National Response Framework: It's Official

I don't have time to review it at the moment, but Jonah has the scoop.

FEMA has the official doc (pdf).

Little Sniffers

I've never advocated the idea of passive detection as the key to prevention, but the little corner of my brain that aspires to tech-geekdom thinks this is pretty cool:

A tiny sensor being developed at the Massachusetts Institute of Technology could be used for rapid detection of chemical weapons agents, the university said last week.

The gas chromatography and mass spectrometry device is now the size of a computer mouse and could ultimately be shrunk to matchbox size, researchers said.

The sensors could be used for detection of various dangerous gases, including industrial chemicals and warfare materials. A prototype device has been found to produce results in roughly four seconds.

Small devices could be more easily distributed outdoors or within a building and would have greater sensitivity to minimal gas amounts, said electrical engineering and computer science professor Akintunde Ibitayo Akinwande. They could also operate on limited amounts of power.

Sniffers aren't bad, of course. It's just that at the point where they become effective, you're already in response mode, trying to mitigate the damage. The agent is in the air. Still, if you're going to have an army of sniffers, it's better to have a lot of little ones. It's even better if they're networked so you can get a birds' eye view of the dispersal of the agent.

On Risk, Soft Targets, Vulnerability, and The Big Picture

Good stuff from Bob Baylor in Losantiville, whose wide-ranging post deals with risk assessment, soft targets, and the efficacy of interdiction efforts (including "see something..." programs discussed a couple of days ago at HLS Watch and right here.)

Using the example of a fictional county commissioner who must prioritize projects, Bob writes:

Often as the saying goes it’s the squeakiest wheel that gets the grease. Prioritization of projects may make sense from a fiscal point of view, however it does not change the fact that many other vulnerabilities may exist but due to a lack a funding must be left until sufficient dollars become available. By addressing vulnerabilities in such a manner, the county commissioner in this example could be increasing the likelihood that their community may be attacked.

Tacticians regardless of their motivations and allegiances look for areas of weakness in their enemies defenses to exploit. Major homeland security projects will call the potential terrorists attention to which structures have been protected and by default which ones have not.

In one sense ... hardening one area against attack may provide the inspiration needed to divine the true area of vulnerability.

Granted, this assumes a relatively high level of sophistication on the part of the adversary. But as we have seen in the past, some terrorist groups are capable of such sophistication.

But regardless of the level of sophistication of the adversary, it's true that they'll try to exploit the areas of vulnerability that they perceive can be successfully attacked. U.S. forces in Iraq have dealt with this problem, as insurgents there constantly shifted locations, targets, and modes of attack.

Bob describes how this tendency to seek softer targets can affect risk:

Going back to my example of the county commissioner, efforts to insure vital areas and critical infrastructures are protected could drive a terrorist to plan an attack from an adjacent location. The location may not have sufficient funding nor have the same risk associated as their neighbor.

For instance, the city water supply may originate from a remote area outside the county and thus susceptible to attack. Taking steps to protect water supplies may cause terrorist planners to note other targets such as power substations, fiber optic cables, or agricultural areas.

Viewed in this light - as an effort to protect targets vs. an effort to exploit them - it's a never-ending game of cat and mouse. Which leads to a few thoughts:

1. Protecting vulnerable assets, in and of itself, is a necessary but never sufficient approach to homeland security. You simply cannot protect everything all at once.
2. Trade-offs are a necessary; assessing and managing risks are critical to homeland security.
3. You have to take other steps to detect and deter. Protection is only one element of prevention. You have to deter adversaries and pre-empt their activities, too.
4. Risk assessment should look beyond jurisdictional borders. Regional thinking is vital, as I suggested in this post a few days ago about the Bay Area's new Regional Emergency Coordination Plan. Because urban, suburban, and rural areas are interlinked with infrastructure networks, what occurs in one can affect the others. Because we are a nation of networks, a given jurisdiction may not have direct control over some of the assets that make it vulnerable.

This is why, as Bob suggests, regional thinking ought not be limited to response, but to prevention as well. A vulnerability in one section of the network can have a widespread effect on the entire network, because all critical infrastructure networks include choke points and critical nodes. As the recent GAO report on maritime security pointed out:

[T]he liquified natural gas (LNG) facility in Everett, Massachusetts is the only facility importing LNG in the Northeast. LNG is very important to the Northeast during heating season because natural gas movement into the Northeast is constrained during the winter because existing pipelines to New England are fully utilized.

A report prepared by the Power Planning Committee of the New England Governor’s Conference, Inc., concluded that if LNG from the Everett facility and satellite operations elsewhere in the region is not available on a peak winter day, the region could have insufficient gas supply to meet the needs of all customers for space heating and some key electric generators. An attack that damages the Everett LNG facility during a cold winter could result in natural gas shortages or price spikes.

Clearly the Everett LNG facility is a critical - and easily recognized - node in the energy supply system of the Northeast. But what other critical nodes affect the Northeast?

Thinking more locally: What critical infrastructure networks are present in your jurisdiction? Oil and gas pipelines? Telecommunications? Electricity? Agriculture?

Now the big questions: Are there any critical nodes in these networks, within the boundaries of your jurisdiction? If so, exactly how critical are those nodes? What would be the impact of losing one of those critical nodes? (Remember the cascading failures of the 2003 Northeast Blackout?)

Are there critical nodes of networks that lie in other jurisdictions, whose loss would cause harm within your own jurisdiction? Water reservoirs? Power stations? Communications assets? Critical transportation assets (e.g., bridges)?

Unless these questions are asked, communities put themselves at greater risk. As Bob puts it:

Too often communities implement systems to reduce terrorist attacks but do so in a vacuum without looking at how such actions may fit into larger strategic plan.

Only when you start looking beyond jurisdictional boundaries does a true understanding of risk become apparent.

On Critical Infrastrucure: Think Downstream

A brief note on the new GAO report on maritime security, focusing on the potential for disasters affecting the maritime energy infrastructure - particularly terrorist attacks against oil and liquified natural gas (LNG) tankers.

Much of the effort is focused, appropriately, on prevention. Much of this work is the responsibility of agencies such as DHS, the Coast Guard, and port authorities.

But an attack on the energy infrastructure - especially the oil infrastructure - could have downstream economic effects that local authorities can and should be prepared for. GAO alludes to a general lack of preparedness regarding these effects:

Multiple attack response plans are in place to address an attack, but stakeholders face three main challenges in making them work.

First, plans for responding to a spill and to a terrorist threat are generally separate from each other, and ports have rarely exercised these plans simultaneously to see if they work effectively together.

Second, ports generally lack plans for dealing with economic issues, such as prioritizing the movement of vessels after a port reopens. The President’s maritime security strategy calls for such plans.

Third, some ports report difficulty in securing response resources to carry out planned actions. Federal port security grants have generally been directed at preventing attacks, not responding to them, but a more comprehensive risk-based approach is being developed.

The short-term consequences of an attack - say, a small boat attack against a supertanker at a U.S. port - would be confusing enough, with many, many potential players involved:

[A]t the national level, the National Response Plan lays out the broad parameters of the federal role, both in spill response (that is, taking steps to contain a spill and mitigate its environmental damage, regardless of how it occurred) and in terrorism response (that is, for the attack, taking security-related actions and conducting an investigation).

The plan designates the Coast Guard as the primary agency for spill response on water and the FBI as the primary agency for terrorism response, and it calls on the two agencies to coordinate their responses if the incident involves an attack on energy commodity tankers.

Other federal plans and agreements also come into play, each with information about coordinating responses among the various agencies involved or taking specific action. At the port level, under the Oil Pollution Act of 1990 and the Maritime Transportation Security Act of 2002, Coast Guard’s Captain of the Port is to establish separate plans for spill and terrorism responses, working with local agencies, which are subsequently approved by Coast Guard districts. For both types of response plans, the agencies may include port authorities, fire departments, and facilities in the port. Some stakeholders, such as private oil spill response organizations, participate only in spill response planning, while other stakeholders, such as police departments, participate mainly in terrorism response planning.

But then the longer-term economic consequences are worth considering. Local authorities should be prepared for a potential economic slow-down:

Finally, the economic consequences of a major attack could include a temporary price spike reflecting fears of further attacks, and supply disruptions associated with delays of shipments if major transit routes, key facilities, or key ports are closed.

The loss of one cargo of an energy commodity might not have a significant, sustained price impact. However, if an attack results in port closures for multiple days or weeks, price responses and higher costs could mean losses in economic welfare to consumers, businesses, and government amounting to billions of dollars.

It's not just oil that we have to think about. If a port is closed or damaged, other commodities may not be able to enter, either.

The good news is that the U.S. has many ports, and for most commodities, other ports could pick up the slack. (Though this is not true for some shipments, as not all ports can handle the largest vessels, and not all ports can handle all types of commodities.) Especially in areas whose economic health is dependent on the inflow of goods to a given port or ports, these sorts of downstream effects should be considered part of the preparedness plan.

We See Nothing? ... We See Nothing?

A very good post from Jonah at HLS Watch today, arguing that all too often our counterterrorism strategy is based on this kind of thinking:


Jonah argues that:

we should beware the tendency to shape our strategy based on the theory that “it could happen.”

Agreed. Although almost anything can happen you simply can't be prepared for everything all at once. (I should point out that DHS Secretary Chertoff, in justifying justify risk-based decision making and funding, constantly makes this point, arguing that it's impossible to protect against all threats.)

Jonah continues:

So it bothered me when Paul J. Browne, an NYPD police spokesman told the New York Times this week, “One call one day may be the one that stops an attempt to destroy the Brooklyn Bridge.” He was justifying the ubiquitous ad campaign across the City’s subway system urging riders to “say something” if they “see something.”

While some crimes were inadvertently uncovered by the callers – ranging from selling false IDs to illegal fireworks peddling – none of the calls resulted from or discovered actual terrorism threats. NYC’s subway riders were applying their own “no-fly list” to other riders. 13,373 callers would have sent fellow riders to secondary, but would have found no terrorists. This is the trickle down effect of “it could happen.”

The real issue, as I see it, is ignorance. When we are ignorant of the context in which we find ourselves, we cannot make good decisions. If we don't know what to look for, we look for anything and everything. As a result, we are likely to focus on the wrong thing, like the dog pictured above.

Jonah is absolutely right that all of this is a net cost. We spend (read: waste) time, energy and resources looking for needles in haystacks. Jonah puts it this way:

But if our homeland is secured by an “anything’s possible” strategy, we’ll wind up doing at least one of three things:

– Going broke
– Tying up anti-terrorism assets with non-threats
– Eroding our sense of community and eventually our ability to be resilient if we are attacked again

None of these outcomes will happen quickly. However, the prospect does force a cost-benefit analysis of a new kind. Is it worth $10 billion to reduce the chance of a successful MANPAD launch against an airliner? Does a terrorism hotline make us safer if we don’t know what to look for?

Risk-based CBA is essential. We are very good at defending against the last attack. Six years after Richard Reid, we are still removing our shoes at the airport. But is this the best way to spend our time and money? Perhaps not.

Other risks rise to the surface, and we have to prepare for them. In a world of finite resources, we have to make choices. The tough part is understanding and communicating the idea that there are some risks we will just have to live with.

There is a tendency to believe that Americans will not accept significant risks. I do not ascribe to this view. While it's true that we've created a society which has greatly reduced our personal risk (due to injury, illness, etc.), we are capable of living with and accepting great risk. We've survived existential threats in the past. With effective leadership, we can face them again.

Note: In an update to his post, Jonah backtracks a bit from his criticism of the "see something, say something" program:

I will concede this: the terrorism hotline serves another potential benefit beyond empowering subway riders. The notion of an overly alert ridership has the potential to introduce enough uncertainty on the part of a perpetrator to second guess the viability of an operation.

I'm still a skeptic. Not because "see something" is inherently a faulty idea, but rather because the person doing the "seeing" lacks critical characteristics that will make their "seeing" effective.

Put another way, the issue is not the alertness of subway riders. The issue is their knowledge level. If we assume that the typical transit attack employs an IED, a terrorist is going to be able to slip past an ignorant public if he does just a little bit of homework.

By way of making the point, let's contrast a bus in Jerusalem and a bus in Brooklyn. In Israel, hard experience and public education campaigns have taught the public what to look for. They are knowledgeable about the observable operational and psychological markers of a bus bombing. As a result, they do a relatively good job of spotting potential bombers (and yet some still can get through). In Brooklyn, however, a largely ignorant public is liable to look for all the wrong things.

If we're going to invest in a "see something" program, we ought to invest in a public education program that is going to create a public that's knowledgeable enough to give a potential terrorist pause - resulting in the deterrent effect that Jonah describes.

Regional Preparedness in the Bay Area

Just a quick note with less content than I'd like. I couldn't find a copy of the actual document, but the cities and counties in the Bay Area have released a coordinated, regional disaster plan, the first in California:

In recognition of the need for a regional response to natural and human-caused emergencies Mayor Gavin Newsom, Oakland Mayor Ron Dellums, and San Jose Mayor Chuck Reed were joined by regional emergency management officials, first responders and the State of California Governor's Office of Emergency Services (OES) to unveil the Bay Area Regional Emergency Coordination Plan (RECP). Ten Bay Area counties participated in the development of the "base" plan that will serve as the foundation for nine subsidiary plans to be submitted in spring 2008.

"This project was an investment in more than just a document -- it's an investment in relationships," said San Francisco Mayor Gavin Newsom.

This is typical stuff coming from a politician, of course - but it's the right idea. Collaboration is about developing solid working relationships built on common interests.

The RECP provides an all-hazards framework for collaboration and coordination among emergency response entities in the Bay Area. The base plan focuses on the role of State OES in coordinating the regional response to an event. Additionally, the region will be continuing to work on more detailed plans in areas such as transportation, logistics and mass care and shelter.

The RECP will now reside with the Governor's Office of Emergency Services, as it is designed to be used at the state's Regional Emergency Operations Center which is located in Oakland.

And there were more instances of politicians saying the right thing:

"In a region as large and vulnerable as the Bay Area, the need for a collaborative and organized response is vital," said Oakland Mayor Ron Dellums. "The RECP is the first of its kind in the state and will ensure that if a major disaster occurs that all entities at all levels of government are on the same page."

The Bay Area has significant vulnerabilities, and not only from earthquakes. The bridges, ports, and transit systems are tempting terrorist targets. Much of the area's water is transported from inland. And of course, the area is a major economic and technological hub.

I would argue that for such an area, taking a regional approach to emergency preparedness should not be seen as particularly innovative or forward-thinking. I would say it's an instance of exercising due diligence.

Stopping Nukes at the 11th Hour?

This week's Sunday LA Times ran a story about the multi-agency effort to hunt nuclear materials and interdict a potential nuclear terrorist attack before it happens.

About every three days, unknown to most Americans, an elite team of federal scientists hits the streets in the fight against nuclear terrorism.

More than two dozen specialized teams have been positioned across the nation to respond to threats of nuclear terrorism, and as many 2,000 scientists and bomb experts participate in the effort.

Scientists in specially equipped helicopters and airplanes use radiation detectors to scan cities for signs of weapons. They blend into crowds at major sporting events, wearing backpacks containing instruments that can identify plutonium or highly enriched uranium.

If the many layers of federal defense against nuclear smuggling break down, these unarmed weapons designers and physicists, along with experts from the FBI, could be the last hope of staving off a catastrophic attack.

They are supposed to rush up to a ticking nuclear explosive (or a "dirty" bomb, which would disperse radioactive material) and defuse it before it's too late -- a situation often depicted by Hollywood that seems less fictional every year.

Hoo boy. "Hollywood" is right.

While I don't deny that these are smart, capable people, I have serious doubts about the efficacy of these efforts. This is last-hour, last-minute stuff - which works great in a movie script but perhaps not so well in the real world.

It's worth noting that these teams are looking primarily for the materials in nuclear weapons - plutonium and highly-enriched uranium. These materials are comparatively difficult to detect. It's needle-and-haystack thinking to suggest that these teams will be likely to interdict them in a crowd at a sports stadium, or while walking down the Vegas strip or a Manhattan street. Moreover, if a terrorist team were ever to acquire a nuclear bomb and transport it to the U.S., they wouldn't have to detonate it at the sports stadium or Strip itself. With a nuclear weapon, "close" is good enough.

The real effort must always be at the earlier stages of prevention: Recognizing threats before they become fully operational, and deterring these threatening elements from acquiring dangerous materials.

We are, of course, doing some of these things - working to deter the threat before it reaches our shores:

[T]he United States is retrieving and locking down nuclear fuels abroad, has created a line of radiation detectors at foreign and domestic ports, and has increased intelligence efforts.

It's these efforts that have a chance of reliably preventing the threat. The best we can say about the last-minute approach is that it's "not impossible" to imagine it might work:

If those and other measures fail, the emergency response teams are a last hope, but one nobody should rely on, said Charles B. Curtis, president of the Nuclear Threat Initiative, which pushes for stronger efforts to prevent nuclear terrorism.

Intercepting a device "is a very, very, very difficult problem, but not impossible," said Curtis, a former Energy Department deputy secretary.

Vahid Majidi, a nuclear weapons chemist and head of the FBI Weapons of Mass Destruction Directorate, seemed more confident. Asked how good his chances would be to find a nuclear bomb in Manhattan with 24 hours' warning, he said, "Quite reasonable."

Well, yes. If we have solid intelligence and 24 hours' warning, then it's reasonable to think we might be able to interdict and remove the threat. But these types of threats don't script themselves so neatly.

It's much better to train first responders to recognize all aspects of the threat (as the FDNY does in its counterterrorism strategy) and attack it from its earliest stages.

The last minute is just too late.

OSHA Guidelines for Security Personnel in Emergencies

In the interest of sharing information, this is just a quick note on the new OSHA guidelines for the protection of security personnel in emergencies. First responders ought to know what their private security counterparts are trained to do in case of emergency. Don't exchange business cards at the site of a disaster.

The OSHA doc focuses on HAZMAT releases, indicating that security employees may be trained to a number of different levels of capability, depending on their duties:

First Responder Awareness Level

[E]mployees assigned roles as first responder awareness level responders are limited to initiating emergency response procedures by notifying the proper authorities and must not attempt to stop the release or approach the release area.

Security personnel trained to the first responder awareness level are limited to activating an alarm, notifying appropriate authorities, and controlling access to the release from a remote area upon discovering a release requiring an emergency response. Once the site control zones and safe distances have been defined by emergency responders, security personnel trained to the awareness level may also control entry to and exit from the emergency site from a safe location.

First Responder Operations Level

Security personnel who are expected to respond in a defensive manner to hazardous substance releases as part of the initial response for the purpose of protecting nearby persons, property, or the environment must be trained to the first responder operations level. Their role is to contain the release from a safe distance, to keep it from spreading, and to prevent exposures – they do not attempt to stop the release. Their defensive actions must be performed from a safe distance and may include activities such as placing absorbents, constructing dikes, or securing an area to prevent the dispersal of contaminants or agents.

HAZMAT Technician Level

Those security personnel who will respond to releases in an aggressive fashion for the purpose of stopping the release must be trained to the hazardous materials (HAZMAT) technician level. These individuals approach the point of release to plug, patch, or otherwise stop the hazardous substance release.

HAZMAT Specialist Level

Security personnel whose assigned duties parallel those of the hazardous materials (HAZMAT) technician and who respond to releases to provide support to HAZMAT technicians in the form of specialized knowledge of substances involved in the release are hazardous materials specialists.

On Scene Incident Commander

If security personnel are assigned duties by their employers consistent with the role of the On Scene Incident Commander, they must receive at least 24 hours of training equal to the first responder operations level and have competencies ... includ[ing] the following:

 An understanding of and the ability to implement the employer's incident command system.
 The ability to implement the employer's emergency response plan.
 Knowledge and understanding of the hazards and risks associated with employees working in chemical protective clothing.
 The ability to implement the local emergency response plan.
 An understanding of the state emergency response plan and of the Federal Regional Response Team.
 Knowledge and understanding of the importance of decontamination procedures.

Something else to consider: The level of training of security personnel at nearby facilities. If you work security next to a chemical plant, you ought to be prepared.

Public Health Agencies Ready to Respond?

Updated 2008-01-10: Jimmy Jazz at In Case of Emergency - who understands public health issues much better than I do - examines this story in detail and discovers it's not as bad as I'd thought. To wit:

The average time it took to connect to an action officer was 63 minutes (range = 0 - 1,003). While this seems like a terribly long time (and it is) this average time was extremely skewed by insanely long times. The authors note that the mean of the median connection times (Read: the average of the middle length wait from each health department. For example, here are the connection lengths of five calls to the City of Samplia, 1 minute, five minutes, ten minutes, 90 minutes, 1,000 minutes - ten minutes is the median, so averaging the medians takes out the “oops, we forgot to connect you,” and the “hey, you got the action officer on the first call”) was only eight minutes.

...and...

The authors found found that nearly 40% of health departments failed to connect to a public health official on one or more of up to ten calls placed to the health agency. A better way to put it is that over 91% of all calls eventually made it to an action agent. Not perfect, but certainly much better than 40% not connecting at all.

Thanks, Jimmy!

(My original post below)

A brief note on a new study that found U.S. public health agencies slow to respond to reports of infectious diseases. NTI reported:

A recent study of 74 U.S. local public health agencies found that many failed to respond quickly — if at all — to reports of a potential disease outbreak, the San Francisco Chronicle reported today.

The RAND Corp had researchers pretend to be doctors and call randomly selected agencies to report cases of infectious diseases.

Two-thirds of the contacted departments failed to call back within 30 minutes. Almost 40 percent of the agencies failed to call back at all after receiving at least one call.

The Centers for Disease Control and Prevention recommends that a public health expert respond within 30 minutes to any report of infectious diseases such as smallpox, anthrax or meningitis.

If two-thirds did not call back within 30 minutes, and almost 40 percent didn't call back at all, that's basically 100 percent that didn't meet the CDC recommendations, isn't it?

Terrorist Financing: Big Time/Small Time

A quick link to these two posts by Dennis Lormel at the Counterterrorism Blog. I wanted to highlight these two paragraphs at the bottom of Lormel's first post:

Intelligence sharing by law enforcement with the banking industry has long been an issue with industry experts. This is particularly true in dealing with terrorist financing. Law enforcement, intelligence agencies and FinCEN have been wrestling with the challenge of providing intelligence information to financial institutions to better position them to identify terrorist financing. There are numerous impediments and considerations that must be addressed before an information flow can be established. I encourage my former law enforcement colleagues to make intelligence sharing a more important priority in the coming year.

The greater the degree of information sharing, cooperation and coordination between government and the financial sector, the greater the potential to disrupt the flow of funding to terrorists.

Terrorism is like anything else: Without money behind you, you're little more than a dreamer. Even small-time operators need access to cash, and the quickest and easiest source of fast cash is often crime.

While it's vital for financial institutions and law enforcement to be on the lookout for large-scale fraud and money-laundering, local law enforcement should also keep in mind that less ambitious criminal activity can also have a potential link to terrorism.

The State of State Homeland Security

Some interesting findings in the National Governor's Association's (NGA) recent survey of state homeland security directors.

The NGA got responses from 44 of 56 state and territorial homeland security advisors who comprise the Governors Homeland Security Advisors Council. They identified their top priorities for 2007 as:

Developing interoperable communications

Coordinating state and local efforts

Protecting critical infrastructure

Developing state fusion centers

Strengthening citizen preparedness

The only new priority is the last one, "strengthening citizen preparedness," which replaced "preparing for natural disasters," the popular choice in the aftermath of the 2005 hurricane season. Unfortunately the 2007 survey didn't ask for any details about the new goal of strengthening citizen preparedness; it will be interesting to see what progress is made in 2008.

Here are a few notes on what the survey revealed about the other priorities:

Interoperability

On interoperable communications, the more things change, the more they stay the same. Federal leadership and funding remain significant hurdles to interoperability.

[N]early every state now has a statewide interoperable communications governance structure in place, and nearly three quarters (about 70 percent) report having a full-time interoperability coordinator at the state level. However, achieving interoperability has, until recently, been hampered by a lack of clear guidance from the federal government and an associated lack of designated funding to develop interoperable systems.

The same argument was made last March, in this report by the First Response Coalition (see also my post).

Coordination with Local Efforts

Good news here. As I've noted anecdotally on a few previous occasions, some states are doing a good job of working with local agencies to coordinate response efforts:

In the 2007 survey, states were asked specifically about their interaction with local governments, tribal governments, the private sector, and other states. More than half—54 percent—said they “significantly” involved local governments in the development of strategic plans, including grant funding allocation plans. Roughly one third of the states, or 32 percent, said local involvement in those activities was “fair,” while 14 percent reported local involvement as “minimal.”

Nearly all the respondents reported having completed or being in the process of developing coordinated response plans with local agencies for a range of disasters. In addition, coordination of security plans and procedures with the private sector also remains a priority, with 100 percent of states reporting that they either have or are in the process of developing security plans with the privately owned infrastructure in their states.

But efforts are more mixed for prevention and preparedness:

Despite the success of EMAC and its proven utility in large-scale events such as Hurricane Katrina (97 percent of states surveyed in 2007 said EMAC was very or somewhat efficient), the coordination of pre-event planning—or, the “prevention and preparedness” phase of emergency management—remains a work in progress.

Critical Infrastructure

There was some measured good news regarding critical infrastructure, in that more than half of the states have joined in interstate (i.e. regional) efforts to protect infrastructure sectors.
Fusion Centers

Fusion centers are critical elements of the National Strategy for Information Sharing, yet the NGA survey indicates that fusion centers "remain a work in progress." The information that flows into the centers is improving:

The 2007 survey results also reflect an improvement in the federal-state information-sharing relationship. More than half of the states (56 percent) said they were satisfied with the timeliness of the intelligence they are receiving; 47 percent said they were satisfied with the specificity of that intelligence; and 50 percent said they were satisfied with the “actionability” of that intelligence.

And yet, leadership is lacking from the federal government on funding and systems development:

Nonetheless, nearly two-thirds of the states said they will be unable to sustain their fusion center operations without federal funding.

About half the states (48 percent) said they had little participation in key information-sharing initiatives such as the Homeland Security Information Network (HSIN), DHS Alert, and the Disaster Management Information System.

Federal-State Coordination

Overall, DHS is still doing a bad job collaborating with the states:

If there is an area where states are reporting unsatisfactory progress, it is in their relationship with the federal government, specifically with DHS. More than half the states (57 percent) reported being dissatisfied or somewhat dissatisfied with their overall communications with DHS, and 60 percent said the quality of their communications with the department had either not changed or had deteriorated since 2006.

States did provide some recommendations on how the federal-state relationship in homeland security could be improved. The majority, about 88 percent, said DHS should coordinate policies with the states before the release or implementation of those policies; 79 percent said there should be more coordination among DHS and other key federal agencies, including the departments of Justice and Health and Human Services; and 71 percent said the relationship could be improved with additional grant funding.

Secretary Chertoff always emphasizes involving state and local agencies, but it doesn't seem to happen at ground level. The interesting thing is, states seem to be doing a better job of this, in collaborating with local agencies. Without a collaborative effort, the work will be fractured. Even the vaunted fusion centers could slip by the wayside unless there is a coordinated effort to make them work.

L.A. County Prepares for Psychological Aftermath of Disasters

The Los Angeles County Health Service recently published a training manual for healthcare personnel, to prepare for drastically increased demand for psychological services in the aftermath of a disaster.

This is not a well-defined area of study, so some of the recommendations are provisional. But it's a step in the right direction, as it seeks to provide "protocols, templates, and tools that clinic and hospital staff can use to better prepare their facility and to follow in addressing psychological casualties after an event."

The manual closely examines the psychological aftermath of previous events, such as the 2002 SARS outbreak, the 1995 sarin gas attack in the Tokyo subway, and the 2001 anthrax attacks in Washington D.C.

An important point for preparedness professionals: The psychological trauma of these events was in some ways more significant than the physical threat, with at least 4 times as many people suffering mental health effects, compared to medical effects.

Worthwhile reading...

Port Prevention - The Small Boat Threat

Government Computer News reports on new technology that helps improve situational awareness in U.S. ports.

New visualization tools are helping the Coast Guard develop situational awareness at the Port of Miami, but more assistance is needed to track small boats and noncooperative vessels...

The Homeland Security Department’s Directorate of Science and Technology is funding the Visualization Tools for Situational Awareness and Emergency Response program, also known as Viz Tools.

Despite this, the threat is still the same as it was in the USS Cole bombing more than seven years ago: small boats:

Although the program is resulting in improved maritime domain awareness, there are still gaps. For example, the Coast Guard needs better information on the 170,000 registered small craft in Miami, Dade and Broward counties, Schultz said.

"The small boat threat ... continues to present technology and policy challenges and remains a primary maritime security concern," said [Commander Karl Schultz, who heads the Coast Guard’s Miami sector].

What to do? One suggestion: Better coordination between port authorities and local law enforcement:

Stephen Dryden, chief executive officer of the Mariner Group LLC ... recommended additional aids to further improve situational awareness, including the integration of cargo and vessel information into Viz Tools, more coordination with local law enforcement agencies and improved long-range tracking of vessels.

With 170,000 registered small boats in the water, there is a need for information-sharing. You have to be able to recognize potential threats before they manifest themselves. As in the case with the Cole, if you wait until the boat is in the water and moving toward its target, it's too late for prevention.