I like what they're doing in New Zealand:
Scientists are to work directly with civil defence authorities under a new memorandum designed to improve national emergency management.All too often, science is undervalued as a risk-management resource at the level of policy-making.
The agreement means emergency response agencies will get direct access to scientific data relevant to planning civil defence strategies.
And scientists will have access to emergency scenes to improve their understanding of hazards facing New Zealand.
In emergency situations, the ministry will make space for GNS Science staff in the National Crisis Management Centre...
Monday, March 31, 2008
I like what they're doing in New Zealand:
Friday, March 28, 2008
Here's an interesting survey, cited by MRT, of 200 public safety communications officials and responders, conducted by Motorola and the Association of Public-Safety Communications Officials (APCO), indicating that some common assumptions about disaster preparedness and communications may be wrong. For one thing, first responders are far more concerned with responding to natural disasters than to terrorism or crime:
Of those interviewed, 65% identified response to natural disasters as a top concern, compared with terrorist attacks (7%) and crime (10%).Of course, that's a "snapshot in time" perspective, which is subject to change in the wake of another major event.
Perhaps more relevant to preparedness professionals is this nugget:
Another surprise found in the survey results concerns how those who procure public safety communications systems and equipment view technology versus how first responders in the field view it, according to Tom Quirke, Motorola’s director of product marketing. For example, 24% of the first responders who were interviewed identified ease of use as an important criterion for any new technology; in contrast, only 1% of public administrators thought ease of use to be important.It again speaks to the necessity of seeking collaborative solutions.
“[First responders are] very comfortable with the voice systems they have today—they’re built over generations. The ergonomics, the usage—you don’t need to look at a radio to be able to use it,” Quirke said in an interview with MRT. “But first responders clearly said that any new technology has to be easy to use.”
“From the perspective of public administrators, they really need to get closer to the first responders before making any decisions on public-safety equipment. … This is potentially a big wake-up call because it could lead to a lot of rollouts of new equipment and new technology that are inappropriate,” Quirke said. “[First responders] told us, quite honestly, that if equipment gets in the way, they’re not going to use it.”
Wednesday, March 26, 2008
Two communications systems have improved southern California's preparedness for wildfires and other emergencies. The system made for a safer, more prompt evacuation from the 2007 wildfires, compared to the 2003 fires.
It's an excellent example of using technology to communicate with the public and to foster better collaboration and information-sharing among responding agencies:
[In October 2007] officials evacuated more than 500,000 people in an orderly manner and provided shelter for more than 20,000 evacuees.The system also improved information-sharing among responding agencies:
Though as many as seven people died and 90 were injured due the 2007 fires, even more people would likely have been in peril if not for the two Reverse 911 telephone alert systems -- one server-based, one Web-based -- the addition of a Web Emergency Operations Center (WebEOC) system, and the collaboration of agencies.
"There's no doubt in anyone's mind that the Reverse 911 saved lives," said Ron Lane, emergency services director of San Diego County. "There's no way we would have been able to notify everyone, especially during the first night of the fires."
During Southern California's 2003 blazes...some residents never received a notice to evacuate. That's not surprising considering the methods used for evacuation, which consisted of law enforcement personnel knocking on doors and notifying residents from loudspeakers.
The hectic, uncoordinated response to the 2003 fires prompted San Diego County officials to invest in two mass-notification systems prior to the 2007 fires, and those are credited with saving lives last fall.
"We used the 2003 fires as a game plan and an opportunity to identify what things we needed to do," Lane continued. "The key to Reverse 911 is it's essentially an electronic knock on the door from the sheriff, instead of relying on sheriff's loudspeakers and going door to door to let people know as in 2003. We had many people die in their garages or in their escape routes in 2003. The fires just move so fast and there are only so many deputies, you can't be everywhere."
San Diego County officials also used a 2005 UASI grant for the $100,000 WebEOC system, which gives officials from 85 different agencies teleconference capabilities, and some added capacity and redundancy into its 800 MHz wireless system. That forged the collaboration that made evacuation and providing shelter an orderly process. "We had more than 300 people logged in at one time during the height of the fires," Lane said. "Everybody had situational awareness of what was going on, what areas were being evacuated, what every hospital's status was."The good news is that, after such a successful experience, these agencies are likely to look for more ways they can share information and work together for other types of events.
The Emergency Services Integrators (ESI) WebEOC system allowed officials to share data with other jurisdictions and agencies in real time, and access satellite images, mapping information and national weather trends.
Officials used WebEOC in tandem with the mass notification systems by letting everyone know what parts of the county were being evacuated at a certain time and where people were going. That allowed the Red Cross, animal control and other agencies to prepare and respond accordingly. It all worked remarkably well, Lane said.
"Compared to other exercises and other things I've been involved in, we had outstanding situational awareness this time -- far better than I would have ever thought," he said. "I never felt at any time that we didn't know what was going on in the field."
Success breeds success.
Breaking the rules of Journalism 101 - simply noting that "a meeting was held":
More than 900 federal, state, and local law enforcement and homeland security officials attended this week the National Fusion Center Conference here to further the U.S. government's plans to create a seamless network of these centers.
Participants discussed how to best incorporate fusion centers at the state level and in major urban areas into national plans to improve the sharing of information related to terrorism...
Tuesday, March 25, 2008
The Massachusetts state auditor's office recently completed a study of how the Massachusetts Department of Public Health (DPH) distributed federal grant money in 2004-05 - money that was intended to be used in preparation for bioterrorism or mass casualty incidents (MCIs). Much of the funding went toward the purchase of trailers that could be used in response to an MCI.
The study underlines the importance of oversight in preparedness.
The federal money was allocated to each of the state's five regional emergency medical services (EMS) councils, supervised by the DPH.
Now, I'm an advocate of taking a regional approach, giving autonomy to local areas. Massachusetts has followed this strategy not only with the EMS councils (a common organizational structure) but also in its state homeland security strategy. As a general rule, I think bottom-up is better than top-down.
The trick, however, is ensuring that all regions are contributing toward the larger goal. That's where Massachusetts' DPH stumbled. Initially, they didn't adequately oversee the regional EMS councils to ensure that the MCI trailers were contributing to the state's preparedness goals. The state auditor found that the DPH didn't meet that its memorandum of agreement (MOA) in a number of ways, including:
• All municipalities within the region had not been notified of trailer availability, location, and purpose.Preparedness was sorely lacking in a couple of instances:
• Trailer storage locations were not as stated in the signed MOA.
• Periodic drills and/or exercises that involve the use of the MCI trailer and equipment had not taken place.
• Periodic maintenance of the MCI trailers and equipment did not take place to ensure that the trailers were in a constant state of readiness.
• Reporting obligations regarding all trailer activities (i.e., deployment, maintenance checks, etc.) had not been met.
In one instance, the MCI trailer was not at either the location specified in the MOA or at the secondary location that was added to a copy of the MOA. Moreover, once the Host Agency was able to determine where the trailer was located, it could not be accessed, since the only personnel with the keys were unavailable.There were also problems with tracking how the money was spent:
The second MCI unit that was visited was at the stipulated location and was accessible for our site survey. However, its contents had not been unpacked and sorted, nor had any of its equipment been tested for use. We eventually were able to locate the items on the inventory test list, although this involved the opening and unpacking of boxes. Again, the only exception was the storage pods. The trailer itself was kept outdoors, which made the condition of the medical supplies and equipment inside susceptible to weather/climate conditions. It did not appear that this trailer was in a state of readiness as required in the MOA.
As a result of the monitoring weakness, DPH was not aware that the provisions and responsibilities of the MOA between it, one regional EMS council, and two Host Locations had not been met with regard to the MCI trailers.
Each coalition had established its own procedures for the spending and distribution of funds, using both the advance method and the reimbursement method;After the audit, the DPH has fixed these mistakes. They've publicized the existence and location of the trailers, and each region has hosted a drill or exercise using them.
When local spending took place outside of the host agency, it was difficult for the coalition to effectively monitor and control it.
But the incident underscores the importance of oversight and - perhaps more important - communication. Without regular communication, it really doesn't matter at what level these decisions are made. Preparedness will suffer.
One of the most productive ways to harm any organization is to drain its funding. Terrorist organizations are no different; they require significant funding to accomplish their aims. And the more ambitious their goals, the greater their need for money.
The Financial Action Task Force (FATF) published a recent study examining how terrorist organizations raise, use, and move money through financial systems, in both legal and illegal ways. There isn't much new information here, but some that bears repeating:
The literature on terrorist finance developed since 2001 has emphasised the great adaptability and opportunism that terrorists deploy in meeting their funding requirements. Indeed, the breadth of cases ... suggests that the answer to the question: “How do terrorists raise and move funds?” is:”Any way they can.”What Terrorists Need Money For
Terrorists have shown adaptability and opportunism in meeting their funding requirements. Terrorist organisations raise funding from legitimate sources, including the abuse of charitable entities or legitimate businesses or self-financing by the terrorists themselves. Terrorists also derive funding from a variety of criminal activities ranging in scale and sophistication from low-level crime to organised fraud or narcotics smuggling, or from state sponsors and activities in failed states and other safe havens.
Terrorists use a wide variety of methods to move money within and between organisations, including the financial sector, the physical movement of cash by couriers, and the movement of goods through the trade system. Charities and alternative remittance systems have also been used to disguise terrorist movement of funds. The adaptability and opportunism shown by terrorist organisations suggests that all the methods that exist to move money around the globe are to some extent at risk.
When thinking about disrupting terrorist financing - regardless of the size or complexity of the organization - it is useful to examine the reasons why terrorists need money.
Terrorist financing requirements fall into two general areas: (1) funding specific terrorist operations, such as direct costs associated with specific operations and (2) broader organisational costs to develop and maintain an infrastructure of organisational support and to promote the ideology of a terrorist organisation.
The amount of money required to pull off a terrorist attack - even a fairly large-scale one - is relatively small. FATF examines the funds required to pull off some high-profile attacks of recent years. Amounts are in U.S. dollars:
$10,000: Madrid train bombings (2004)Terrorists' greater financial need is typically for more mundane operating expenses:
$10,000: USS Cole attack (2000)
$16,000: London transport system (2005)
$30,000: Jakarta JW Marriot Hotel bombing (2003)
$40,000: Istanbul truck bomb attacks (2003)
$50,000: Bali bombings (2002)
$50,000: East Africa embassy bombings (1998)
Financially maintaining a terrorist network – or a specific cell – to provide for recruitment, planning and procurement between attacks represents the most significant drain on resources.The take-away here is that when you're looking to disrupt terrorist financing, it's foolish to focus only on activities that are directly associated with an attack. The real money is needed for other activities, and those activities can also leave a trail.
Terrorists' Fundraising Means
FATF outlines the well-documented means that terrorists raise funds, including legitimate sources, charities, and crime.
Charities are an especially profitable fundraising mechanism for terrorists:
In developing the key financial standards to combat terrorism, the FATF has found that “the misuse of non-profit organisations for the financing of terrorism is coming to be recognised as a crucial weak point in the global struggle to stop such funding at its source”.A greater vulnerability for terrorist groups - but also a greater opportunity - is in finding common cause with drug traffickers. Connections have grown:
The degree of reliance on drug trafficking as a source of terrorist funding has grown with the decline in state sponsorship of terror groups. This trend has increasingly blurred the distinction between terrorist and drug trafficking organisations.Local law enforcement should also be aware of other illicit means of fundraising, such as credit card theft and extortion:
Investigations and intelligence have revealed direct links between various terrorist and drug trafficking organisations that frequently work together out of necessity or convenience and mutual benefit.
A North African terrorist funding group accumulated details of nearly 200 stolen cards and raised more than [$400,000] to fund the al-Qaeda terrorist network through international credit card fraud. Twenty to thirty 'runners' collected the names and credit card details of almost 200 different bank accounts from contacts working in service industries such as restaurants.Moving Terrorist Funds
Supporters of terrorist and paramilitary groups exploit their presence within expatriate or diaspora communities to raise funds through extortion. A terrorist organisation would make use of its contacts to tax the diaspora on their earnings and savings. The extortion is generally targeted against their own communities where there is a high level of fear of retribution should anyone report anything to the authorities. They may also threaten harm to the relatives – located in the country of origin – of the victim, further frustrating any law enforcement action.
With the proliferation of global trade and finance, it is becoming harder to detect movement of terrorist funds. They are likely to use a variety of mechanisms to move money - ranging from sophisticated electronic transfers to human cash couriers.
There are three main methods by which to move money or transfer value:Disrupting Terrorist Finances
The multiplicity of organisational structures employed by terror networks, the continuing evolution of techniques in response to international measures and the opportunistic nature of terrorist financing all make it difficult to identify a favoured or most common method of transmission.
- The financial system
- The physical movement of money (for example, through the use of cash couriers)
- The international trade system
Cases highlight how in many situations, the raising, moving and using of funds for terrorism can be especially challenging and almost indistinguishable from the financial activity associated with everyday life. The identification and the disruption of terrorist finance are naturally harder when authorities are confronted by “informal” support networks that do not operate as part of well structured organisations with clear roles and lines of accountability. In such circumstances, the links between financial activity and terrorist activity become more opaque and the targets for disruption harder to identify.
And yet, there are options for disrupting these practices. As indicated earlier, it is probably ineffective to focus on searching for sources of funding for attacks, which are relatively low-cost and may involve few or no activities that would set off financial triggers:
The disruption of specific attacks through the interdiction of specific transactions appears highly challenging. Recent attacks demonstrate that they can be orchestrated at low cost using legitimate funds and often without suspicious financial behaviour.A better strategy is to focus on complicating the environment in which terrorists are forced to operate.
In large measure, terrorists require funds to create an enabling environment necessary to sustain their activities – not simply to stage specific attacks. Disrupting terrorist-linked funds creates a hostile environment for terrorism. Even the best efforts of authorities may fail to prevent specific attacks.The key is for public and private financial entities to collaborate and share information:
Nevertheless, when funds available to terrorists are constrained, their overall capabilities decline, limiting their reach and effect.
National authorities can assist the financial sector in its efforts to identify and prevent terrorist financing by sharing intelligence. Financial information alone may not be sufficient to identify terrorist financing activity. However, when combined with counter-terrorist intelligence drawn from surveillance of the range of terrorist activities and networks, financial information can be leveraged to provide financial institutions with a concrete indication of possible terrorist activity, whether these use legitimate or criminal sources of funds.The creation of a hostile atmosphere can be effective in curtailing terrorist activity, because it undermines the group's sense of operational security. Even the suspicion that certain activities are not secure can serve as a deterrent.
Financial information is now used as part of the evidential case to hold criminals and terrorists to account. It also has a key intelligence role – for example by allowing law enforcement to:
- Look backwards, by piecing together how a criminal or terrorist conspiracy was developed and the timelines involved.
- Look sideways, by identifying or confirming associations between individuals and activities linked to conspiracies, even if overseas – often opening up new avenues for enquiry.
- Look forward, by identifying the warning signs of criminal or terrorist activity in preparation.
Monday, March 24, 2008
Two stories on the detection of harmful agents. First, good news from the Deseret Morning News, on the steady advance of detection equipment. A scientist from BYU has created a small, lightweight chemical detector. The project is in the pre-production stage:
The Guardion-7 chemical detector is a 28-pound portable device that can detect, without false positives and with exact specificity, a wide range of chemicals in fewer than five minutes...And from the "Weirdness" file, this one, in which U.S. Border Patrol discovered a radioactive cat speeding along a Seattle-area interstate:
The machine can detect everything from nerve agents to flammable accelerants used by arsonists, most explosives, toxic chemicals, drugs of abuse and organic compounds.
Tests for detecting nerve agents were done at Dugway Proving Grounds near Tooele. The Defense Threat Reduction Agency approved the machine's performance last month.
The incident involved a U.S. Border Patrol agent who was monitoring [Interstate 5] for potential transport of a radiological “dirty bomb,” said agency official Joe Giuliano.The columnist who broke the cat story asks, "What else is the government watching? Is it all too much?"
“Vehicle goes by at 70 mph,” Giuliano said last week during a meet on San Juan Island. “Agent is in the median, a good 80 feet away from the traffic. Signal went off and identified an isotope (in the passing car).”
The agent stopped and searched the car. “Turned out to be a cat with cancer that had undergone a radiological treatment three days earlier,” Giuliano said.
That's a reasonable question, but not the one I'm focused on.
Even if you set aside from any questions about privacy, is random sniffing of roadways an effective way of detecting potential threats? Even the agent involved in the cat-detection scenario said that the chance of catching a terrorist was "a billion to one."
Is this the best way for border agents to spend their time and resources? (He asked rhetorically.)
Michael Jacobson writes an important column in the Washington Post about terrorist dropouts - guys who sign up for al Qaeda or other groups, train, and in some cases, receive operational orders and weapons - only to back out and abandon the plot and/or group. Even one of the 9/11 hijackers, Ziad Jarrah, had to be cajoled not to abandon the plot.
Think of this as the flip-side to recruiting. If you understand why potential terrorists leave terrorist groups, this can inform your efforts to prevent them from joining in the first place. It can also help counter-terrorism efforts to create rifts in terrorist groups. Jacobson argues:
Figuring out why individuals walk away from terrorist groups can help governments predict whether an individual -- or even a cell -- is likely to go through with a plot. Understanding the dropouts should also make it easier for governments to determine which terrorists might be induced to switch sides, help stop radicalization and craft messages that could peel away people already in terrorist organizations. The more we know about why terrorists bail, the better we can fight them.Potential terrorists have a variety of reasons for dropping out, but some general trends are evident:
We rightly think of al-Qaeda and other jihadist groups as formidable foes, but the stories of would-be killers who bail give us some intriguing clues about fault lines that counterterrorism officials should exploit. The reasons for a change of heart can be strikingly prosaic: family, money, petty grievances. But they can also revolve around shaken ideology or lost faith in a group's leadership.Not surprisingly, one of the biggest factors in dropping out is maintaining a social connection to family and friends outside the terror group. That's why recruiters always try to draw recruits out of their social and familial circles, replacing the old ties of family and friends with new relationships.
Looking at al-Qaeda dropouts, some clear patterns emerge. Some left after becoming disillusioned with the group's tactics and strategy.
Another factor driving jihadists to drop out is a general lack of respect for the group's leadership. Essam al-Ridi testified during the embassy bombings trial that he resented having to take battlefield orders during the Afghan jihad from bin Laden and others who lacked military experience. For Ridi, the final straw was a battle in which many jihadists died -- in his view needlessly -- thanks to inept leadership, but that al-Qaeda nonetheless declared a victory. Jarrah, the 9/11 pilot, felt cut out by ringleader Mohamed Atta's leadership style.
Another reason bad guys bail out is money. Like the rest of us, some terrorists see inadequate compensation as a sign of unfair treatment.
Don't forget the role of petty slights, either. L'Houssaine Kherchtou [who trained to be bin Laden's personal pilot] grew bitter after a bin Laden aide turned down his request for $500 to cover the costs of his wife's Caesarean section -- and grew livid when al-Qaeda subsequently paid the expenses of a group of Egyptians sent to Yemen to renew their passports.
This is something that local authorities can observe and influence. There may be a potential threat in groups of individuals that separate themselves from family, friends, and society. By making contacts with trusted members of the larger community, local authorities can be on the lookout for such small groups:
The final factor seems to be good old family ties. Terrorists who maintain contact with friends and family outside their cell or organization seem more likely to drop out. This may be why [Mohammed] Atta forbade the 9/11 hijackers to contact their families to say goodbye. The wobbliest of the hijackers, Jarrah, resisted al-Qaeda calls to cut his ties with his fiancee in Germany and his family in Lebanon, souring his relationship with Atta, according to the 9/11 commission.In my view, preparedness means different things for different types of events. For a natural disaster, the emphasis must be on response and recovery. But for a terrorist event, the emphasis ought to be on prevention.
Something similar happened to two would-be 9/11 plotters, Mushabib al-Hamlan and Saud al-Rashid. Both men bailed out when they left the fanatical, insular atmosphere of the Afghan training camps and returned home to Saudi Arabia. After getting a visa to enter the United States, Hamlan contacted his family, despite clear al-Qaeda instructions to the contrary. He found out that his mother was ill and decided not to return to Afghanistan, despite intense pressure from his handlers. Hamlan later moved back in with his parents and returned to college.
In this light, Jacobson is right that prevention ought to include studying those who leave terrorist organizations - to understand what pries them away from these groups and to help prevent successful recruitment into the groups in the first place.
Friday, March 21, 2008
Rep. Jane Harman, chairwoman of the Homeland Security Committee’s intelligence subcommittee, is criticizing DHS again, as she did a few weeks ago at a congressional hearing (my post here). The issue is sharing information among federal, state and local officials:
The Homeland Security Department is at risk for losing support for funding because it is not doing a good enough job of sharing information with state, local and federal homeland security officials, the chairwoman of the House subcommittee that oversees information sharing and intelligence gathering said March 18.DHS is making some gradual progress but not quickly enough for Harman, or with a clear enough commitment:
Speaking at the National Fusion Center Conference in San Francisco this week, Rep. Jane Harman (D-Calif.), said DHS’ Intelligence and Analysis Office (OIA) needs to improve its relationships with and understanding of the needs of state and local authorities to make its fusion center initiative successful.
[DHS] has more than 20 representatives at fusion centers and has committed to having 35 employees deployed to them by the end of the fiscal year. FBI officials already work in almost all centers.Thanks to its stronger commitment, the FBI has developed a pretty good relationship with fusion centers, because co-location of local, state, and federal officials is critical to developing an information-sharing network based on trust, as this CRS report suggested last summer (my post here).
Here's the big red flag, though:
Harman added that the president’s 2009 budget request does not include money specifically to sustain the centers despite calls for it by the administration in its National Strategy for Information Sharing, which was released last year. The strategy placed fusion centers as the cornerstone for information sharing among the state, local and federal governments.State officials voiced the concern that fusion centers would essentially become an unfunded federal mandate in a GAO report last December (my post here). Seen in this light, is it any wonder that state and local officials are feeling uncertain about their level of commitment and involvement in the fusion center process?
Harman is getting impatient:
“Once we get past the agendas, games and turf wars involving fusion centers and the ITACG, once we start working on solutions, we’ll soon look back on ourselves and ask ourselves, ‘What took so long?’ ” she said in her prepared remarks. I'm overgeneralizing and speculating here, but some of the more successful fusion centers I'm aware of (e.g., NYC, LA) have been established purely on the basis of local need, when communities have decided that they cannot adequately perform their homeland security mission without them. Perhaps the imposition of a fusion center - either by mandate or by suggestion - begins to raise questions about whose turf is whose, and that's where the squabbling comes in.
Thursday, March 20, 2008
A nice story out of Wrightsville Beach, NC, in the wake of a recent incident where authorities received a tip that a nuclear device was present at the Port of Wilmington. They determined it was a hoax. But the important thing is how they were prepared for it:
“One of the things we had to do was start developing relationships with our counterparts in emergency services — law enforcement, fire, EMS, Coast Guard — all those folks who have a stake in the port facility,” Doug Campen, director of safety and security for the North Carolina State Ports Authority, said.Ideally, local agencies would be involved in prevention as much as response. Everyone has a piece of the puzzle.
The Port of Wilmington utilizes four levels of security — Port Authority Security, the U.S. Coast Guard, U.S. Customs and Border Protection (USBP) and local agencies. Each agency plays a different role in keeping the ports secure. For example, the USBP is responsible for container inspection, Campen said. Each agency is vital to the port’s security, but the cooperation of local agencies — WPD, the New Hanover County Sheriff’s Department, the Leland Police Department and the Brunswick County Sheriff’s Department — come to the fore in an emergency situation.
“In the event we have something major where we needed additional manpower, those are the folks we’re going to be calling upon. Our first responders would be local (agencies),” Campen said.
Some sobering statistics from the Las Vegas Review Journal on the preparedness of businesses in Vegas:
A recent survey of 461 companies done by the Las Vegas firm Urban Environmental Research found that ... 74.4 percent of businesses had never attended a meeting on disaster preparedness; 64.2 percent had never received written information on disaster preparation; and, almost half -- 48.2 percent -- had never developed a business disaster-recovery plan.It's possible to make connections and get help among the community, but these resources are of no use if businesspeople don't take advantage of them. (Which is why, in today's earlier post, I liked the approach Kansas is taking to bring private industry to the table.)
The Urban Environmental Research study found that 59 percent of businesses here had not purchased business interruption insurance. Almost 70 percent had not bought flood or earthquake insurance, even though the Clark County Department of Emergency Management ranks flash flooding among the disasters likeliest to hit Southern Nevada.
Cooperation can protect the community. Companies should agree with competitors to cover each other's clients if a disaster strikes and one business is disrupted, said Nevada Commission on Homeland Security member Maureen Peckman.Businesses can also use your government at work:
"People think of saving lives, but not of protecting business continuity," Peckman said.
To assess disaster preparedness, businesses can get a free inspection from the Department of Homeland Security, Peckman said.
"It's one of the little-known resources. They will come to your business and do a vulnerability assessment at no charge." Small companies qualify, too. "They'll come to a business that is 900 feet or 9 feet," she said.
It's great to see this kind of collaborative effort:
Governor Kathleen Sebelius, Congresswoman Nancy Boyda and Maj. Gen. Tod Bunting, Director of Kansas Homeland Security and the adjutant general, announced the opening of a new homeland security education center in Topeka Wednesday. The thing I like most about this is the way it attempts to include private industry. There's still a lot of apprehension about information sharing across the public-private sector divide.
The Eisenhower Center for Homeland Security (HLS) Studies...is a collaborative public/private initiative that will support local and state government and private sector homeland security partners.
Designed as a one-stop shop for homeland security activities, initiatives and best practices for all of Kansas, the center is planned to serve as a classroom, simulation center, and as a rapid set-up situational awareness facility for assisting with large-scale disaster response.
Over the next year, a variety of classes, seminars and exercises will be offered exploring subjects such as individual and organizational disaster preparedness, homeland security situational awareness, information sharing, and basic homeland security principles. The multi-agency multi-discipline approach will utilize computer-generated simulations to allow public officials, private industry partners, non-governmental organizations and elected officials to experience and discuss the challenges faced during natural and manmade disasters, including terrorism.
Currently, the Eisenhower Center for Homeland Security Studies is partnered with more than 20 government agencies, educational institutions, non-governmental organizations and private industry partners.
It's really nice to see Kansas trying to breach that divide by getting everyone in the same room.
Wednesday, March 19, 2008
I took a look at this recent GAO report, examining the efficacy of DHS' risk-based funding system:
From fiscal years 2002 through 2007, DHS obligated about $19.6 billion in grants, the purpose of which was to strengthen the capabilities of state, local, and tribal governments and others to prepare for and respond to major disasters of any type or cause.Almost $20 billion...we should be able to get a lot for that, if we spend it wisely.
In the early days of DHS, they essentially apportioned risk based on population. Lots of people = lots of risk. But that's a crude measuring stick, because it doesn't account well enough for risks in low-population-density areas that might have widespread consequences (e.g., an incident at a nuclear power plant). So...
Since fiscal year 2006, DHS has adopted a more sophisticated risk-based grant allocation approach... For the HSGP allocation process in fiscal year 2007 [and 2008], DHS defined Risk as the product of Threat times Vulnerability and Consequences (R= T* (V & C)).The "Threat x Vulnerability x Consequences" equation is a commonly accepted yardstick, so that's fine. But the idea that every area of the U.S. is equally vulnerable? Umm, that needs some work.
The Threat Index accounted for 20 percent of the total risk score; Vulnerability and Consequences accounted for 80 percent. For the purposes of the model, DHS considered all areas of the nation equally vulnerable to attack and assigned every state and urban area a vulnerability score of 1.0. Thus, as a practical matter, the final risk score for fiscal years 2007 and 2008 is determined by the threat and consequences scores.
Vulnerability and Consequences...were represented by the following four indices:
• Population Index (40 percent)
• Economic Index (20 percent)
• National Infrastructure Index (15 percent)
• National Security Index (5 percent)
But how to do it? How to measure the vulnerability of a given area or a given target?
Vulnerability, roughly defined, means exposure. But exposure to what? Is it possible to quantify a community's vulnerability in one easily understood dimension? Not really. Different communities are vulnerable in different ways, to different incidents. Another factor is the presence or absence of mitigation practices. For example, Los Angeles and St. Louis are both vulnerable from earthquakes, but Los Angeles is much better prepared to mitigate the effects because earthquake resistance has been part of its building codes for decades. By contrast, St. Louis is full of old buildings that could tumble down in a big one.
Regardless of DHS input, any community should be able to estimate its vulnerabilities. Some are obvious - others may be less so (e.g., the far-reaching effects of a critical infrastructure failure, the cascading effects of an incident elsewhere - such as Houston's experience with New Orleans residents who escaped Hurricane Katrina).
Vulnerability must be built into the system, because it's simply not true that everywhere is equally vulnerable.
And it's also true that we still do not have a reliable nationwide system of measuring our preparedness:
DHS has taken steps to establish goals, gather information, and measure progress, yet its monitoring of grant expenditures does not provide a means to measure the achievement of desired program outcomes to strengthen the nation’s homeland security capabilities. We still know little about how states have used federal funds to build their capabilities or reduce risks.In short, in spite of the fact that our metrics are better, we're still not thinking of preparedness as a system. We don't have a real picture of where the risks are, or whether the steps we're taking are reducing those risks.
DHS’s monitoring of homeland security grant expenditures does not provide a means to measure the achievement of desired program outcomes to strengthen the nation’s homeland security capabilities.
To their credit, DHS is trying:
According to FEMA officials, DHS leadership has identified this issue as a high priority, and is trying to come up with a more quantitative approach to accomplish the goal of using this information for the more strategic purpose of monitoring the achievement of program goals.That last line is vital.
According to DHS officials, one way DHS is attempting to monitor the development of emergency preparedness capabilities is through the Effectiveness Assessment that began as part of DHS’s fiscal year 2006 HSPG grant guidance. According to program requirements, eligible recipients must provide an “investment justification” with their grant application that links their investments to the initiatives outlined in their state’s Program and Capability Enhancement Plan. DHS officials have said that they cannot yet assess how effective the actual investments from grant funds are in enhancing preparedness and mitigating risk because they do not yet have the metrics to do so and there is insufficient historical information from the grant monitoring process to assess the extent to which states and urban areas are building capabilities.
However, all levels of government are still struggling to define and act on the answers to basic—but hardly simple—questions about emergency preparedness and response:
DHS has limited information on which to base the answers to these questions.
There truly is only so much DHS can - or should - know. In our federal system, we do not want all decision-making to come down from on high. Local and state authorities have to go through the process of making these risk assessments, communicating them to DHS (and to one another) and acting on them.
The picture has to emerge from the local level up, not from the top down. DHS is simply not in the position to manage risks on the local level. Even the information they can supply is insufficient for a thorough risk analysis:
According to DHS officials and HSGP grant assistance documents we reviewed, DHS communicates with its state and local stakeholders by:Preparedness is not a series of investments, or targets, or potentially disastrous events. Preparedness is a system.
Local agencies should not view the money that comes in from DHS as being used to purchase equipment, to prepare for an incident, or to increase capabilities. The money should be seen as bolstering the preparedness system.
Tuesday, March 18, 2008
Not exactly hard-hitting journalism here, but Government Technology runs a complimentary piece, examining the capabilities of Chicago's fusion center, the Crime Prevention Information Center (CPIC).
Unlike many other fusion centers, Chicago's center eschews the all-hazards approach and focuses only on violent crime and terrorism. There's some collaboration with suburban police departments in the collar counties:
Approximately 30 full-time staff members - detectives, police officers and supervisors - work at CPIC. As events warrant, each of the 35 suburban departments that work with the center lends officers to help field calls for information. In addition, representatives from the Cook County, Ill., Sheriff's Chief and other federal agencies also provide liaison personnel to the center as needed.Not surprisingly in a world awash in information, the CPIC's primary value is in filtering information that's already available and giving it to police officers when they need it:
Chicago Police Commander David Sobczyk adds that much of the intelligence needed to combat terrorism - perhaps more than 90 percent - is really open-source information. It's putting the right pieces together in a timely fashion that makes the difference.The CPIC says it's sharing information with state and federal officials:
Much of the information flowing through CPIC, such as access to local and national crime databases, is something a tech-savvy police officer can access without the fusion center. But previously it would have taken multiple searches and a deliberate effort to search each source. CPIC has automated the process, for what databases are searched, and it adds some artificial intelligence to determine information that might be relevant.
Prior to CPIC, officers would arrive at an incident scene with virtually no other information than what was given in a call. They would then return to the police station, often the next day, to gather other information on file that might be relevant. Now through CPIC, as soon as police officers are dispatched to a home or street intersection, they immediately have relevant information at their fingertips about the location - who called the police from there in the last few days, recent arrests in the area, other reported incidents and even traffic tickets given recently on the block.
Sobczyk also points out that the CPIC operation isn't simply drawing in the information needed to facilitate investigations or to respond better to public safety threats; CPIC also sends out information to both federal and state agencies. "It's a two-way flow," he said.I wish there were more information about this, because other studies of fusion centers have suggested that there isn't enough two-way information sharing.
Appropriately, the system is set up to examine incidents rather than personal profiles. As I've argued before, you can't detect a terrorist based on who they are. The "terrorist profile" - that is, a young disaffected person who's looking for something to provide meaning and purpose in their life - is far too broad to be useful. You have a better chance if you examine what they do - especially other criminal activity:
[T]he entire CPIC system is incident-based. It takes an incident of some kind to launch a query or investigation. In other words, there must be justifiable cause to initiate the investigation.Not only does this help avoid potential civil-rights problems, it's also likely to be more effective as a preventive measure.
Wednesday, March 12, 2008
Over at In Case of Emergency, Jimmy Jazz - who knows his public health - examines the recent CDC report: Public Health Preparedness: Mobilizing State by State. His post is worth reading, but here are a few highlights.
Jimmy summarizes thusly:
So, what does the Public Health Preparedness: Mobilizing State by State report, released by the CDC, say? Basically that progress has been made, but we’ve still got work to do.On the first main section of the report, Disease Detection and Investigation, Jimmy argues that improvements have been made:
[T]he CDC funding has, according to the report, paid for more than 500 epidemiologists in 2006. Yeah, but c’mon, they’re BT epi folks, all they do is sit around and wait for the big one, right? Nope, by and large, these folks increase the day to day capacity of public health surveillance and disease detection systems...In the area of Laboratory Testing, things are not so good:
I think that what’s been going on in the labs front is the least impressive. ... Almost half of the state labs can’t effectively or securely transmit electronic data. What agents or conditions can be tested for is a patchwork quilt of state labs; with no one lab outside of CDC being able to do everything. On Response: Communication and Coordination, Jimmy argues there has been some progress:
The most telling statistic of the improvement in this area has to do with the Health Alert Network (HAN), as implemented by the CDC. In 2001, there was no coordinated way to distribute messages on health and medical issues to the health care community outside of panicked calls. Today, all 50 states, four cities, and a number of unsanctioned and paid for counties have established HANs to do just that. Messages can be delivered from the CDC to a huge portion of the healthcare community in literally minutes now. Jimmy's argument reminds me that so many conversations about preparedness focus on assets and resources - money, people, technologies. From a certain perspective, focusing on these things is comforting. These are quantifiable goods, easy to compare.
But I'm more and more convinced that the key to preparedness is in developing the right system, including the people who are part of the system. And that's much tougher to analyze or compare.
As a system it needs to be able to respond to a variety of potential scenarios, scalable to a significant degree, and able to communicate clearly with those outside the system.
Anybody can buy and deploy a widget to solve a problem. What's needed is a superior system.
Residents of the West Coast and Hawaii should feel good about this news. According to Government Technology, the National Oceanic and Atmospheric Administration (NOAA) has launched the last two tsunami-detection buoys to warn U.S. residents of approaching tsunamis:
NOAA deployed the final two tsunami detection buoys in the South Pacific this week, completing the buoy network and bolstering the U.S. tsunami warning system. This vast network of 39 stations provides coastal communities in the Pacific, Atlantic, Caribbean and the Gulf of Mexico with faster and more accurate tsunami warnings.Then again, buoys near the Solomon Islands wouldn't provide warning if an earthquake struck near to the U.S. coast. There is some evidence that this might be possible in the Pacific Northwest.
These final two deep-ocean assessment and reporting of tsunami (DART) stations, deployed off the Solomon Islands, will give NOAA forecasters real-time data about tsunamis that could potentially impact the U.S. Pacific coast, Hawaii and U.S. Pacific territories.
Monday, March 10, 2008
The GAO recently released a report on the changes FEMA has made to its mass-care delivery system under the new National Response Framework (NRF).
Hurricane Katrina redefined "mass care." It resulted in a virtual diaspora of Gulf Coast residents, who scattered far and wide - many of them seeking shelter in places far from the Gulf, and some of them never returning home.
The concept of serving disaster victims through local sheltering facilities was obliterated by Katrina's size and scope. As a result, the NRF has changed the responsibilities for mass care. The recent report outlined the changes:
FEMA's New Responsibilities
The NRF made a key change to the prior 2004 National Response Plan (NRP) by shifting the primary agency responsibility for coordinating federal support for mass care under the sixth emergency support function (ESF-6) from the Red Cross to the Federal Emergency Management Agency (FEMA)...This only makes sense. As lead agency, FEMA has the authority to task other organizations to meet the needs of disaster victims. For example, if there's a need for the military to build a tent city to house disaster victims, FEMA can go directly to the Defense Coordinating Officer (DCO) with such a request. The Red Cross can't.
DHS and the Red Cross agreed that the mass care primary agency role in the NRF should be shifted from the Red Cross to FEMA in large part because the primary agency needs to be able to direct federal resources, which the Red Cross cannot do. ... After Katrina, the Red Cross could not go directly to federal agencies for resources to fulfill requests for assistance, but instead had to request these items through FEMA, which then directed the appropriate federal agencies to supply the needed materials or services. This resulted in confusion about roles and led to duplicative requests.
The Problem of Documenting Shelters
People's generosity can sometimes serve as an obstacle to an organized response. There are always logistical challenges of handling donations such as clothes and canned goods. But even beyond that, there are challenges associated with the establishment of ad hoc shelters that spring up when churches and other civic organizations throw open their doors to house refugees.
With the widespread reach of Katrina, this problem was more significant than it had ever been:
After Katrina, local voluntary organizations—such as churches—played a critical role in providing mass care. At one point after Katrina, nearly as many evacuees were staying in shelters operated by chuches and other small nonprofits as were staying in Red Cross shelters.The idea under the NRF is to establish a National Shelter System (NSS) which will catalog all the shelter facilities in each state. But this is no easy task:
Collecting data on unplanned shelters was a significant challenge after Hurricane Katrina. There was no centralized system in place for collecting and reporting these data after Hurricane Katrina and, as a result, these data often went unreported, according to FEMA and Red Cross officials. Because government and voluntary organizations did not know where many of these people were staying, this led to problems planning for and delivering needed resources.
[T]he NRF includes expectations for the development of a shelter database to be used for collecting and reporting shelter data. Although FEMA and the Red Cross have developed an initial database for collecting and reporting shelter data, FEMA is still working to develop a federal shelter database that will track demographic data on shelter populations. Second, officials in some states we contacted were concerned about their ability to collect and report complete information from shelters. In particular, state officials were concerned about collecting data from unplanned shelters, which are usually opened by organizations with no disaster response experience. ... These shelters are likely to open if designated shelter sites are overcrowded, evacuees are unable to reach designated sites, or the designated sites are affected by the disaster. Officials from some states told us that they do not have a mechanism in place to collect data from the small, independent organizations that typically open these shelters.Capabilities Planning
FEMA is still working to develop a federal National Shelter System [NSS] that will be owned and housed at FEMA.... FEMA officials told us that the federal NSS will be finished in spring 2008.... In addition, many states still need to enter data into the system in preparation for disasters. FEMA officials said that as of November 2007, no more than four states had inserted shelter location data and, as a result, most of the data in the system is on Red Cross shelters. The accuracy of the shelter data is contingent upon states reporting information into the system and updating it frequently, according to FEMA officials. ...FEMA officials told us that it will take 2 to 3 years to fully implement the federal NSS, because of training and time needed for states to collect, input, and verify data.
Related to the challenge of documenting shelter facilities is the need to identify gaps in the mass-care system. FEMA has a start, but it's far from complete:
[T]he Post-Katrina Act specifically requires that FEMA identify gaps in mass care capabilities at the state level. In response, FEMA has undertaken a gap analysis initiative that examines, by state, the gaps in disaster preparedness. This initiative, which began in 2007, has begun identifying gaps in hurricane-prone states along the Eastern seaboard and Gulf Coast. A FEMA official responsible for these efforts told us that the initial gap analysis had been completed in 18 high-risk states as of December 2007. Eventually, FEMA plans to roll this initiative out in every state, and to make it all-hazards rather than hurricane-specific.People with Disabilities
Given that estimates of the number of people with disabilities in the U.S. are as high as 20 percent of the entire population and 72 percent of people over age 80, there is a significant need to provide mass-care for this population in a disaster situation.
After Katrina, many disabled people ran into obstacles in their quest to find care, resulting in a broad re-examination of the emergency response system and its ability to assist people with disabilities.
FEMA has taken several steps to help improve planning for the disabled population. For example, FEMA developed a consistent definition of the term “special needs” that is used in the NRF. ... Through a working group of stakeholders, FEMA developed a definition of special needs that refers to those who may have additional needs before, during, or after an incident in one or more of the following functional areas: maintaining independence, communication, transportation, supervision, and medical care.But more needs to be done:
FEMA is also developing guidance for states as they plan for serving disabled populations. One such initiative has been developing guidance on collecting data on disabled populations...
[FEMA and the National Council on Disability (NCD)] have met several times to discuss how coordination would occur, most recently in October 2007. However, as of January 2008, the agencies had not agreed to specific action steps for how they would coordinate. ...However, FEMA has generally not coordinated with NCD, as required by the Act.
The Red Cross - still a key agency in providing services, even if it's no longer the lead agency for ESF-6 - has changed its intake processes to reflect the need for serving people with disabilities:
The Red Cross, in partnership with the Department of Health and Human Services, has developed a shelter intake form to address this problem after future disasters. The form provides a series of questions for shelter workers in general shelters to ask incoming evacuees. The form will allow shelter managers to identify disabilities and determine whether the shelter can meet the individual’s needs, according to officials from the Red Cross and the Department of Health and Human Services.
Red Cross told us that it has prepositioned items that will improve shelter accessibility for individuals with mobility impairments in key warehouses across the country. These items included 8,000 cots that are designed for easy transitions from a wheelchair, commode chairs, and shower stools.
Red Cross headquarters officials told us that some local chapters are still not fully prepared to serve individuals with disabilities after disasters. These officials said that, although the Red Cross has taken steps to educate their employees and volunteers since Katrina, it has been difficult to encourage chapters to prepare for and implement accessibility policies. Red Cross headquarters officials said that Red Cross chapters have considerable autonomy within the organization.Reimbursement for Organizations
A final area of concern: Whether changes to the Public Assistance reimbursement program have been effectively communicated.
Many shelters outside the disaster zone were not reimbursed in the wake of Katrina, because reimbursement was not available for, say, a shelter in Colorado to take in citizens of Louisiana and Mississippi. The need for such a situation hadn't been anticipated.
The rules were changed, but many organizations have found the reimbursement process so cumbersome that they've simply walked away and eaten the cost on their own:
Voluntary organizations faced limitations in the scope of program coverage and communication difficulties while trying to obtain reimbursement under the Public Assistance program after Katrina. The Public Assistance reimbursement program was not designed for a disaster of Katrina’s magnitude because it only offered reimbursement to voluntary organizations in the disaster zone, even though evacuees dispersed throughout the country. FEMA has since changed its regulations so that after future disasters voluntary organizations serving evacuees outside of declared disaster zones can be reimbursed.
This change contributed to confusion among voluntary organizations about the Public Assistance program after the hurricanes. Many officials from voluntary organizations told us that changing reimbursement policies caused confusion and made it difficult for them to get reimbursed, and that in some cases they gave up on seeking reimbursement.
The fur flew around the Cannon House Office Building on Feb. 26, when Charlie Allen, DHS Under Secretary - Intelligence and Analysis (I&A), testified before the House Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment.
The subject that caused all the sniping was the Interagency Threat Assessment Coordination Group (ITACG), which is supposed to "coordinate the production and timely issuance of the following interagency products intended for distribution to State, local, and tribal officials."
But is the ITACG working? If you listen to Allen's testimony, ITACG is working just great:
A major emphasis of the Office of Intelligence and Analysis has been the establishment of the Interagency Threat Assessment Coordination Group (ITACG), which has been stood up under the management of the National Counterterrorism Center (NCTC) to help us meet the information needs of our State, local, and tribal partners. I have provided two senior officers from the Office of Intelligence and Analysis, along with two officers provided by the FBI, to lead the stand-up of this organization. I am extremely pleased to report that the ITACG achieved Initial Operating Capability (IOC) on 30 January 2008 and that current staffing requirements have been met. In total, four federal and four state personnel, as well as contractor officers, are working in dedicated spaces with essential systems connectivity in NCTC.Sounds great. But Allen's testimony is directly challenged by the statements of Homeland Security Committee Chairman Bennie G. Thompson and Intelligence Subcommittee Chair Jane Harman. Harman writes:
The ITACG has already begun providing valuable input to intelligence products disseminated to State and local organizations, and its personnel regularly attend NCTC meetings and are engaged in NCTC production processes and activities critical to serving non-Federal customers. Since stand-up operations began on 23 October 2007 under DHS day-to-day leadership, the ITACG has reviewed more than 25,000 finished intelligence products. From that review, the ITACG identified products that meet State and local needs, and has already disseminated many of them to State and local officials. Since 23 October, the ITACG also has reviewed 1,576 separate reports on worldwide threats to U.S. interests, identifying 69 of these as possible threats to the Homeland. Further review by the ITACG revealed five reports of questionable credibility, two of which required better characterization of the threat or source. As a direct result of the ITACG’s efforts, DHS and the FBI refined our characterization of the threat and released joint reports on the two cases noted above requiring further threat detail.
I am confident that DHS, FBI, and NCTC in collaboration with the ITACG Advisory Council and ITACG personnel will work closely together – not only to ensure that the ITACG meets the letter and spirit of statutory obligations vis-à-vis State, local, and tribal needs, but also to synchronize and harmonize Intelligence Community support to our State, local, and tribal partners.
[I]t seems that the only stovepipe left standing is yours...Thompson adds:
I have a major issue with I&A’s endless refusal to take the ITACG seriously and to build a robust State, local, and tribal presence at the National Counterterrorism Center (NCTC) that makes the intelligence production process for State and locals better.
Although you promised last year that your staff would make a full effort to ensure the ITACG’s success, and although you told us you were proud to be leading the ITACG effort, you did not have it going in a few weeks as you had described.
DHS [has] made two things clear: First, it wants to control what homeland security information should be disseminated to State and locals. Second, it wants the ITACG to “go away” once the Information Sharing Environment “matures organizationally and culturally.”
Let me be clear. The ITACG is NOT going away.
I&A should be hungry for the State and local input that the ITACG offers – whether products created for those communities are produced at the NCTC, the FBI, or by your staff at the Nebraska Avenue Complex.
I was also disappointed to learn that your office is still debating about when State and locals detailed to the ITACG should become involved in preparing analytic products.
Effective information sharing is a major focus of this Subcommittee, and I have hoped that you would build an I&A that makes that happen.
Our hearing record, however, is full of testimony from State and local entities that tells us that they aren’t getting the products they need.
Bottom line, Charlie: you are not effectively serving the State and locals who are the people who will prevent the next attack.
I join with the Chair in here concern about the Department’s progress with the ITACG. The message, Mr. Allen, is clear: get the ITACG done right and get it done right now.In my mind, the most disturbing part of this discussion is the assertion that DHS is not fully engaging the participation of state and local personnel in creating analytic reports. That means that information-sharing is seen as a one-way street, in which intelligence is parceled out and funneled down to state and local agencies.
With your new authorities and influence, we expect nothing less than your total commitment to the success of the ITACG.
I don’t see how the proposed 9% increase in new funding for your office and the Office of Operations Coordination will help you satisfy those new obligations...
A vibrant information-sharing system has to be a two-way street.
Update 03-18-08: Congresswoman Jane Harman weighs in at HLS Watch.