Cohabitate :: Collaborate

One way to get to know people is simply by being around them.

In Edison, New Jersey, they're putting that principle into practice by building a new "public safety center" which will house police, fire, EMS, and training facilities:

The facility, which Mayor Jun Choi expects to be open by early next year, will house police, fire and EMS personnel all under one roof. It is intended to be a state-of-the-art facility and will have a full training center for all the township's public safety personnel ... Choi said that coordination between different branches of public safety is essential in improving emergency response in town.

The importance of coordination between police, fire and EMS was a theme repeated multiple times ... something that people said would definitely be helped through the placement of personnel from all three services in the same building.

Col. Rick Fuentes, New Jersey State Police superintendent ... noted that fire and police could help each other, for example, in sharing information about the nature of certain buildings, noting that fighting fires at, say, a methamphetamine lab might be particularly dangerous and require contact with police.

Conversely, he noted that some firefighters report gang members stopping fire trucks from getting near burning buildings until incriminating evidence is cleared.

It's a step.

Interfaith Disaster Preparedness Groups

Does your community have one? It's a good idea. Local networks with common interests can accomplish a lot. For instance, here's what they're doing in San Francisco:

Leaders from more than a hundred San Francisco-based churches, synagogues and other places of worship are expected to gather today at St. Mary's Cathedral in San Francisco to learn how to make their spiritual sanctuaries into places of physical refuge. Alameda and Santa Clara counties have made similar efforts.

In sessions organized by the San Francisco Interfaith Council, the church leaders will be taught how to create disaster plans for themselves, help congregants prepare their own households and be safety hubs for their neighborhoods in the midst of disaster.

"This is not to say we expect congregations ... to conduct a full-scale disaster response," said Alessa Adamo, program director for SFCARD, a nonprofit that trains faith groups and nonprofits on disaster preparedness. "What we're hoping for is that they're able to take care of their existing client base, help their immediate neighbors and provide a way for volunteers to help."

One of the main goals of today's gathering is to create neighborhood-based clusters of sanctuaries so different congregations can learn how to work as teams.

One thing not to repeat: The tendency to wait until after a disaster:

The San Francisco Interfaith Council was created after the 1989 Loma Prieta earthquake after leaders realized they needed to figure out collaborative ways to bring calm after a crisis. The Marin Interfaith Council was created in response to the devastating floods in 1982.

Business groups and non-profits can also work together, along with public officials. The more planning and preparation that's done ahead of time, the better.

Collaboration: A Quick But Worthy Read

The Partnership for Public Service has published this brief paper, entitled "Collaboration in Times of Crisis," which captured the lessons learned from a series of roundtable discussions. My favorite takeaway:

Following the panel discussion, our experts and audience discussed ways to improve coordination across other agencies and advance the collaborative capacity of the federal workforce. Their recommendations include:

• Engage leadership who support and model collaborative behavior
• Plan and budget for collaborative efforts
• Enable workers on the ground to regularly interact across teams and agencies

Are you better at collaborating or talking about collaboration? Do you plan your collaborative efforts? Do you budget for them? Does collaboration happen throughout all levels of your organization?

Disaster Response in Israel: Relationships Count

Interesting comments in this article from the National Guard Bureau on the trip made by NG representatives to a disaster exercise in Israel. They accompanied the Israeli Defense Force’s (IDF) Home Front Command (HFC), which is Israel's version of a National Guard.

For me, this was the key take-away:

Guard leaders also observed how the HFC works with civilian authorities and shares civilian assets to supplement its own after a disaster. Contrasts and similarities between how the National Guard and the HFC do business include:

• Bottom-up versus top-down. “Everything in the United States is local and then it ratchets up to the state and then the governor asks for the feds,” explained Col. Brent Feick, chief of the National Guard Bureau’s future operations division. “It’s a little quicker response from the feds in Israel, where the fire battalions and the police have a much more limited capability, and they rely more heavily on the HFC. Normally the governor wouldn’t call the National Guard until it was a much larger event because we put more effort in each state trying to take care of themselves. We’re the last in and first out. That’s our concept. In Israel, the HFC is almost always in there very quickly.”
  


• Close local relationships. State National Guards are building relationships with mayors, police departments and other agencies at the most local level, Feick said. The military service required of every Israeli has helped the HFC build close ties with local agencies. “No matter where you are in the country, you have an appreciation for how the IDF and the HFC works,” Feick said of the Israeli system. “The mayor of Nazareth knew to donate the building … for this exercise because of his prior military experience. He knew that this would be an advantage to the brigade commander up here.”

The lesson? It doesn't matter if your system is bottom-up or top-down. What matters is relationships - being able to see what's needed from others' perspectives. That's an irreplaceable key to success.

Exemplary Disaster Response in Minneapolis

The U.S. Fire Administration (USFA) has released a new technical report on last August's collapse of the I-35 bridge in Minneapolis. It should be an inspiration for every jurisdiction to set dual goals:

1. To the extent possible, prevent and mitigate the risk of disaster in the first place. (It's worth remembering that this was a thoroughly preventable disaster.)
   
2. In the case that a disaster does happen, earn an after-action report as good as this one.

While the bridge collapse was no Hurricane Katrina, it was still a complex event involving two different disaster sites/access points (one on each side of the river), multiple jurisdictions, and a witches' brew of hazards. Yet the response was exemplary in many respects because local officials had prepared rigorously:

Local and State staff and officials from fire, law enforcement, emergency management, and public works received immediate alerts and, having trained together in classroom settings and through field exercises, knew what to do and with whom they needed to coordinate their response. Years of investing time and money into identifying gaps in the city’s disaster preparedness capabilities; acquiring radios for an interagency, linked 800 MHz system; and participating in training on the National Incident Management System (NIMS) and on the organizational basis for that system (the Incident Command System (ICS) and Unified Command) paid off substantially during response and recovery operations.

In 2002, Minneapolis elected officials and key staff took a hard look at its state of preparedness ... and conducted a risk assessment that identified areas where improvements were needed. The city wasted no time in resolving the gaps, aggressively pursuing Federal grant dollars, e.g., the Urban Area Security Initiative, and general fund dollars to pay for radio and communications upgrades, equipment, and training that together elevated its level of preparedness.

The local response to the bridge disaster—and the coordination with metro, State, and Federal partners—demonstrated the extraordinary value of comprehensive disaster planning and training. The City of Minneapolis was as well prepared as any local jurisdiction could be to handle a major incident.

The critical element was a collaborative working relationship that had been established among all agencies involved in the response. There is simply no substitute for a trusting working relationship to get things done:

The excellent working relationships that had been developed through joint interagency training, planning, and previous emergency incidents was one of the primary reasons that response and recovery operations went as smoothly as they did. As one leader commented “We didn’t view it as a Minneapolis incident; it was a city/county/State incident.”

When key personnel from the primary response agencies were asked to what they attributed their excellent response, without exception they answered, “relationships.” Those relationships were developed as a result of all the planning, training, and exercises that multiple agencies and levels of government shared in recent years. Responders knew whom to call for what resources. They knew to work through the established chain of command. They knew each other’s names and faces and had built a level of trust that made it possible to move quickly through channels and procedures. ... Turf battles, not uncommon in events of this size, were not a factor because of the relationships that had been developed over the years.

If there were just one factor that predicts success or failure in a crisis situation, collaboration is it.

Public-Private Sector Collaboration in Virginia

In another installment from the "better late than never" file, the Washington Post reports on the efforts that DC-area Arlington County, Virginia, is making to enlist the support of the business community in emergency preparedness and response:

Since the terrorist attack on the Pentagon on Sept. 11, 2001, Arlington County has taken steps to help residents prepare for disasters. Now, officials are extending that effort to the private sector, enlisting the business community in a joint project to get ready for terrorist attacks or other emergencies.

The Businesses for a Safer Arlington Partnership consists of a series of workshops in which corporate leaders and government officials discuss how the business community can help plan for and recover from emergencies including an attack and a large-scale power outage. The first workshop drew more than 100 people this month to the FDIC Seidman Center in Arlington.

Especially after Katrina, said Robert P. Griffin Jr., the county's director of emergency management., the thinking is that "it's a symbiotic relationship. If you want to bring your community back to a level of normalcy, you have to bring your private sector with you."

This stuff isn't rocket science. You have to know who can help get you get back on your feet after an emergency.

And make no mistake - in our increasingly interdependent economic structure, we cannot last long on our own. We have to know where help will come from, so we can get the systems back up and running. The first step, as always, is shaking hands and business cards:

Kiersten Todt Coon, a vice president at Good Harbor Consulting, an Arlington-based national-security and risk-management firm, said the April 1 workshop "was an intensive day. It got people around the table, and just by walking away from that event you've met 20 people who are working on these issues."

Arlington Deputy Police Chief Jay Farr, who also attended, said he wants to help businesses develop more aggressive emergency management plans, in addition to exploring how to get them back in operation quicker after a disaster. He said the workshop was "a good dialogue. It was a good start."

Review: The Edge of Disaster

I've decided to incorporate a new element of the blog: reviews of books on homeland security topics. I've done this on a couple of occasions before, but I'm going to try to do a more systematic job of it.

I'll start with a book that's about a year old, Stephen Flynn's The Edge of Disaster: Rebuilding a Resilient Nation (2007). I consider Flynn to be one of the stronger voices in the homeland security field. His general argument, which he has made many times, is that the U.S. can do a much better job of preparing itself for the threats it faces. Flynn favors a kind of aggressive defense, a concept which has always resonated with me.

I've always thought of homeland security first and foremost as a local issue. Nobody knows our own neighborhood better than us. The first and most basic way of keeping ourselves secure is to take care of our neighborhood.

In The Edge of Disaster, Flynn extends the argument he made in his 2005 book, America the Vulnerable. In the new book, he writes:

Despite all the rhetoric since September 11, 2001, and some new federal spending on homeland security, America remains dangerously unprepared to prevent and respond to acts of catastrophic terrorism on U.S. soil. ... Managing the risk associated with predictable large-scale natural and man-made disasters remains far from the top of our national priorities.

The difference between the two books? The devastation of Katrina and the increasing recognition of our vulnerability to pandemic flu forced Flynn to re-calculate the risk-management equation, with an increased emphasis on natural disasters. As such he adds an all-hazards focus to his argument, focusing not only on reducing our vulnerability to terrorism, but on boosting our resiliency to all types of adverse events:

America needs to make building national resiliency from within as important a public policy imperative as confronting dangers from without.

With a stated aim of creating "a more resilient nation," Flynn uses the first half of the book to outline some of the threats we face, and the second half to describe some possible remedies.

In describing potential threats, Flynn tends to gravitate toward worst-case scenarios, imagining, for instance, that a suicide truck bomber will be successful in puncturing pipelines at an oil refinery, setting loose a plume of deadly anhydrous hydrogen fluoride. While it's a plausible terrorist scenario, it relies on the terrorists getting everything just right and getting lucky besides.

While I don't advocate overstating or understating the terrorist threat, I do agree with Flynn that it's not possible to truly address the risk in the absence of greater candor with the public:

The only way to muster the political will to reduce our exposure to malicious acts is to acknowledge our weaknesses and to openly discuss the options for addressing them.

Still, I get stuck on the questions involved with the terrorist scenarios Flynn describes. For instance, would a terrorist team be able to puncture the hull of an LNG tanker and ignite the gas? It's never been attempted before - would they risk failure in trying this attack, or would they choose an attack that's more certain?

That's why I find Flynn more compelling when he writes about our vulnerability to potential natural disasters - for instance, the risk that an earthquake could shake loose the earth dams that hold back the water in the Sacramento-San Joaquin River Delta, throwing California's agricultural economy and water system into turmoil. Or the ongoing risk that a major hurricane will wipe out massive swaths of expensive new housing developments along our Atlantic and Gulf shores.

These risks are much more knowable, and I agree with Flynn entirely when he writes:

Natural disasters will happen, and not all terrorist attacks can be prevented. However, what is preventable is the cascading effects that flow from these disasters and attacks.

Flynn's concept of resiliency is built on this idea - that you configure your society and your infrastructure in such a way as to reduce the risk of a catastrophic incident; and when a catastrophic incident inevitably occurs, you prepare the systems to recover from it.

Flynn then levels a blistering attack against our current preparedness regime, arguing that the political will to prepare is lacking - and in some cases, we are pursuing policies that make us much more vulnerable to catastrophe than we ought to be:

This lethal combination of natural and man-made factors suggests that the gravest source of danger for Americans derives not from acts of God or acts of terror; it is largely our own negligence that has placed us on the edge of disaster.

"Our own negligence" includes such short-sighted moves as developing extensively in hurricane- or flood-prone areas and in adopting a "just-in-time" economic model in businesses that require surge capacity, such as hospitals. Flynn points out that:

[T]he entire inventory of staffed hospital beds within the United States is 970,000.

In 2005, half of the nation's 4,000 emergency departments were routinely operating at or over capacity.

In the 1990s, 198,000 hospital beds were eliminated to reduce overhead costs.

Is it possible to imagine that this system will be prepared to respond to the inevitable flu pandemic, when it finally comes?

But ... business is business. And you can't blame businesspeople for making decisions that either boost their profits or keep them economically viable in a competitive market. And you can't fault them for not adopting security measures when the market doesn't reward this behavior. Flynn sees danger in a persistent drought of public-private sector engagement on emergency preparedness and response:

More worrisome [than inter-governmental collaboration] is how much room there is for improvement when it comes to the public sector working with companies and business leaders to deal with a statewide or regional emergency.

Flynn argues that, although private sector involvement is vital, we cannot expect the private sector to act on its own. Without a mandate or a compelling business case (and, preferably, a combination of the two), businesses will be reluctant to act. Sharing information is critical toward compelling the private sector to act:

[T]here are other understandable reasons why the private sector resists making security investments when the government is out of the picture. One significant barrier is the difficulty of obtaining information about the threats they are trying to secure themselves from. Government agencies collect this kind of information, but they don't like to share it. This leaves CEOs in a tough spot. Without a clear sense of both the probability and character of potential threats, making practical decisions about investing in countermeasures becomes little better than guesswork.

There is a lot of room for improvement in terms of sharing information with the private sector, which controls most of our critical infrastructure:

The consensus among corporate security officers I have met with since 9/11 is that information sharing with federal law enforcement is too often a one-way street: the companies provide specific information when asked but receive little information of value in return.

The solution, as Flynn sees it, is to apply a risk-management methodology to our preparedness. I have to say I agree:

[O]ur ability to overreact can produce more harm to our way of life and quality of life than terrorists are able to inflict. ... What we can aspire to do is to keep [the risk of terrorism] within reasonable bounds by preventing it when we can and minimizing the risk that terrorist acts will have cascading consequences when we can't.

To that end, Flynn argues for a re-ordering of priorities:

Our top national priority must be to ensure that our society and our infrastructure are resilient enough not to break under the strain of natural disasters or terrorist attacks.

Flynn provides a prescription for action, a wide-ranging set of proposals that ranges from the smallest scale (e.g., encouraging personal preparedness for every family) to the largest (e.g., an increase and reallocation of federal expenditures, including reducing funding for and dependence on the Department of Defense as the primary defender of national security, the establishment of new federal entities whose focus would be on building national resiliency, and wide-ranging incentives and partnerships to encourage and/or require private sector preparedness, especially in critical infrastructure sectors).

While there can be disagreements about Flynn's specific policy proposals, I agree strongly with his basic premise. Our government and economic systems too often reward short-sighted behavior and fail to reward long-term preparedness. As a result, we leave ourselves at greater risk than necessary.

It's not possible to prevent a Katrina, and it's not possible to prevent all potential terrorist attacks, but we can certainly do more to prepare for disasters that may occur and to limit their effects.

What's required is the will to discuss and recognize the problem and the commitment to solve it.

Outcome of Cyber Storm II: I Hope This Is Not News

It's a good thing to hear DHS folks say this, but I certainly hope they're not realizing it for the first time:

Forming relationships ahead of time is key to cooperation during a cyber attack, said Greg Garcia, assistant secretary for cyber security and communications at the Department of Homeland Security, during a town hall meeting at the RSA Security Conference on Cyber Storm II. Cyber Storm II was a huge exercise in protecting the nation's IT infrastructure held last month.

The relationships built up over the 18 months of planning for Cyber Storm II "will last well beyond the one week of the exercise" and will result in better responses and improve our defense capabilities, he added.

The cooperation of industry was, and will be, "critical" when we are under cyber attack, Garcia said.

Another lesson the DHS learned was that social networking is essential well before any threat occurs.

Yes, yes, and yes.

Not just for a cyber attack, though. For any type of disaster - accidental, natural, or intentional.

Protection and restoration of critical resources is not a matter of "your business" plus "my business." It's our business.

Better Late Than Never

The city of San Ramon, California, sits along the Hayward Fault, so the town would be well-served by having a closely coordinated community plan for disaster response.

Up to now, they haven't. But they're working on it:

San Ramon got on the disaster bandwagon after Hurricane Katrina, at the same time many public agencies in the Bay Area realized they would be ill-equipped to handle a calamity of similar magnitude. Locally, city officials decided more collaboration was needed between police, fire and other agencies, said San Ramon Mayor H. Abram Wilson.

"We all had our own plans, but no one was sitting at the table talking to each other," he said.

The city helped form the East Bay Regional Communications Joint Powers Authority — a consortium of Alameda and Contra Costa counties and every Alameda and Contra Costa city except Oakland and Piedmont.

I'm not looking to criticize San Ramon, but it is remarkable that a community in such a vulnerable position, with a city mandate to coordinate its disaster response, has not made a more intentional effort to collaborate on its disaster preparedness and emergency response.

Thursday was the first time the Disaster Council, a group of business, civic and school leaders commissioned by a San Ramon ordinance some 27 years ago, has convened in many years, San Ramon emergency preparedness manager Ray Riordan said.

The group included representatives from schools, Red Cross, San Ramon Regional Medical Center, Chevron, AT&T, PG&E and Bishop Ranch business park. Riordan said he hopes the group can meet quarterly to discuss plans for disasters together.

It's great that they're doing this now. Every community would be well-served to take a similar approach.

Science and Security

I like what they're doing in New Zealand:

Scientists are to work directly with civil defence authorities under a new memorandum designed to improve national emergency management.

The agreement means emergency response agencies will get direct access to scientific data relevant to planning civil defence strategies.

And scientists will have access to emergency scenes to improve their understanding of hazards facing New Zealand.

In emergency situations, the ministry will make space for GNS Science staff in the National Crisis Management Centre...

All too often, science is undervalued as a risk-management resource at the level of policy-making.

Collaboration and Communication Save Lives California Wildfires

Two communications systems have improved southern California's preparedness for wildfires and other emergencies. The system made for a safer, more prompt evacuation from the 2007 wildfires, compared to the 2003 fires.

It's an excellent example of using technology to communicate with the public and to foster better collaboration and information-sharing among responding agencies:

[In October 2007] officials evacuated more than 500,000 people in an orderly manner and provided shelter for more than 20,000 evacuees.

Though as many as seven people died and 90 were injured due the 2007 fires, even more people would likely have been in peril if not for the two Reverse 911 telephone alert systems -- one server-based, one Web-based -- the addition of a Web Emergency Operations Center (WebEOC) system, and the collaboration of agencies.

"There's no doubt in anyone's mind that the Reverse 911 saved lives," said Ron Lane, emergency services director of San Diego County. "There's no way we would have been able to notify everyone, especially during the first night of the fires."

During Southern California's 2003 blazes...some residents never received a notice to evacuate. That's not surprising considering the methods used for evacuation, which consisted of law enforcement personnel knocking on doors and notifying residents from loudspeakers.

The hectic, uncoordinated response to the 2003 fires prompted San Diego County officials to invest in two mass-notification systems prior to the 2007 fires, and those are credited with saving lives last fall.

"We used the 2003 fires as a game plan and an opportunity to identify what things we needed to do," Lane continued. "The key to Reverse 911 is it's essentially an electronic knock on the door from the sheriff, instead of relying on sheriff's loudspeakers and going door to door to let people know as in 2003. We had many people die in their garages or in their escape routes in 2003. The fires just move so fast and there are only so many deputies, you can't be everywhere."

The system also improved information-sharing among responding agencies:

San Diego County officials also used a 2005 UASI grant for the $100,000 WebEOC system, which gives officials from 85 different agencies teleconference capabilities, and some added capacity and redundancy into its 800 MHz wireless system. That forged the collaboration that made evacuation and providing shelter an orderly process. "We had more than 300 people logged in at one time during the height of the fires," Lane said. "Everybody had situational awareness of what was going on, what areas were being evacuated, what every hospital's status was."

The Emergency Services Integrators (ESI) WebEOC system allowed officials to share data with other jurisdictions and agencies in real time, and access satellite images, mapping information and national weather trends.

Officials used WebEOC in tandem with the mass notification systems by letting everyone know what parts of the county were being evacuated at a certain time and where people were going. That allowed the Red Cross, animal control and other agencies to prepare and respond accordingly. It all worked remarkably well, Lane said.

"Compared to other exercises and other things I've been involved in, we had outstanding situational awareness this time -- far better than I would have ever thought," he said. "I never felt at any time that we didn't know what was going on in the field."

The good news is that, after such a successful experience, these agencies are likely to look for more ways they can share information and work together for other types of events.

Success breeds success.

Second Fusion Center Conference Held

Breaking the rules of Journalism 101 - simply noting that "a meeting was held":

More than 900 federal, state, and local law enforcement and homeland security officials attended this week the National Fusion Center Conference here to further the U.S. government's plans to create a seamless network of these centers.

Participants discussed how to best incorporate fusion centers at the state level and in major urban areas into national plans to improve the sharing of information related to terrorism...

Disrupting Terrorist Funding

One of the most productive ways to harm any organization is to drain its funding. Terrorist organizations are no different; they require significant funding to accomplish their aims. And the more ambitious their goals, the greater their need for money.

The Financial Action Task Force (FATF) published a recent study examining how terrorist organizations raise, use, and move money through financial systems, in both legal and illegal ways. There isn't much new information here, but some that bears repeating:

The literature on terrorist finance developed since 2001 has emphasised the great adaptability and opportunism that terrorists deploy in meeting their funding requirements. Indeed, the breadth of cases ... suggests that the answer to the question: “How do terrorists raise and move funds?” is:”Any way they can.”

Terrorists have shown adaptability and opportunism in meeting their funding requirements. Terrorist organisations raise funding from legitimate sources, including the abuse of charitable entities or legitimate businesses or self-financing by the terrorists themselves. Terrorists also derive funding from a variety of criminal activities ranging in scale and sophistication from low-level crime to organised fraud or narcotics smuggling, or from state sponsors and activities in failed states and other safe havens.

Terrorists use a wide variety of methods to move money within and between organisations, including the financial sector, the physical movement of cash by couriers, and the movement of goods through the trade system. Charities and alternative remittance systems have also been used to disguise terrorist movement of funds. The adaptability and opportunism shown by terrorist organisations suggests that all the methods that exist to move money around the globe are to some extent at risk.

What Terrorists Need Money For

When thinking about disrupting terrorist financing - regardless of the size or complexity of the organization - it is useful to examine the reasons why terrorists need money.

Terrorist financing requirements fall into two general areas: (1) funding specific terrorist operations, such as direct costs associated with specific operations and (2) broader organisational costs to develop and maintain an infrastructure of organisational support and to promote the ideology of a terrorist organisation.

The amount of money required to pull off a terrorist attack - even a fairly large-scale one - is relatively small. FATF examines the funds required to pull off some high-profile attacks of recent years. Amounts are in U.S. dollars:

$10,000: Madrid train bombings (2004)
$10,000: USS Cole attack (2000)
$16,000: London transport system (2005)
$30,000: Jakarta JW Marriot Hotel bombing (2003)
$40,000: Istanbul truck bomb attacks (2003)
$50,000: Bali bombings (2002)
$50,000: East Africa embassy bombings (1998)

Terrorists' greater financial need is typically for more mundane operating expenses:

Financially maintaining a terrorist network – or a specific cell – to provide for recruitment, planning and procurement between attacks represents the most significant drain on resources.

The take-away here is that when you're looking to disrupt terrorist financing, it's foolish to focus only on activities that are directly associated with an attack. The real money is needed for other activities, and those activities can also leave a trail.

Terrorists' Fundraising Means

FATF outlines the well-documented means that terrorists raise funds, including legitimate sources, charities, and crime.

Charities are an especially profitable fundraising mechanism for terrorists:

In developing the key financial standards to combat terrorism, the FATF has found that “the misuse of non-profit organisations for the financing of terrorism is coming to be recognised as a crucial weak point in the global struggle to stop such funding at its source”.

A greater vulnerability for terrorist groups - but also a greater opportunity - is in finding common cause with drug traffickers. Connections have grown:

The degree of reliance on drug trafficking as a source of terrorist funding has grown with the decline in state sponsorship of terror groups. This trend has increasingly blurred the distinction between terrorist and drug trafficking organisations.

Investigations and intelligence have revealed direct links between various terrorist and drug trafficking organisations that frequently work together out of necessity or convenience and mutual benefit.

Local law enforcement should also be aware of other illicit means of fundraising, such as credit card theft and extortion:

A North African terrorist funding group accumulated details of nearly 200 stolen cards and raised more than [$400,000] to fund the al-Qaeda terrorist network through international credit card fraud. Twenty to thirty 'runners' collected the names and credit card details of almost 200 different bank accounts from contacts working in service industries such as restaurants.

Supporters of terrorist and paramilitary groups exploit their presence within expatriate or diaspora communities to raise funds through extortion. A terrorist organisation would make use of its contacts to tax the diaspora on their earnings and savings. The extortion is generally targeted against their own communities where there is a high level of fear of retribution should anyone report anything to the authorities. They may also threaten harm to the relatives – located in the country of origin – of the victim, further frustrating any law enforcement action.

Moving Terrorist Funds

With the proliferation of global trade and finance, it is becoming harder to detect movement of terrorist funds. They are likely to use a variety of mechanisms to move money - ranging from sophisticated electronic transfers to human cash couriers.

There are three main methods by which to move money or transfer value:

• The financial system
• The physical movement of money (for example, through the use of cash couriers)
• The international trade system

The multiplicity of organisational structures employed by terror networks, the continuing evolution of techniques in response to international measures and the opportunistic nature of terrorist financing all make it difficult to identify a favoured or most common method of transmission.

Cases highlight how in many situations, the raising, moving and using of funds for terrorism can be especially challenging and almost indistinguishable from the financial activity associated with everyday life. The identification and the disruption of terrorist finance are naturally harder when authorities are confronted by “informal” support networks that do not operate as part of well structured organisations with clear roles and lines of accountability. In such circumstances, the links between financial activity and terrorist activity become more opaque and the targets for disruption harder to identify.

Disrupting Terrorist Finances

And yet, there are options for disrupting these practices. As indicated earlier, it is probably ineffective to focus on searching for sources of funding for attacks, which are relatively low-cost and may involve few or no activities that would set off financial triggers:

The disruption of specific attacks through the interdiction of specific transactions appears highly challenging. Recent attacks demonstrate that they can be orchestrated at low cost using legitimate funds and often without suspicious financial behaviour.

A better strategy is to focus on complicating the environment in which terrorists are forced to operate.

In large measure, terrorists require funds to create an enabling environment necessary to sustain their activities – not simply to stage specific attacks. Disrupting terrorist-linked funds creates a hostile environment for terrorism. Even the best efforts of authorities may fail to prevent specific attacks.

Nevertheless, when funds available to terrorists are constrained, their overall capabilities decline, limiting their reach and effect.

The key is for public and private financial entities to collaborate and share information:

National authorities can assist the financial sector in its efforts to identify and prevent terrorist financing by sharing intelligence. Financial information alone may not be sufficient to identify terrorist financing activity. However, when combined with counter-terrorist intelligence drawn from surveillance of the range of terrorist activities and networks, financial information can be leveraged to provide financial institutions with a concrete indication of possible terrorist activity, whether these use legitimate or criminal sources of funds.

Financial information is now used as part of the evidential case to hold criminals and terrorists to account. It also has a key intelligence role – for example by allowing law enforcement to:

• Look backwards, by piecing together how a criminal or terrorist conspiracy was developed and the timelines involved.
• Look sideways, by identifying or confirming associations between individuals and activities linked to conspiracies, even if overseas – often opening up new avenues for enquiry.
• Look forward, by identifying the warning signs of criminal or terrorist activity in preparation.

The creation of a hostile atmosphere can be effective in curtailing terrorist activity, because it undermines the group's sense of operational security. Even the suspicion that certain activities are not secure can serve as a deterrent.

Forward-Thinking Port Security

A nice story out of Wrightsville Beach, NC, in the wake of a recent incident where authorities received a tip that a nuclear device was present at the Port of Wilmington. They determined it was a hoax. But the important thing is how they were prepared for it:

“One of the things we had to do was start developing relationships with our counterparts in emergency services — law enforcement, fire, EMS, Coast Guard — all those folks who have a stake in the port facility,” Doug Campen, director of safety and security for the North Carolina State Ports Authority, said.

The Port of Wilmington utilizes four levels of security — Port Authority Security, the U.S. Coast Guard, U.S. Customs and Border Protection (USBP) and local agencies. Each agency plays a different role in keeping the ports secure. For example, the USBP is responsible for container inspection, Campen said. Each agency is vital to the port’s security, but the cooperation of local agencies — WPD, the New Hanover County Sheriff’s Department, the Leland Police Department and the Brunswick County Sheriff’s Department — come to the fore in an emergency situation.

“In the event we have something major where we needed additional manpower, those are the folks we’re going to be calling upon. Our first responders would be local (agencies),” Campen said.

Ideally, local agencies would be involved in prevention as much as response. Everyone has a piece of the puzzle.

Regional Preparedness in the Bay Area

Just a quick note with less content than I'd like. I couldn't find a copy of the actual document, but the cities and counties in the Bay Area have released a coordinated, regional disaster plan, the first in California:

In recognition of the need for a regional response to natural and human-caused emergencies Mayor Gavin Newsom, Oakland Mayor Ron Dellums, and San Jose Mayor Chuck Reed were joined by regional emergency management officials, first responders and the State of California Governor's Office of Emergency Services (OES) to unveil the Bay Area Regional Emergency Coordination Plan (RECP). Ten Bay Area counties participated in the development of the "base" plan that will serve as the foundation for nine subsidiary plans to be submitted in spring 2008.

"This project was an investment in more than just a document -- it's an investment in relationships," said San Francisco Mayor Gavin Newsom.

This is typical stuff coming from a politician, of course - but it's the right idea. Collaboration is about developing solid working relationships built on common interests.

The RECP provides an all-hazards framework for collaboration and coordination among emergency response entities in the Bay Area. The base plan focuses on the role of State OES in coordinating the regional response to an event. Additionally, the region will be continuing to work on more detailed plans in areas such as transportation, logistics and mass care and shelter.

The RECP will now reside with the Governor's Office of Emergency Services, as it is designed to be used at the state's Regional Emergency Operations Center which is located in Oakland.

And there were more instances of politicians saying the right thing:

"In a region as large and vulnerable as the Bay Area, the need for a collaborative and organized response is vital," said Oakland Mayor Ron Dellums. "The RECP is the first of its kind in the state and will ensure that if a major disaster occurs that all entities at all levels of government are on the same page."

The Bay Area has significant vulnerabilities, and not only from earthquakes. The bridges, ports, and transit systems are tempting terrorist targets. Much of the area's water is transported from inland. And of course, the area is a major economic and technological hub.

I would argue that for such an area, taking a regional approach to emergency preparedness should not be seen as particularly innovative or forward-thinking. I would say it's an instance of exercising due diligence.

The State of State Homeland Security

Some interesting findings in the National Governor's Association's (NGA) recent survey of state homeland security directors.

The NGA got responses from 44 of 56 state and territorial homeland security advisors who comprise the Governors Homeland Security Advisors Council. They identified their top priorities for 2007 as:

Developing interoperable communications

Coordinating state and local efforts

Protecting critical infrastructure

Developing state fusion centers

Strengthening citizen preparedness

The only new priority is the last one, "strengthening citizen preparedness," which replaced "preparing for natural disasters," the popular choice in the aftermath of the 2005 hurricane season. Unfortunately the 2007 survey didn't ask for any details about the new goal of strengthening citizen preparedness; it will be interesting to see what progress is made in 2008.

Here are a few notes on what the survey revealed about the other priorities:

Interoperability

On interoperable communications, the more things change, the more they stay the same. Federal leadership and funding remain significant hurdles to interoperability.

[N]early every state now has a statewide interoperable communications governance structure in place, and nearly three quarters (about 70 percent) report having a full-time interoperability coordinator at the state level. However, achieving interoperability has, until recently, been hampered by a lack of clear guidance from the federal government and an associated lack of designated funding to develop interoperable systems.

The same argument was made last March, in this report by the First Response Coalition (see also my post).

Coordination with Local Efforts

Good news here. As I've noted anecdotally on a few previous occasions, some states are doing a good job of working with local agencies to coordinate response efforts:

In the 2007 survey, states were asked specifically about their interaction with local governments, tribal governments, the private sector, and other states. More than half—54 percent—said they “significantly” involved local governments in the development of strategic plans, including grant funding allocation plans. Roughly one third of the states, or 32 percent, said local involvement in those activities was “fair,” while 14 percent reported local involvement as “minimal.”

Nearly all the respondents reported having completed or being in the process of developing coordinated response plans with local agencies for a range of disasters. In addition, coordination of security plans and procedures with the private sector also remains a priority, with 100 percent of states reporting that they either have or are in the process of developing security plans with the privately owned infrastructure in their states.

But efforts are more mixed for prevention and preparedness:

Despite the success of EMAC and its proven utility in large-scale events such as Hurricane Katrina (97 percent of states surveyed in 2007 said EMAC was very or somewhat efficient), the coordination of pre-event planning—or, the “prevention and preparedness” phase of emergency management—remains a work in progress.

Critical Infrastructure

There was some measured good news regarding critical infrastructure, in that more than half of the states have joined in interstate (i.e. regional) efforts to protect infrastructure sectors.
Fusion Centers

Fusion centers are critical elements of the National Strategy for Information Sharing, yet the NGA survey indicates that fusion centers "remain a work in progress." The information that flows into the centers is improving:

The 2007 survey results also reflect an improvement in the federal-state information-sharing relationship. More than half of the states (56 percent) said they were satisfied with the timeliness of the intelligence they are receiving; 47 percent said they were satisfied with the specificity of that intelligence; and 50 percent said they were satisfied with the “actionability” of that intelligence.

And yet, leadership is lacking from the federal government on funding and systems development:

Nonetheless, nearly two-thirds of the states said they will be unable to sustain their fusion center operations without federal funding.

About half the states (48 percent) said they had little participation in key information-sharing initiatives such as the Homeland Security Information Network (HSIN), DHS Alert, and the Disaster Management Information System.

Federal-State Coordination

Overall, DHS is still doing a bad job collaborating with the states:

If there is an area where states are reporting unsatisfactory progress, it is in their relationship with the federal government, specifically with DHS. More than half the states (57 percent) reported being dissatisfied or somewhat dissatisfied with their overall communications with DHS, and 60 percent said the quality of their communications with the department had either not changed or had deteriorated since 2006.

States did provide some recommendations on how the federal-state relationship in homeland security could be improved. The majority, about 88 percent, said DHS should coordinate policies with the states before the release or implementation of those policies; 79 percent said there should be more coordination among DHS and other key federal agencies, including the departments of Justice and Health and Human Services; and 71 percent said the relationship could be improved with additional grant funding.

Secretary Chertoff always emphasizes involving state and local agencies, but it doesn't seem to happen at ground level. The interesting thing is, states seem to be doing a better job of this, in collaborating with local agencies. Without a collaborative effort, the work will be fractured. Even the vaunted fusion centers could slip by the wayside unless there is a coordinated effort to make them work.

Chemical & Biological Preparedness from DOD

Just a couple of notes on the DoD's new Joint Service Chemical and Biological Defense Program FY 08-09 Overview. For the most part, this is a broad review of the CBDP's aims for R&D and acquisition of new tools for detection, shielding, etc.

But there are a couple of items in the doc that may be of interest to local first responders. It's interesting that the military has set up a parallel system for detection of biological and chemical agents. If I were a local leader or first responder in a community near a military base, I might want to investigate an opportunity for sharing information:

In response to the events of September 11, 2001, an antiterrorism task force was formed to come up with emergency lists for equipment for the Installation Protection Program (IPP), Army Emergency First Responder Program, and Homeland Security Biological Detection initiative.

The task force decisions resulted in PBD 289, which required a pilot program to outfit nine installations—three each for the Army, the Air Force, and the Navy/Marine Corps. The PBD stated that biological and chemical detection only is required. ...

The Joint Service Installation Pilot Program (JSIPP) demonstrated the efficacy of an integrated suite of highly effective chemical and biological sensors and support equipment installed at the previously identified installations. The suite provided tiered sampling/collection, detection, identification, and warning response capabilities. It was designed to provide early indoor/outdoor collection, detection, presumptive identification, and warning capabilities and proved the need to expand this concept.

The JPMG IPP consists of a highly effective and integrated CBR installation protection and response capability, including detection, identification, warning, information management, individual and collective protection, restoration, and medical surveillance, protection, and response. The communications network will leverage existing capabilities and be integrated into the base operational command and control infrastructure. JPMG will procure and field an effective and optimized CBR installation protection and response capability at 135 DOD installations FY06–12.

In the case of a biological or chemical event, a military Weapons of Mass Destruction - Civil Support Team (WMD-CST) will be part of the response. Advance collaboration between local officials and these teams will improve any response. The military units can bring specialized equipment and training, but it is vital to ensure communications between civilian and military units:

Weapons of Mass Destruction—Civil Support Teams (WMD-CST) ... will allow selected National Guard and Reserve Component units to respond to and contain the effects of CBRN incidents within the continental United States.

The program also funds the design, enhancement, testing, fielding, and sustainment of the Analytical Laboratory System (ALS) Increment 1 and the Unified Command Suite (UCS) Increment 1 for the WMD-CSTs. The ALS Increment 1 provides advanced technologies with enhanced sensitivity and selectivity in the detection and identification of CWAs, BWAs, TICs, and TIMs. The UCS provides communication interoperability with federal, state, and local emergency responders at a WMD incident.

Fusion Centers: Status and Challenges

Just a relatively brief note on the new GAO report, which discusses the development of state fusion centers, along with the challenges they're facing.

First, a note on the current status of fusion centers:

Officials in 43 of the 58 fusion centers we contacted described their centers as operational as of September 2007. Specifically, officials in 35 states, the District of Columbia, and 7 local jurisdictions we contacted described their fusion center as operational, officials in 14 states and 1 local jurisdiction considered their centers to be in the planning or early stages of development, and 1 state (Idaho) did not have or plan to have a fusion center. In 6 states we contacted, there was more than one fusion center established.

The "all-hazards" focus has been maintained:

[O]fficials in 41 of the 43 operational centers we contacted said that their centers’ scopes of operations were broader than solely focusing on counterterrorism. For example, officials in 22 of the 43 operational centers described their centers’ scopes of operations as all crimes or all crimes and counterterrorism, and officials in 19 operational centers said that their scopes of operations included all hazards.

And it is particularly encouraging to hear that they're exploring the link between terrorism and precursor crimes:

Officials provided two primary explanations for why their fusion centers have adopted a broader focus than counterterrorism. The first explanation was because of the nexus, or link, of many crimes to terrorist-related activity. For example, officials at one fusion center said that they have an all-crimes focus because terrorism can be funded through a number of criminal acts, such as drugs, while another said that collecting information on all crimes often leads to terrorist or threat information because typically if there is terrorist-related activity there are other crimes involved as well.

As the CRS recently noted, it's important for fusion centers - which, it's important to remember, are always state or local entities - to have a close relationship with federal agencies. Without collocation and collaboration, the working relationship suffers. Fortunately, this collocation is proceeding:

Nearly all of the operational fusion centers GAO contacted had federal personnel assigned to them. For example, DHS has assigned personnel to 17, and the FBI has assigned personnel to about three quarters of the operational centers GAO contacted.

[T]he centers varied in their staff sizes and partnerships with other agencies. At least 34 of the 43 operational fusion centers we contacted had federal personnel assigned to them. For example, officials in 17 of the operational centers we contacted reported that they had DHS intelligence officers, and officials in about three quarters of the operational centers told us that they had FBI special agents or intelligence analysts assigned to their centers.

The FBI's engagement is particularly robust:

While the FBI’s role in and support of individual fusion centers varies depending on the interaction between the particular center and the FBI field office, FBI efforts to support centers include assigning FBI special agents and intelligence analysts to fusion centers, providing office space or rent for fusion center facilities, providing security clearances, conducting security certification of facilities, and providing direct or facilitated access to the FBI.

FBI personnel assigned to fusion centers are to provide an effective two-way flow of information between the fusion center and the FBI; participate as an investigative or analytical partner uncovering, understanding, reporting, and responding to threats; and ensure the timely flow of information between the fusion center and the local JTTF and FIG.

Still, there are challenges, including managing the many information systems that feed into fusion centers and the ability (or not) to get security clearances:

[F]usion center officials cited challenges accessing and managing multiple information systems. For example, officials at 31 of the 58 centers we contacted reported challenges obtaining access to federal information systems or networks.

[O]btaining and using security clearances represented a challenge for 44 of the 58 fusion centers we contacted.

More signficantly, there is apprehension on the part of state fusion center directors that the federal government has not made clear its long-term commitment for fusion centers - and that the result would be that eventually fusion centers will become, essentially, an unfunded mandate:

The federal government, through the ISE, has stated that it expects to rely on a nationwide network of fusion centers as the cornerstone of information sharing with state and local governments, but ISE plans or guidance to date do not articulate the long-term role the federal government expects to play in sustaining these centers, especially in relation to the role of their state or local jurisdictions. It is critical for center management to know whether to expect continued federal resources—such as grant funds, facility support, personnel, and information systems—over the long term.

This concern is magnified because a clear commitment to long-term sustainability has not come from the National Fusion Center Coordination Group:

[T]he PM-ISE has established a National Fusion Center Coordination Group (NFCCG), led by DHS and DOJ, to identify federal resources to support the development of a national, integrated network of fusion centers. ... However, to date, the efforts of the NFCCG have not included delineating whether such assistance is for the short-term establishment or long-term sustainability of fusion centers.

It's worth recalling that in the National Strategy for Information Sharing, the federal government pledged to assign personnel to fusion centers "where practical" and to integrate and collocate resources "to the extent practicable. It's this kind of tepid support that makes state and local officials jittery.

It certainly doesn't appear that fusion centers are in any short-term danger. There are too many resources being poured into them, and they're too central to our national strategies. But it's clear that the effort to establish and maintain them could be more coordinated and collaborative. The anxiety of state and local fusion center officials about the federal government's level of commitment is a clear sign that inter-governmental relationships are not yet built on trust.

Gaps in Healthcare Preparedness

This has really been a week for examining public health and disaster medicine.

In that vein, PricewaterhouseCoopers Health Research Institute (HRI) released a study of the disaster preparedness of the healthcare system. Their report focuses on “the seams” in the state of preparedness and provided recommendations. There aren't a lot of surprises here. The gaps that exist have also been reported elsewhere. This study collects them nicely, though. HRI concluded:

We found that facility and staff resources are limited, public health and private medical sector plans are inadequately coordinated, communications and tracking systems are incompatible, and funding is not sufficient to support development of a sustainable infrastructure for an effective response.

The most stubborn of these problems may be a lack of surge capacity:

There is no federal or state requirement for communities to maintain a certain level of hospital capacity for disasters, and most health system resources are owned and operated by private organizations that are pressured to improve their operational efficiency and financial bottom line.

Funding benchmarks and reporting requirements are modified each year, causing recipients to shift rather than sustain focus. “The current funding forces the funds to be utilized on gidgets and gadgets because you need to liquidize the funds rather than hire and develop infrastructure for the long term,” said Jimmy Guidry, M.D., Louisiana’s state health officer.

Experts have estimated that hospitals could free up to 25% of their beds for emergency use during a disaster, but many are skeptical of how quickly and safely that could take place. ... HRI’s survey found that over 40% of health professionals lacked confidence in their ability to transfer patients to non-health facilities, and 25% lacked confidence in their ability to transfer patients to other health-related facilities.

Another potentially significant problem is a potential lack of staff. Staff levels are already low, and they are likely to suffer further in the event of a health emergency, as some healthcare workers may also be affected:

Availability of staff during a disaster is another major challenge. “Personnel are a major limiting factor and a critical need,” said Sally Phillips of AHRQ. The average hospital has an 8.5% vacancy rate among its nurses, and many have shortages in the physician specialists needed in an emergency.

The situation is not expected to improve. The federal government is predicting that by 2020, nurse and physician retirements will contribute to a shortage of approximately 24,000 doctors and nearly 1 million nurses.

And even if staff is available, training and other preparation may be insufficient:

Primary care physicians were substantially less knowledgeable than other health professionals surveyed regarding what to do in natural or manmade disasters. Fewer than 20% of primary care physicians said they were “well prepared” about what to do in a disaster, which was substantially less than other health professionals.

Coletta Barrett, head of hospital operations at the Louisiana Emergency Operations Center during Hurricane Katrina, explained that hospitals typically are underprepared. “At Charity Hospital, we knew we needed enough food and water to support the facility for three days. We didn’t take into consideration any of the staff that would remain in-house, or family members of patients or staff that would come and shelter in place.” Due to the effects of the disaster on the surrounding community, families of the injured and of hospital staff are likely to be present in the hospital, in addition to casualties.

HRI provides some recommendations. I'll focus not on the specifics, but on the general strategy:

Health and medical systems should adopt a systems-oriented approach and infrastructure for disaster response.

During a disaster, medical priorities must shift from focusing on individual patient-based outcomes to population-based outcomes.

Alternate care sites should be considered to alleviate the patient demand at hospitals and increase healthcare surge capacity within a community. Potential sites may include: shuttered hospitals, mobile medical facilities, ambulatory care centers, dormitories, and large public buildings.

One of the keys to planning, whether it involves solving the problem of capacity, pharmaceuticals, staff preparedness, communication - is to collaborate on solutions. Healthcare facilities compete in the marketplace, but in the event of a major disaster, they will be called on to share the load. A coordinated response will be more effective.

Given the wide range of needs that must be met during a healthcare emergency, advance planning that involves a wide set of stakeholders is essential.

The health system was not designed to address the complexity of disaster response, which often requires a public-sector response and coordination across multiple organizations and regions.

Communities should actively engage a wider range of stakeholders who have not traditionally been at the planning table, particularly primary care physicians, community clinics, and nursing homes.

Collaboration provides an opportunity for healthcare organizations to share resources, learn from one another, leverage best practices, and combine forces to achieve together what they each could not do alone. Disaster responders should work locally and regionally to organize resources, share expertise, and formalize mutual aid agreements.

But this doesn't happen automatically, just because there is a need:

Respondents to HRI’s survey indicated that coordination remains a concern. In particular, health professionals questioned the ability of their organizations to coordinate with physicians in private practice, federal agencies, clinics, and nursing homes.

Still, there have been some model programs for regional planning:

Collaboratives in New York, California, and Northern Virginia provide a template on the importance of regional planning. For example, the Greater New York Hospital Association created the Emergency Preparedness Coordinating Council, which includes hospitals as well as local, state, and federal public health and emergency management organizations.

California created the California Office of Emergency Services, which divided the state into six mutual aid regions. If requests for aid overwhelm a region, the state coordinates with other unaffected regions for resources. Local authorities have a span of control over local personnel and supplies, while the state can provide support from a larger pool of resources, if necessary. At the local, county, and state levels, medical health operation area coordinators communicate medical needs, collect and provide consistent information, and relay mutual aid requests.

Collaborative efforts play into our strength as a society. We are remarkably capable when we combine our various strengths to achieve a common goal. We can anticipate the kinds of health emergencies we may face in the future. We will succeed in responding to them only if we plan ahead and bring together all the resources available to us.

Information Sharing in Reluctant Neighborhoods

The latest issue of Officer.com has a nice article on encouraging information-sharing between police and citizens, especially in neighborhoods where residents are generally hesitant and may be distrustful of the police. The article focuses on recruiting volunteers who will regularly help police, but the advice is sound in any case.

Police officers are advised to think like marketing executives, paying close attention to the needs of their "customers" (i.e., those who may share information with them):

[T]hought should be given to how your volunteers will be perceived by their fellow citizens.

When faced with troubled areas of your community, a different approach to marketing your volunteer unit to soften the perception could be as simple as a name change. Choosing a unit name such as Neighborhood Assistance Volunteers or Community Support Team removes what could be viewed as negative words.

At some point, your volunteers will speak with their peers in the community, at which time they can explain their purpose.

Not feeling singled out by their peers as "police in hiding" may also provide an incentive for members of the community to step up and perhaps join the team or at least pass on information that may help your agency to solve and prevent crimes.

Projecting an image of helping the community - being supportive and assistive - extends beyond just words:

Some simple resources to consider would be providing your volunteers with a list of community agencies that offer help to folks who may be having problems paying their utility bills, resolving disputes with neighbors and landlords, finding educational programs to increase their self-worth and more.

Other ideas may include providing your volunteer units with donated child safety car seats, and/or bicycle helmets for families that may not otherwise be able to afford them.

Other items to consider may be new donated basketballs, footballs and games to give children in the community something constructive to do, rather than just hanging out on the street corner. Doing so will help your volunteers "walk the walk" if challenged by their peers to demonstrate how they are "assisting and supporting" the community versus "working for the police."

This is all part of building a trusting relationship. In the end, we freely share information with those we trust.