacting to non conventional threats;
• Improving the detection of threats;
• Depriving terrorists of financial resources;
• Supporting victims;
• Research and technological development.
The first measure, stopping violent radicalization, seems a logical step for the Europeans, given their demographics (i.e., a lot of immigrants who don't feel like they've assimilated into the dominant culture, some of whom have fallen under the sway of jihadists).

But in terms of stopping this radicalization, it seems like they're still trying to get their arms around the issue:
Understanding the motivations behind terrorist activity is a key part of prevention. The Commission is in the process of developing a policy on identifying and addressing the factors contributing to violent radicalisation. Research into this complex area is important and the Commission funds studies, conferences, and projects to share experience and better understand the issue.
It's admirable to try to understand the problem. But it seems to me that they're missing something. Instead of studying "the factors contributing to violent radicalisation" (i.e., what kind of person, from what kind of background, is subject to becoming a violent radical) I think they would do much better to focus on the process of recruiting and radicalization.

It really doesn't matter much what a person's background is, when you think of it. What matters is the process that they go through to become a violent radical. That process inevitably leaves signs and signals, in spite of the great efforts that are made to hide it. If you focus on that process, rather than the psychology of who becomes a radical and why, then you have a better shot at interdiction and prevention.

On information sharing, I found it noteworthy that they focus on information rather than intelligence:
Exchange of information – in compliance with fundamental rights including data protection – is essential. The Passenger Name Records (PNR) proposal which is part of this package demonstrates it. Much has been done by the Commission. Telecom and internet service providers now have to retain their data, as a consequence of the Data Retention Directive. The principle of availability has made its first step with the PrĂ¼m Treaty: soon, all Member States' databases on fingerprints, DNA and vehicle registration will be accessible to the authorities of other Member States.

Agreement has been reached to give law enforcement authorities access to the Visa Information System (VIS) once it becomes operational. Access to the VIS will allow police and other law enforcement authorities, as well as Europol, to consult data in the Visa Information System. It will store data on up to 70 million people concerning visas for visits to, or transit through, the Schengen Area.
Maybe I'm just making the assumption that they're subordinating sharing intelligence in favor of sharing information. But it seems odd that they're just talking about data here - and not the intelligence that's created by analyzing the data.

In the end, the EU introduces a security package for moving ahead. I find these steps to be generally on the right track:
This security package aims to improve the security of Europe and face the terrorist threat by:
  • Dealing with those who support terrorism.
  • Practical action to stem the use of explosives.
  • Establishing a European system for the exchange of Passenger Name Records ("PNR").
The first step wisely acknowledges the fact that terrorists require a sympathetic environment and an actively supportive infrastructure. The second is rather limited in scope, covering only one potential type of terrorist act. You've got to give a determined terrorist more credit than that, I think. The third step is logical, given the fact that many terrorists travel overseas before going operational with an attack plot.

Still, taken in their entirety, I'm not sure they've got a comprehensive strategy that is going to address all aspects of the terrorist threat.

(Hat tip to Jonah at HLS Watch, who also
provides a good overview of the strategy.)

Technology, All Is Technology!

Hmm... DHS is studying a proposed new technological system for detecting biological, radiological, and chemical agents:

Imagine that instead of anthrax-laced letters targeted at members of Congress the next bioterrorist attack to hit Washington is a wide-scale release of a toxin in the transit system. But rather than trusting a haphazard series of stationary air sensors installed at likely release points on platforms and waiting areas, first responders minimize the assault using thousands of mobile biodetectors embedded in a standard tool in every commuter’s arsenal: the cell phone.

According to such a plan, a portion of the phone-toting population would voluntarily use devices that included minuscule bio, radiation or chemical sensors that could detect dangers in real time. If terrorists released a toxin, cell-phone sensors would detect the substances and signal the threat to District of Columbia police via the Global Positioning System network.

Officials would quickly know the type of outbreak they faced and could pinpoint the release points and map how prevailing air currents were spreading the poison.

"Pretty soon you know there’s a botulism release at McPherson Square," said Rolf Dietrich, deputy director at the Homeland Security Department’s Science and Technology Office of Innovation. "The police could push through the news to anybody in the vicinity, telling them: 'We have indications of a potential problem. Evacuate to the south, because the wind is blowing this stuff to the north.'"
Here's the thing. This is a difference in degree, not in kind. We're already establishing the network of biosensors and radiation detectors in major cities, through the BioWatch program and the Secure Cities Initiative. Putting them in cell phones is an improvement, yes, but it's essentially more of the same.

More importantly, is this the best use of our resources? Let's remember that this type of intervention takes effect only after the cat is out of the bag. These detectors work only after the bad guy has already released the chemical, biological, or radiological agent. At that point, you're just trying to speed the response and do damage control. These are important, yes. But are they worth a major investment of time, money and technology? A few questions:
  • How many people are we going to be able to protect, thanks to the sensors in the cell phones, as compared to the number of people we could protect with the BioWatch and SCI sensors?
  • Will the police and other first responders coordinate their communication, which seems so essential to maximizing the effectiveness of this intervention?
  • Will they even have the interoperable systems that allow them to communicate?
  • Will emergency services be able to move groups of victims to healthcare facilities?
  • Will those healthcare facilities have sufficient resources to manage the influx of patients?
  • How quickly can we test to know exactly what agent we're dealing with and what the treatment should be?
  • Do we have enough facilities for decontamination of those people who may have come into contact with the agent?
  • What can we do to prevent the release of the agent?
All of these questions seem more immediate and pertinent than the question of, "If we put the sensors in cell phones, can we move more people out of harm's way more quickly?"

No Community Is An Island

Some solid thinking from Effect Measure on pandemic preparedness:

[L]ocal preparation can't be too local: only looking after ourselves and our families. Of course families should prepare, to the best of their ability, and having some reasonable stockpile will stand them in good stead whether it is a pandemic, a flood, a hurricane or a blizzard. But the more important point is that making a community more resilient requires structures that allow us to help each other, not just protect ourselves.

Communities where the impulse to help is encouraged and facilitated will do much better than those where helping others depends on individual heroic initiative. In practical terms, this means looking ahead to organizing and using volunteers efficiently, establishing means of communication (like neighborhood visiting groups) that allow others to know when a family is in distress, having community stockpiles and resources available for those who need it (e.g., essential medications or baby formula) are all part of thinking like a community, not just acting like anonymous individuals and isolated families.
Humans are social beings. We always do our best work within the context of a community, when we are connected with each other in meaningful ways.

Part of this is "circling the wagons" when an outside peril threatens us. Communities that are best prepared will be those that have encouraged groups to work together and have practiced their response.

Terrorism Ties to LA Drug Bust

From the "unsurprising if true" file comes this report from the New York Daily News that a small-time drug gang busted in Los Angeles is suspected of raising funds for Hezbollah:

A seemingly small-time drug ring busted this week in Los Angeles was actually targeted for funding the Lebanese terror group Hezbollah, the Daily News has learned.

Prosecutors left out the terror tie when they announced Tuesday that federal agents and local cops had arrested a dozen people for allegedly peddling cocaine and counterfeit clothing in Bell, Calif.

But several sources familiar with the investigation said the predominantly Arab-American gang was believed to have smuggled its crime cash to the Iranian-backed terror group.

"This was a classic case of terrorism financing, and it was pretty sophisticated how they did it," a source close to Operation Bell Bottoms told The News.

The defendants once crammed $123,000 in money orders into a stuffed animal flown to Lebanon, an indictment alleged.
While I don't have any particulars on this case, it's no secret that terror groups use illegal activities such as counterfeiting, drug sales, and identity theft as a quick way to earn cash. And Hezbollah is perhaps the best organized and funded terrorist group in the world. They also have connections in North America.

But these illegal activities are a significant vulnerability for them - one that local law enforcement is ideally positioned to detect and exploit.

Note: The LA Times also covered the story, providing more information on the initial indictments, which were not terrorism-related.

Monday, November 05, 2007

The National Strategy for Information Sharing

Recently the White House released the new National Strategy for Information Sharing, which tries to bring together many existing government efforts (e.g., the Information Sharing Environment, state and urban area fusion centers, etc.) under a strategic umbrella. I've had a chance to review the document in some detail and can provide some thoughts on it.

Much of the language in the strategy is relatively bland. You can't take issue with it, but neither do you get a strong sense of direction from it. For example, regarding information sharing at the federal level, the strategy says:

Today’s ISE consists of multiple sharing environments designed to serve five communities: intelligence, law enforcement, defense, homeland security, and foreign affairs.

Our objective is to establish a framework for Federal agencies in the fulfillment of their individual roles and responsibilities and forge a coordinated and trusted interagency partnership and process across all five communities. This collaborative approach at the Federal level will in turn drive the manner in which terrorism-related information is shared with non-Federal partners.
Well...yes. This is the sort of thing that everybody has been saying all along. It's a nice vision - and the correct one - but the test of this strategy will be in how well it achieves the vision, not whether it can correctly articulate the vision.

It's perhaps not too surprising, but a little disappointing, that the strategy so strongly emphasizes continuance of the status quo. The strategy introduces little that's new, but instead attempts to coalesce existing programs and projects into a coherent whole, as explained in the section titled "The Need for a National Strategy":
Memorializing the Strategy in a single document not only provides information to others about the Administration’s plans and outlook, but also guides our efforts as we continue to implement many programs and initiatives designed to advance and facilitate the sharing of terrorism-related information.

[W]hile this Strategy describes the vision that has guided the Administration for the past six years, it also sets forth our plan to build upon progress and establish a more integrated information sharing capability ...
The only section of the strategy that does bring some new ideas is the annex on fusion centers, which I'll give extended treatment in a future post.

In short, the creation of the new strategy has not involved asking, "Where are we?" and "Where do we need to go from here?" but has instead involved asking, "How can we strategically explain everything that's been done so far and extend it into the future?"

The underlying message is that we're confident that we're on the right track.

And I would agree that, at least on the big, sweeping ideas, we are on the right track. Everyone has the right intentions. We are very good at saying the right things. For instance, here are the core principles and understandings as enumerated by the new strategy:
Effective information sharing comes through strong partnerships among Federal, State local, and tribal authorities, private sector organizations, and our foreign partners and allies;

Information acquired for one purpose, or under one set of authorities, might provide unique insights when combined, in accordance with applicable law, with seemingly unrelated information from other sources, and therefore we must foster a culture of awareness in which people at all levels of government remain cognizant of the functions and needs of others and use knowledge and information from all sources to support counterterrorism efforts;

Information sharing must be woven into all aspects of counterterrorism activity, including preventive and protective actions, actionable responses, criminal and counterterrorism investigative activities, event preparedness, and response to and recovery from catastrophic events;

The procedures, processes, and systems that support information sharing must draw upon and integrate existing technical capabilities and must respect established authorities and responsibilities; and

State and major urban area fusion centers represent a valuable information sharing resource and should be incorporated into the national information sharing framework, which will require that fusion centers achieve a baseline level of capability to gather, process, share, and utilize information and operate in a manner that respects individuals’ privacy rights and other legal rights protected by U.S. laws.
Anybody want to take issue with that?

Importantly, the strategy acknowledges the importance of state, local, and tribal governments as parterns for sharing information:
[T]he nature of the global threat, as well as the emergence of homegrown extremists, require that State, local, and tribal governments incorporate counterterrorism activities as part of their daily efforts to provide emergency and non-emergency services to the public.

These partners are now a critical component of our Nation’s security capability as both “first preventers” and “first responders,” and their efforts have achieved concrete results within their communities, as the following examples illustrate:
  • A narcotics investigation – conducted by Federal, State, and local law enforcement officials and resulting in multiple arrests – revealed that a Canadian-based organization supplying precursor chemicals to Mexican methamphetamine producers was in fact a Hezbollah support cell.
  • A local police detective investigating a gas station robbery uncovered a homegrown jihadist cell planning a series of attacks.
  • An investigation into cigarette smuggling initiated by a county sheriff’s department uncovered a Hezbollah support cell operating in several States.
One thing about the strategy that worries me a bit is its unstated assumption that the Information Sharing Environment - which is really just getting off the ground - is going to be a success.
The ISE Implementation Plan, among other things, delineates how the President’s guidelines and requirements will be implemented by drawing upon recommendations developed pursuant to those guidelines. It also incorporates the perspectives of representatives from State, local, and tribal governments who reviewed the ISE Implementation Plan Report during its development.

Since the Plan’s submission to the Congress, many of its action items have been implemented.
True enough, as we learned in this status report from the ISE Program Manager in September (also see my post). But at this point the development of the ISE is far too preliminary to assume that it will be a rousing success. My eyebrows always wrinkle whenever I hear language that implies, "If we say it, it must be so."

Now a few notes on the four major sections of the strategy, dealing with information-sharing with federal, state-local-tribal, private-sector, and international partners.

Federal Information Sharing

The section on Federal information sharing is remarkably brief. Its basic message is, "Stay the course, implement the ISE, go through the National Counterterrorism Center (NCTC)." The focus on NCTC is almost single-minded:
NCTC has the primary responsibility within the Federal Government for analysis of all intelligence and information pertaining to terrorism, and supports the Department of Justice (DOJ), DHS, and other appropriate agencies in the fulfillment of their responsibilities to disseminate terrorism-related information.

All Federal departments and agencies that possess or acquire terrorism-related intelligence and information provide access to such information to NCTC for analysis and integration unless prohibited by law or otherwise directed by the President. As the “Federal Fusion Center” responsible “for analyzing and integrating all intelligence pertaining to terrorism and counterterrorism,” NCTC works with appropriate Federal departments and agencies to enable the development of “federally coordinated,” terrorism-related information products tailored to the needs of Federal entities.
All this attention to the NCTC begs the question, however, of whether information-sharing is relevant to all-hazards, or only to counterterrorism. How do we share information on the risk of and/or preparedness for, say, earthquakes or pandemic flu? Surely the NCTC doesn't want this information - nor should they.

And what if a state or local government, through its all-hazards fusion center, provides such information to a federal agency or agencies? What then? It's not clear to me.

State, Local, and Tribal Information Sharing

By contrast to the concise, one-page section on federal information sharing, the state-local-tribal section is positively expansive, rolling along for 4 pages. Which is nice to see, as it reflects the idea that state, local, and tribal partners are important partners for information sharing.

The strategy accurately describes the needs at the SLT level:
The informational needs of State, local, and tribal entities continue to grow as they incorporate counterterrorism and homeland security activities into their day-to-day missions. Specifically, they require access to timely, credible, and actionable information and intelligence about individuals and groups intending to carry out attacks within the United States, their organizations and their financing, potential targets, pre-attack indicators, and major events or circumstances that might influence State, local, and tribal preventive and protective postures.
In the above quote, the words "access to" bother me a bit, as they seem to imply that the information exists somewhere outside the state, local, or tribal government - and the SLT entity needs to be able to reach it. In fact, much valuable information exists within these entities, and it needs to be pushed out.

So I'd add one more critical need: State, local and tribal agencies need reliable systems for sharing information with one another and with federal agencies. So it's good to see the strategy acknowledging this.
Authorities at all levels of our federal system must share a common understanding of the information needed to prevent, deter, and respond to terrorist attacks. The common understanding will be achieved through a framework that enables:
  • Federal entities to work together to provide information in ways that better meet the needs of State, local, and tribal partners; and
  • Information gathered at the State and local level to be processed, analyzed, disseminated, and integrated with information gathered at the Federal level.
We will have an integrated approach that allows Federal agencies to work together to produce and disseminate a federally-validated perspective on available threat information and relies on the efforts of consolidated fusion environments at the State and regional levels.
That last bit bothers me. Is information valid only after it has been run through the NCTC?

And again, what about all-hazards information? Many fusion centers have an all-hazards focus (a concept I support). Do they share this information? How? Surely we can understand that many potential natural disasters and accidents - especially catastrophic ones - can have regional or even national impacts.

Here are a few of the things SLT governments are supposed to do. These are good and reasonable, but again there is a terrorism-centric aspect to the plan:

To implement recommendations developed pursuant to Guideline 2 of the President’s Guidelines, and as key participants in the information sharing mission, State, local, and tribal entities are encouraged to undertake the following activities, in appropriate consultation and coordination with Federal departments and agencies:
  • Foster a culture that recognizes the importance of fusing information regarding all crimes with national security implications, with other security-related information (e.g., criminal investigations, terrorism, public health and safety, and natural hazard emergency response);
  • Support efforts to detect and prevent terrorist attacks by maintaining situational awareness of threats, alerts, and warnings, and develop critical infrastructure protection plans to ensure the security and resilience of infrastructure operations (e.g., electric power, transportation, telecommunications) within a region, State, or locality; and
  • Develop training, awareness, and exercise programs to ensure that State, local, and tribal personnel are prepared to deal with terrorist strategies, tactics, capabilities, and intentions, and to test plans for preventing, preparing for, mitigating the effects of, and responding to events.
On the federal side, the NCTC's Interagency Threat Assessment and Coordination Group (ITACG) is critical to the information-sharing effort with SLT entities:
Specifically, the group [ITACG] will coordinate the production and timely issuance of the following interagency products intended for distribution to State, local, and tribal officials, the private sector, as well as the general public when appropriate:
  • Alerts, warnings, and notifications of time-sensitive terrorism threats to locations within the United States;
  • Situational awareness reporting regarding significant events or activities occurring at the international, national, State, or local levels; and
  • Strategic assessments of terrorist risks and threats to the United States.
As will be discussed in more detail in a future post, fusion centers continue to be a major emphasis in information-sharing. It has become virtually impossible to find a significant government information-sharing initiative that does not involve fusion centers. Accordingly, the strategy says:
State and major urban area fusion centers are vital assets critical to sharing information related to terrorism. They will serve as the primary focal points within the State and local environment for the receipt and sharing of terrorism-related information.

As a part of this Strategy, the Federal Government is promoting that State and major urban area fusion centers achieve a baseline level of capability and become interconnected with the Federal government and each other, thereby creating a national, integrated, network of fusion centers to enable the effective sharing of terrorism-related information.

Federal departments and agencies will provide terrorism-related information to State, local, and tribal authorities primarily through these fusion centers. Unless specifically prohibited by law, or subject to security classification restrictions, these fusion centers may further customize such information for dissemination to satisfy intra- or inter-State needs.

Fusion centers will enable the effective communication of locally generated terrorism-related information to the Federal Government and other fusion centers through the ISE. Locally generated information that is not threat- or incident-related will be gathered, processed, analyzed, and interpreted by those same fusion centers—in coordination with locally based Federal officials—and disseminated to the national level via the DoD, DHS, FBI, or other appropriate Federal agency channels.
A couple of thoughts:

1. Again, the single-minded focus on terrorism.

2. It's good to see the emphasis on networking the fusion centers. Regional partnerships can really be a strength. But it's a bit concerning that the flow of information - even information that's not relevant to threats or incidents - has to flow through the federal government before it can be shared with others. Given this, it's not clear how the fusion centers will be "networked" together. Is state-to-state sharing really possible? (See the "federally-validated" comment above.)

One weakness of this approach - if it in fact is the approach - is that someone at the federal level has to recognize the information as important before it can be shared with other states. But can't we imagine a situation where state officials in a given region understand their own risks better than federal agencies and are in a better position to decide what information ought to be shared with their counterparts in other states?

I recognize the balance that must be struck here. You can't assume that all information is important, and share everything; because if everything is important, nothing is. But at the same time, you don't want to create bottlenecks where one gatekeeper gets to decide what's important and what isn't.

I hope these concerns are unfounded. It may be that interagency collaboration may be able to allay some of these concerns - that is, if many agencies have a voice in deciding what gets shared, in a truly collaborative environment, there's a better chance that important information will go through.

But on the other hand, I was surprised to find the following sentence in the strategy. It had earlier appeared in the SE Program Manager's status report in September 2007, and it bugged me then, as evidenced in my post on the status report:
Where practical, Federal organizations will assign personnel to fusion centers and, to the extent practicable, will strive to integrate and collocate resources.
If you're really intending to create a collaborative environment, you don't agree to integrate and collocate "where practical" and "to the extent practicable." You make a commitment to do it, and you do it. This is an important concern, if we remember that the CRS recently reported, "
In general, fusion centers collocated with a federal agency reported favorable relationships with that agency. This was often in stark contrast to the views of other fusion centers not collocated with a federal agency(s)."

Private Sector Information Sharing

Like the "Federal" section of the Strategy, the "Private Sector" section can be roughly paraphrased as, "We'll keep doing what we're doing to try to share information with the private sector, and we'll get even better."
[A]s we improve efforts to share terrorism-related information with the private sector we must continue to:
  • Build a trusted relationship between Federal, State, local, and tribal officials and private sector representatives to facilitate information sharing;
  • Ensure that Federal, State, local, and tribal authorities have policies in place that ensure the protection of private sector information that is shared with government entities;
Etc. Etc. Etc.

International Information Sharing

This section is sort of out of the bounds of my interests, but on international sharing the emphasis is on laying the diplomatic groundwork to develop solid relationships with other countries, to ensure that any information that's shared is safeguarded and handled correctly.
In summary, strong partnerships and trusted collaboration with foreign governments are essential components of the war on terror. Effective and substantial cooperation with our foreign partners requires sustained liaison efforts, timeliness, flexibility, and the mutually beneficial exchange of many forms of terrorism-related information.
Protecting Privacy and Other Legal Rights

The strategy also discusses the necessity to protect privacy. I won't go into this much, except to say that respecting privacy is essential to effective information gathering and sharing. As citizens we must have confidence that our rights are respected and that any information that is gathered and shared has been done so legally and with appropriate oversight. The strategy says:
At the direction of the President, the Attorney General and the Director of National Intelligence developed a set of Privacy Guidelines to ensure the information privacy and other legal rights of Americans are protected in the development and use of the ISE. The Privacy Guidelines provide a consistent framework for identifying information that is subject to privacy protection, assessing applicable privacy rules, implementing appropriate protections, and ensuring compliance.
Looking back on this post, it's already pretty long. I'll cover the Appendix on fusion centers in another post, which it really deserves anyway.

Overall, my thoughts on the new strategy are that it's good at sounding good; but it generally just codifies the status quo. There's a lot of assumptions here: That the ISE will work, that Fusion Centers are the best means for sharing information with state and local entities, that federal, state and local agencies will trust one another to share information without getting bogged down in turf battles, etc.

Information sharing is always a delicate process, and the stakes are high. I thought one passage from the strategy eloquently - if unwittingly - expressed both the risks we face from terrorism and from trying to develop a reliable, trustworthy system of sharing information:
[T]he Untied States will continue to face ideologically committed extremists determined to attack our interests at home and abroad.
Untied States? Let's hope not.

Wednesday, October 31, 2007

Gaps in Healthcare Preparedness

This has really been a week for examining public health and disaster medicine.

In that vein, PricewaterhouseCoopers Health Research Institute (HRI) released a study of the disaster preparedness of the healthcare system. Their report focuses on “the seams” in the state of preparedness and provided recommendations. There aren't a lot of surprises here. The gaps that exist have also been reported elsewhere. This study collects them nicely, though. HRI concluded:

We found that facility and staff resources are limited, public health and private medical sector plans are inadequately coordinated, communications and tracking systems are incompatible, and funding is not sufficient to support development of a sustainable infrastructure for an effective response.
The most stubborn of these problems may be a lack of surge capacity:
There is no federal or state requirement for communities to maintain a certain level of hospital capacity for disasters, and most health system resources are owned and operated by private organizations that are pressured to improve their operational efficiency and financial bottom line.

Funding benchmarks and reporting requirements are modified each year, causing recipients to shift rather than sustain focus. “The current funding forces the funds to be utilized on gidgets and gadgets because you need to liquidize the funds rather than hire and develop infrastructure for the long term,” said Jimmy Guidry, M.D., Louisiana’s state health officer.

Experts have estimated that hospitals could free up to 25% of their beds for emergency use during a disaster, but many are skeptical of how quickly and safely that could take place. ... HRI’s survey found that over 40% of health professionals lacked confidence in their ability to transfer patients to non-health facilities, and 25% lacked confidence in their ability to transfer patients to other health-related facilities.
Another potentially significant problem is a potential lack of staff. Staff levels are already low, and they are likely to suffer further in the event of a health emergency, as some healthcare workers may also be affected:
Availability of staff during a disaster is another major challenge. “Personnel are a major limiting factor and a critical need,” said Sally Phillips of AHRQ. The average hospital has an 8.5% vacancy rate among its nurses, and many have shortages in the physician specialists needed in an emergency.

The situation is not expected to improve. The federal government is predicting that by 2020, nurse and physician retirements will contribute to a shortage of approximately 24,000 doctors and nearly 1 million nurses.
And even if staff is available, training and other preparation may be insufficient:
Primary care physicians were substantially less knowledgeable than other health professionals surveyed regarding what to do in natural or manmade disasters. Fewer than 20% of primary care physicians said they were “well prepared” about what to do in a disaster, which was substantially less than other health professionals.

Coletta Barrett, head of hospital operations at the Louisiana Emergency Operations Center during Hurricane Katrina, explained that hospitals typically are underprepared. “At Charity Hospital, we knew we needed enough food and water to support the facility for three days. We didn’t take into consideration any of the staff that would remain in-house, or family members of patients or staff that would come and shelter in place.” Due to the effects of the disaster on the surrounding community, families of the injured and of hospital staff are likely to be present in the hospital, in addition to casualties.
HRI provides some recommendations. I'll focus not on the specifics, but on the general strategy:
Health and medical systems should adopt a systems-oriented approach and infrastructure for disaster response.

During a disaster, medical priorities must shift from focusing on individual patient-based outcomes to population-based outcomes.

Alternate care sites should be considered to alleviate the patient demand at hospitals and increase healthcare surge capacity within a community. Potential sites may include: shuttered hospitals, mobile medical facilities, ambulatory care centers, dormitories, and large public buildings.
One of the keys to planning, whether it involves solving the problem of capacity, pharmaceuticals, staff preparedness, communication - is to collaborate on solutions. Healthcare facilities compete in the marketplace, but in the event of a major disaster, they will be called on to share the load. A coordinated response will be more effective.

Given the wide range of needs that must be met during a healthcare emergency, advance planning that involves a wide set of stakeholders is essential.
The health system was not designed to address the complexity of disaster response, which often requires a public-sector response and coordination across multiple organizations and regions.

Communities should actively engage a wider range of stakeholders who have not traditionally been at the planning table, particularly primary care physicians, community clinics, and nursing homes.

Collaboration provides an opportunity for healthcare organizations to share resources, learn from one another, leverage best practices, and combine forces to achieve together what they each could not do alone. Disaster responders should work locally and regionally to organize resources, share expertise, and formalize mutual aid agreements.
But this doesn't happen automatically, just because there is a need:
Respondents to HRI’s survey indicated that coordination remains a concern. In particular, health professionals questioned the ability of their organizations to coordinate with physicians in private practice, federal agencies, clinics, and nursing homes.
Still, there have been some model programs for regional planning:
Collaboratives in New York, California, and Northern Virginia provide a template on the importance of regional planning. For example, the Greater New York Hospital Association created the Emergency Preparedness Coordinating Council, which includes hospitals as well as local, state, and federal public health and emergency management organizations.

California created the California Office of Emergency Services, which divided the state into six mutual aid regions. If requests for aid overwhelm a region, the state coordinates with other unaffected regions for resources. Local authorities have a span of control over local personnel and supplies, while the state can provide support from a larger pool of resources, if necessary. At the local, county, and state levels, medical health operation area coordinators communicate medical needs, collect and provide consistent information, and relay mutual aid requests.
Collaborative efforts play into our strength as a society. We are remarkably capable when we combine our various strengths to achieve a common goal. We can anticipate the kinds of health emergencies we may face in the future. We will succeed in responding to them only if we plan ahead and bring together all the resources available to us.

Disaster Preparedness Training for Healthcare Workers?

Bob Baylor of Cincinnati State Technical and Community College has started a nice blog, Losantiville, with homeland security as one of its emphases. (Welcome to the blogosphere, Bob!)

Today he argues, persuasively to my mind, that healthcare workers should receive basic training in the National Incident Management System (NIMS) and Incident Command System (ICS), as they may have to interact with these response structures in the event of a major disaster:

Healthcare workers, as opposed to first-responders, often do not receive training in ICS or NIMS. Many would be at a loss if suddenly assigned to a medical strike team or may even wonder why their skills would be needed.
Bob advocates a minimum of training, to establish familiarity with the organizational constructs involved:
The healthcare worker who has had some initial training in ICS or NIMS is able to immediately function in a multi-agency response involving not only other healthcare providers but other responders as well. ... The training need not be overly arduous, the majority of those working towards a degree in healthcare already have full course loads. The intent here is encourage all healthcare workers to obtain at least a basic familiarization with ICS or NIMS, not to become subject matter experts.

Healthcare workers that have been trained in the basics of incident management will more quickly grasp their role in a multi-agency response. Those who may have to work from a different location will be able to more quickly identify they equipment and supplies to take with them. The workers who have such preparation and training are able to quickly leave and report to their new work location.
Bob points out that an event such as pandemic flu could cause the conditions necessary for mass re-deployment of healthcare workers, since as much as 40 percent of healthcare workers could be absent due to illness. (I've also got a couple of prior posts on this.)

NIMS is not something you can just walk into and immediately comprehend. It's a system with its own terminology and internal structures. Given DHS' directive that all incident management in the U.S. - at all levels of government - must use NIMS to be eligible for federal disaster preparedness assistance, healthcare workers who are conversant with NIMS and ICS would be able to function in any disaster scenario, regardless of its scale or scope. It does make sense to give them this baseline familiarity.

I recall that many healthcare professionals deployed to New Orleans in the aftermath of Katrina. I haven't done any in-depth research on this aspect of the Katrina response, but no doubt there are some lessons learned from those experiences.

Update 2007-10-31: HHS' Hospital Preparedness Program requires hospitals to implement NIMS Compliance Activities for Hospitals. This includes implementing NIMS for the hospital and requiring designated staff members to complete four training courses on NIMS and the National Response Plan (NRP).

Preparedness and the Legal System

Just a short note on a brief paper by the American Bar Association, "Rule of Law in Times of Major Disaster," which lays out a set of principles to guide the preparation and response of the judicial system for a major disaster.

There are no real surprises here, but the ABA's principles may be useful as a kind of checklist for planning. I'll just focus on a few of the 12 principles that ABA provides:

  • The rule of law must be preserved when a major disaster occurs.
  • The preservation of the rule of law requires proactive planning, preparation and training before a major disaster strikes.
  • All those involved in the justice system must work collaboratively to assure the ongoing integrity of the system in times of major disaster.
  • Federal, state, territorial, tribal and local governments should work with each other and with the private sector to plan, prepare and train for a major disaster. Such efforts should focus on means to preserve order, protect vulnerable populations, insure adequate communications and assure continuity of operations of business and government.
  • State, local and territorial Bars should educate their members to plan, prepare and train for a major disaster, including information enabling attorneys to assure the continuity of their operations following a disaster, while maintaining the confidentiality and security of their clients’ paper and electronic files and records.
There's a list of specific steps under Principle 10 that is particularly helpful (if a bit obvious), including:
  • Disaster risk assessment and planning should be integrated into government and private infrastructure and land use decisions.
  • Environmental assessments should include consideration of disaster scenarios and discuss mitigation measures.
  • Standing government procedures should be in place to assess prevention and response to all major disasters, rather than relying on ad hoc mechanisms.
  • Special attention should be given to the needs of vulnerable populations in planning disaster responses. Characteristics requiring special consideration include poverty, age (including both the elderly and children) and disability.
  • Legislation should insure that deadlines, whether found in state or federal rules or statutes or in private contracts such as insurance, can be modified or tolled in the event of a major disaster.
  • States should review regulatory statutes to insure that they contain appropriate waiver provisions for conditions resulting from a major disaster.
Again, no real surprises. But repetition is an important part of making a message stick.

Tuesday, October 30, 2007

Radiological Exposure Testing: A Wide Gap

Just a few days after the publication of HSPD 21: Public Health and Medical Preparedness and TOPOFF IV exercise, which focused on a radiological disaster scenario, the House Subcommittee on Investigations and Oversight - House Science and Technology Committee has released a brief report that should raise the eyebrows of anyone involved in disaster preparation at any level.

The report analyzes the ability of U.S. laboratories to test for radiological contamination among the population of those potentially affected by a radiological event. We have to point out that a "dirty bomb" is one of the more likely "mass effect" attacks. It is perhaps the least technologically sophisticated of these attacks, requiring a radioactive source and a conventional explosive (or another mechanism for releasing radioactivity). And the materials are out there. Earlier this year, the Canadian
Security Intelligence Service rated a dirty bomb attack as the most likely WMD attack. (See this post.)

Let's also recall that the Redefining Readiness Workgroup has found that, in the event of a "dirty bomb" attack, only about 59% of citizens would shelter in place (unless they were at home). This would make them more likely to become exposed to radioactive materials.

So reality suggests that such an attack is likely and that many people may be at risk of contamination. We should be prepared. Are we?

The Subcommittee found that in some key respects we are not. Most notably, the laboratory infrastructure for testing radiation is insufficient, despite the requirement found in the National Planning Scenarios:

One of the key assumptions in National Planning Scenario #11 is that all potentially exposed individuals (an estimated 100,000 people, including 20,000 victims with detectible contamination) will be tested for radiological exposure and/or contamination and that a valid method exists for testing these clinical specimens.

Yet, today validated methods to test clinical specimens in a radiological emergency exist for only six of the 13 highest priority radioisotopes most likely to be used in a terrorist scenario. For those isotopes for which “validated” methods do exist screening 100,000 individual clinical specimens in the wake of a radiological attack could take more than four years to complete due to the current shortfall in radiochemistry laboratories, personnel and equipment. Environmental sampling could take as long as six years to complete given the current capacity and capabilities of the U.S. radiochemistry laboratory infrastructure.
Picture the crisis of confidence that could result from this scenario: A dirty bomb explodes. Tens of thousands of people downwind fear or suspect they've been exposed to radiation. (It's worth remembering that in the immediate aftermath, it will not be clear whether the bomb was dirty. You can't tell the difference between an IED and a dirty bomb just by looking.) They sensibly want to get tested for exposure. And public officials have to tell them to wait in line - for months or perhaps years before the test can be run.

People will be likely to demand testing, and the only way to do it is with lab testing:
[Laboratory analysis] will be necessary for the thousands of “exposed” individuals to determine whether they suffer from internal contamination and to identify appropriate medical treatment. Clinical analysis may also be demanded by those medically unaffected, but fearful of contamination nonetheless.
As the subcommittee puts it:
[I]n any real world event the critical lack of a sufficient laboratory capacity will delay appropriate public health care actions and plans, increase public panic, degrade public trust in government officials and increase the economic losses due to delays in assessment and cleanup.

While the human health consequences from an RDD attack are likely to be small, the public outcry for detailed clinical health assessments confirming their lack of radiological contamination is likely to be tremendous. The need to provide these individuals – expected to number in the tens of thousands – with a clean bill of health will help to reassure them psychologically and emotionally that they have not suffered harm and will enhance their trust in the government’s ability to effectively recover from the incident.
So how have we gotten into this mess? The main problem is systemic:
[T]he only current method for determining internal contamination is through laborious laboratory analysis, often involving a 24-hour urine collection, days to process the results and still more time to interpret them accurately.
I should note, however, that researchers are working to speed the testing process, as noted in this post.

But at present the long, hard way is the only way. The CDC is supposed to do the testing, but it has insufficient capacity:
National Preparedness Guidelines released last month by the Department of Homeland Security call for the nation’s public health laboratory infrastructure to be able to rapidly detect and accurately identify chemical, radiological and biological agents and “produce timely and accurate data to support ongoing public health investigations and the implementation of appropriate preventative or curative countermeasures.”

The Centers for Disease Control and Prevention (CDC) is tasked with monitoring, assessing and coordinating follow up medical monitoring on people’s health as a result of exposure to or contamination with radiological materials in a national emergency.

The CDC, for instance, currently has no capacity to analyze seven of thirteen of the most likely radioisotopes that would be present in a radiological or nuclear incident, according to information provided to the Subcommittee. For some of the most likely “dirty bomb” or RDD scenarios the CDC is currently capable of processing only 65 human samples per day. At that rate it would take more than four years to process 100,000 clinical samples as called for in National Planning Scenario #11.
Other problems could plague the response to a radiological incident as well. For instance, environmental testing could be just as cumbersome if not moreso:
The U.S. ability to evaluate potential radiological contamination on the environmental side also lacks the resources to effectively respond to a radiological emergency. White House National Planning Scenario #11 demands that the EPA be capable of analyzing more than 350,000 environmental samples in the 12 month period following a radiological attack.

Depending on the radioisotope used in the attack, however, it would take two to six years to complete that task given the current available laboratory facilities today, according to a March 2007 draft EPA report.
And roles have not been fully defined:
A recent interagency (draft) report on responding to a radiological attack found that the specific roles and responsibilities of federal agencies tasked with responding to a radiological event have not been clearly defined in the National Nuclear/Radiological Incident Annex, upon which these agencies rely.
Which is kind of a big deal, as there are many agencies that can play a part in such a response. See this article in Nuclear News from Sept. 2006.

For local disaster planners, information like this provides an opportunity for improving preparations. Let's say that these systemic problems persist for the forseeable future. This is likely, given that you can't just spin up one of these laboratories at a moment's notice. What can a local disaster planner do? A few ideas:

Educate. Citizens who are prepared to shelter in place are less likely to become contaminated. Also, if they understand the health risks involved with a dirty bomb attack, they are likely not to panic and may be less likely to succumb to the "worried well" phenomenon. Depending on the amount of radioactive material and the effectiveness of its dispersal, it is possible that the health effects may be limited to a relatively small area. The better informed citizens are, the better they will be able to respond in the immediate aftermath.

Communicate. Ensure that communications plans are in effect for a radiological disaster. This is a different risk than most. Through experience, most people have a reasonable understanding of natural disasters. They can rationalize accidents. But radiation - unseen, unfelt - is something that scares people. They don't know what to do.

Decontaminate. Set up decontamination stations - as large as possible - so that those who suspect that they might be contaminated can take action and get cleaned up. In the aftermath of a major incident, it is important for people to be able to take positive action and improve their situation.

Monday, October 29, 2007

Notes on HSPD 21: Public Health and Medical Preparedness

Last week the White House released the new Homeland Security Presidential Directive (HSPD) 21: Public Health and Medical Preparedness.

In terms of national preparedness, this is an extremely important HSPD. Many potential catastrophes, both natural and man-made, are capable of creating major public health emergencies. You just have to imagine the health impacts of a pandemic illness, bioterrorism incident (or other WMD attack), major earthquake, or west coast tsunami to imagine how quickly existing resources could be overwhelmed.

Our healthcare system has been built with efficiency in mind. If you're running a hospital, unfilled beds and unadministered medications cost you money, so you don't build a lot of excess capacity into the system.

But of course, as HSPD 21 notes, excess capacity is exactly what's needed during a major healthcare catastrophe. This is a significant shortcoming of our current preparedness regime. HSPD 21 does some sensible things to address the problem, but there are a couple of areas where I'm skeptical.

First things first. The directive is based on sensible principles:

This Strategy draws key principles from the National Strategy for Homeland Security (October 2007), the National Strategy to Combat Weapons of Mass Destruction (December 2002), and Biodefense for the 21st Century (April 2004) that can be generally applied to public health and medical preparedness. Those key principles are the following:

(1) preparedness for all potential catastrophic health events;
(2) vertical and horizontal coordination across levels of government, jurisdictions, and disciplines;
(3) a regional approach to health preparedness;
(4) engagement of the private sector, academia, and other nongovernmental entities in preparedness and response efforts; and
(5) the important roles of individuals, families, and communities.
It is very nice to see an acknowledgment of both the nature and severity of the problem:
The assumption that conventional public health and medical systems can function effectively in catastrophic health events has, however, proved to be incorrect in real-world situations. Therefore, it is necessary to transform the national approach to health care in the context of a catastrophic health event ...
To deal with the problem, HSPD 21 suggests the creation of an entirely new discipline:
Ultimately, the Nation must collectively support and facilitate the establishment of a discipline of disaster health.

On a more strategic level, HSPD 21 emphasizes 4 elements of public health:
Currently, the four most critical components of public health and medical preparedness are biosurveillance, countermeasure distribution, mass casualty care, and community resilience.
And sets goals for each of these 4 elements:
Biosurveillance: The United States must develop a nationwide, robust, and integrated biosurveillance capability, with connections to international disease surveillance systems, in order to provide early warning and ongoing characterization of disease outbreaks in near real-time. ... A central element of biosurveillance must be an epidemiologic surveillance system to monitor human disease activity across populations. ... State and local government health officials, public and private sector health care institutions, and practicing clinicians must be involved in system design, and the overall system must be constructed with the principal objective of establishing or enhancing the capabilities of State and local government entities.

Countermeasure Stockpiling and Distribution: In the context of a catastrophic health event, rapid distribution of medical countermeasures (vaccines, drugs, and therapeutics) to a large population requires significant resources within individual communities. Few if any cities are presently able to meet the objective of dispensing countermeasures to their entire population within 48 hours after the decision to do so. Recognizing that State and local government authorities have the primary responsibility to protect their citizens, the Federal Government will create the appropriate framework and policies for sharing information on best practices and mechanisms to address the logistical challenges associated with this requirement.

Mass Casualty Care: The structure and operating principles of our day-to-day public health and medical systems cannot meet the needs created by a catastrophic health event. Collectively, our Nation must develop a disaster medical capability that can immediately re-orient and coordinate existing resources within all sectors to satisfy the needs of the population during a catastrophic health event.

Community Resilience: The above components address the supply side of the preparedness function, ultimately providing enhanced services to our citizens. The demand side is of equal importance. Where local civic leaders, citizens, and families are educated regarding threats and are empowered to mitigate their own risk, where they are practiced in responding to events, where they have social networks to fall back upon, and where they have familiarity with local public health and medical systems, there will be community resilience that will significantly attenuate the requirement for additional assistance.
None of these are easy fish to fry, but some are a bit more straightforward than others. The Department of Health and Human Services is in charge of implementation (though it's not clear from this document whether they would be in charge of response - or if DHS would):

The specific plans regarding Biosurveillance indicate that:
The Secretary of Health and Human Services shall establish an operational national epidemiologic surveillance system for human health, with international connectivity where appropriate, that is predicated on State, regional, and community-level capabilities and creates a networked system to allow for two-way information flow between and among Federal, State, and local government public health authorities and clinical health care providers.
Comparatively speaking, the biosurveillance is one of the more straightforward elements of the plan. It has the virtue of primarily involving health professionals, and it involves a defined set of threats. It should be simpler to develop this type of information-sharing system, as opposed to an all-hazards system such as the Homeland Security Information Network, which has been fraught with complications.

The problems get a little thornier at the next stage in the plan, Countermeasure Stockpiling and Distribution. The plan lays out a fairly ambitious logistical objective, especially considering the potential transportation obstacles that might accompany some types of disasters:
[T]he Secretary of Health and Human Services, in coordination with the Secretary of Homeland Security, shall develop templates, using a variety of tools and including private sector resources when necessary, that provide minimum operational plans to enable communities to distribute and dispense countermeasures to their populations within 48 hours after a decision to do so.

The Secretary shall also assist State, local government, and regional entities in tailoring templates to fit differing geographic sizes, population densities, and demographics, and other unique or specific local needs.
Of course, moving medicine is relatively easy. Moving people, and then finding suitable space for their treatment, is harder. The next component of the plan, Mass Casualty Care, addresses this issue:
Within 180 days after the date of this directive, the Secretary of Health and Human Services, in coordination with the Secretaries of Defense, Veterans Affairs, and Homeland Security, shall:

(a) build upon the analysis of Federal facility use to provide enhanced medical surge capacity in disasters required by section 302 of PAHPA to analyze the use of Federal medical facilities as a foundational element of public health and medical preparedness; and

(b) develop and implement plans and enter into agreements to integrate such facilities more effectively into national and regional education, training, and exercise preparedness activities.

Here's where I start becoming skeptical. The call here is to use federal facilities for excess capacity. That's sensible, of course, but it begs the question: "Just how much excess capacity might we need, and are these federal facilities capable of providing it?" The question is unanswered but vital.

One way the plan intends to limit the need for bedspace is by (sensibly) anticipating and attempting to mitigate the problem of the "worried well."
The impact of the “worried well” in past disasters is well documented, and it is evident that mitigating the mental health consequences of disasters can facilitate effective response. ... [T]he Secretary of Health and Human Services, in coordination with the Secretaries of Defense, Veterans Affairs, and Homeland Security, shall establish a Federal Advisory Committee for Disaster Mental Health. The committee shall ... submit to the Secretary of Health and Human Services recommendations for protecting, preserving, and restoring individual and community mental health in catastrophic health event settings, including pre-event, intra-event, and post-event education, messaging, and interventions.
That's good. But what if actual healthcare needs exceed current capacity?

When it comes to Community Resilience - creating a well-prepared public that is ready for a major health catastrophe - the strategy devolves into wishful thinking. To some extent this is understandable, as preparing the public for disaster - any disaster - is always a struggle. Here's the entire plan:
The Secretary of Health and Human Services, in coordination with the Secretaries of Defense, Veterans Affairs, and Homeland Security, shall ensure that core public health and medical curricula and training developed pursuant to PAHPA address the needs to improve individual, family, and institutional public health and medical preparedness, enhance private citizen opportunities for contributions to local, regional, and national preparedness and response, and build resilient communities.

Within 270 days after the date of this directive, the Secretary of Health and Human Services, in coordination with the Secretaries of Defense, Commerce, Labor, Education, Veterans Affairs, and Homeland Security and the Attorney General, shall submit to the President for approval, through the Assistant to the President for Homeland Security and Counterterrorism, a plan to promote comprehensive community medical preparedness.
That's it? Include more community-focused subject matter in public health curricula and submit "a plant to promote comprehensive community medical preparedness"? This sounds like the classic case of the boss having a clear idea of the goal, but no clue how to get there - so he tells the subordinates, "You solve this."

Again, I sympathize. It would be easier if we still lived in a 19th-century world, where most health care was administered at home. People would be better prepared to deal with problems themselves. (Though more people would become more ill and more people would die.) But we're not. We live in a world where, when you get really sick, you expect to be able to go to the doctor - or the hospital.

It's a huge job to try to prepare citizens for a major health emergency. Just changing the public health curricula and "developing a plan" doesn't seem like it's going to cut it.

Update 2007-10-31: Over at In Case of Emergency, Jimmy Jazz (who knows more about these things than I) provides his first impressions of HSPD 21. His eyebrows are deeply furrowed:
My first reaction after reading it? It’s completely undo-able. I commend the drive, no doubt, but the timelines are totally pie-in-the-sky.
Jimmy plans to review the document in much greater detail in coming days and weeks, which will be worth keeping an eye on.