A New National Response Framework

Yesterday FEMA announced the release of an updated National Response Framework (the fourth edition).  The most notable changes in this version of the NRF are the inclusion of Community Lifelines and a change to Emergency Support Function (ESF) #14.  Previously, ESF #14 was Long-Term Community Recovery.  With efforts to further engage and coordinate with the private sector in disaster response, ESF #14 has been changed to Cross-Sector Business and Infrastructure.

So what of Long-Term Community Recovery?  The National Disaster Recovery Framework (2016) outlines Recovery Support Functions (RSFs), which, at the federal level, are organized as coordinating structures along with the ESFs.  There are six RSFs, which generally align with the Core Capabilities for the Recovery Mission Area.  For anyone who has worked with FEMA in disaster recovery operations, you know these can be massive organizations, so why create an even large organization?  This structure should support the ESFs in focusing on immediate needs, while the RSFs can address long-term recovery.  When the Federal disaster response organization is initially set up for a disaster, the ESFs are immediately put to work to support state and local emergency needs.  In this phase, the RSFs are able to organize, gather data, and plan for eventually being the lead players as response transitions to recovery.  Recovery is very much a data-driven operation.  As this transition occurs, with the RSFs taking over, many of the ESF resources can be demobilized or tasked to the RSFs.

What does this mean for states and locals?  Fundamentally, nothing.  States simply need to have an appropriate interface with the new ESF #14.  Do states and locals need to mirror this organization?  No, and in fact most of the time when I see an organization centered around ESFs, I tend to cringe.  The ESF/RSF system works for the federal government because of the multitude of federal agencies that have responsibility or involvement in any given function.  Fundamentally, ESFs/RSFs are task forces.  Recall the ICS definition of a task force, being a combination of resources of varying kind and type.

Certainly, most local governments, aside from perhaps the largest of cities, simply don’t have this measure of complexity and bureaucracy.  It can work for some state governments, but for many it may not make sense.  Let’s consider ESF #1 – Transportation.  How many state agencies do you have that have responsibility and assets related to transportation?  In some states, like New York, there are many, ranging from State DOT, NYS Parks, the Thruway Authority, and the multitude of other bridge, road, and transit authorities in the State. Smaller states may only have a State DOT.  One agency doesn’t make a task force.  There are other options for how you organize your emergency operations plan and your EOC that can make more sense and be far more effective.  Essentially what I’m saying is to not mirror the way the feds organize because you think you have to.  All plans must be customized to YOUR needs.

On to the integration of community lifelines.  The goal of the new ESF #14 is to not only engage the private sector, but also coordinate cross-sector operations for stabilizing community lifelines.  I’m interested to see how this plays out, since the community lifelines are already addressed by other ESFs, so I suspect that once the new framework is tested, there may be some supplemental materials that come out to balance this.  That said, the integration of community lifelines is a good thing and I’m glad to see this gaining more traction and truly being integrated rather than existing as a good idea that’s never actually tasked.  Integration of community lifelines is something that every state and local government can at least track, if not take action on, depending on their capability and resources.  The updated NRF added some additional context to community lifelines, with information that supports integrating this concept into planning, response, and recovery.  I happen to appreciate this community lifeline focused timeline that is in the NRF.

While the focus of the NRF is on how the federal government will response, it is intended to be reflective of a whole community response.  It doesn’t necessarily provide guidance (nor should it) on planning, but it certainly serves as a reference.  Since it seems the feds are going all in on the community lifeline concept, I urge state, local, tribal, and territorial governments to examine how they can integrate them into your operations.  That all starts with planning.  It may begin as a function of situational awareness, but then what actions should a jurisdiction take when lifelines are impacted?  Even if a jurisdiction doesn’t have the capabilities to address the root cause, they still need to address the affects.

What thoughts do you have on the NRF update?

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

EOC Management Organization

FEMA recently released a draft Operational Period Shift Brief Template for EOCs, open to public comment.  The document is fine, though there was one glaring issue… it assumes an ICS-based model is in use in the EOC.

With the release of the NIMS refresh, we were given some ‘official’ options for EOC management structures.  Unfortunately, we aren’t seeing much material that supports anything other than an ICS-based structure.  An ICS-based structure may certainly be fine, but every organization should examine their own needs to identify what works best for them.  Story time…

We recently completed a contract that included the development of a plan for a departmental operations center for a state agency.  The plan had to accommodate several considerations, including interaction with regional offices and operations, interaction with the State EOC, and integration of a call center.  When we talked to people, examined form and function, and looked at fundamental needs, the end result was an ICS-based organization.  While accommodations had to be made for translating their own agency structure and mission, it fit rather well.

For a contract we are currently working on, we are developing an EOC plan for a private utility.  Again, we reviewed documents, talked to people, and identified the fundamental needs of the company and the EOC organization.  The end result is shaking out to be something a little different.  At a glance, it’s largely ICS-based, but has some aspects of the Incident Support Model, while also having its own unique twists.  One particular observation was that their company’s daily structure has functions combined that we would normally break up in traditional ICS.  Breaking these functions up for an incident would be awkward, disruptive, and frankly, rather absurd.  Not only would personnel be dealing with something out of the ordinary, they would be changing the flow of corporate elements that have been placed together by necessity in their daily operations, which would detract from their efficiency during the incident.

My third example is a contract we are just getting started on.  This project involves developing an EOC plan for a municipality.  While we’ve had some initial discussions, we aren’t sure what the end result will be just yet.  The client isn’t set on any particular structure and is open to the process of discovery that we will be embarking on.  As I’ve thought about their circumstances and the recent and current work we’ve done on this topic, there are a few things that have come to mind.

  1. While NIMS is all about standardization and interoperability, the range of utility of emergency operations centers, in any form, and the mission, organization, an innate bureaucracy of the ‘home agency’ have a heavy influence on what the EOC’s organization will look like.
  2. While there still should be some standard elements to an EOC’s organization, there is generally less fluidity to the composition of an EOC, especially as it compares to a field-level incident command where the composition of the responding cadre of organizations can radically differ.
  3. Consider the doctrinal core concepts of ICS as really core concepts of incident management, thus we can apply them to any structure. These concepts are fundamental and should exist regardless of the organization used.  Some examples…
    1. Unity of Command
    2. Modular organization
    3. Manageable span of control
    4. Consolidated action plans
    5. Comprehensive resource management
  4. We need to acknowledge that the full benefit of organization standardization, exhibited by the ability of incident management personnel to be assigned to a new EOC and be able to immediately function, is potentially compromised to an extent, but that can be largely mitigated by adherence to the core concepts of ICS as mentioned previous. Why?  Because the system and processes of incident management are still largely the same.  These new personnel need just a bit of an orientation to the organizational structure being used (particularly if they are to be assigned in a leadership capacity at any level).

The most important consideration is to develop a plan.  That will provide extensive benefit, especially when done properly.  Follow the CPG 101 guidance, build a team, do some research, and weigh all options.  The end goal is to identify an organizational structure that will work for you, not one that you need to be forced into.  Bringing this around full circle, we need to know that with whatever system you decide to use, expect that you will need to develop your own training, job aids, and other support mechanisms since they largely don’t exist for anything outside of an ICS-based structure.  Note that even for an ICS-based model, there are needs… consider that there is no ‘official’ planning P for EOCs (one that is less tactics-focused), and, of course, that ICS training alone isn’t enough to run your EOC by.

I don’t place any blame for this need… consider that FEMA, with finite resources just like the rest of us, tries to produce things that are of the greatest utility to as much of the nation as possible, and right now, most EOCs are run on an ICS-based model.  While I hope this will expand over time, every entity will still be responsible for developing their own training on how they will organize and respond.  No training developed by a third party for a mass audience can ever replace the value of training designed specifically to address your plans.

I’m interested in hearing what changes are being made to your EOC organizations and how you are addressing needs.

© 2019 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

A Deeper Review of FEMA’s E/L/G 2300 EOC Intermediate Course

A couple months ago I got my hands on the materials for the ELG 2300 EOC Intermediate course.  Back in early June I gave an initial review of this course, based on information from a webinar and the course’s plan of instruction.   Unfortunately, upon reviewing the actual course materials, my initial concerns have been reinforced.

First, I’ll start off with what I think are the positives of this course. The course doesn’t stray from NIMS, and applies a practical integration of the NIMS management concepts, which we are mostly used to seeing in ICS, into the EOC environment.  This is 100% appropriate and should always be reinforced.  The course also references the EOC National Qualification System skillsets.  It’s great to see the NQS referenced in training as they otherwise receive very little attention, which actually brings about a lot of concern as to their overall adoption.  Two units within the course provide some incredibly valuable information.  Those are Unit 5 (Information and Intelligence Management) and Unit 7 (EOC Transition to Recovery).

On to the down side of things… As mentioned in my review a couple months back, the course objectives simply don’t line up with what this course needs to do – that is, it needs to be teaching people how to work in an EOC.  So much of the content is actually related to planning and other preparedness activities, specifically Units 3, 4, and 8. Unit 3 dives into topics such as position tack books, organizational models, EOC design, staff training and qualifications, exercises and more.  Though, ironically enough, there is little to no emphasis on deliberate PLANNING, which is what all this relates to.  This isn’t stuff to be thinking about during an EOC activation, but rather before an activation.  Unit 4, similarly, gets into triggers for activation, how to deactivate the EOC, and other topics that are planning considerations.  Unit 8 dives more into design, technology, and equipment.  While it’s valuable for people to know what’s available, this is, again, preparedness content.

There is a lot of repetitive content, especially in the first few units, along with some typos, which is really disappointing to see.  There are also some statements and areas of content which I wholeheartedly disagree with.  Here are a few:

  • There is ‘no common EOC structure’.   There are actually a few.  Hint: they are discussed in the NIMS document.  I think what they are getting at with this statement is that there is no fixed EOC structure.
  • ‘EOC leaders determine the structure that best meets their needs’. False. Plans determine the structure to be used.  While that organizational model is flexible in terms of size of staff and specific delegations, the lack of context for this statement seems to indicate that the EOC Manager or Director will determine on the fly if they will use the ICS-based model, the Incident Support Model, or another model.
  • One slide indicates that use of the ICS-based model doesn’t require any additional EOC training beyond ICS for EOC staff. Absolutely false!  In fact, this sets you up for nothing but failure.  Even if the model being applied is based on ICS, the actual implementation in an EOC is considerably different.  I’ve written about this in the past.
  • The Incident Support Model ‘is not organized to manage response/recovery efforts’. Wrong again.  With the integration of operations functions within the Resource Support Section, response and recovery efforts can absolutely be managed from the EOC.

There is another area of content I take particular exception with.  One slide describes ‘incident command teams’, and goes on to describe the Incident Command Post (which is a facility, not a team), and an Incident Management Team, with the formal description of a rostered group of qualified personnel.  Not only is this slide wrong to include an Incident Command Post as a ‘team’, they are fundamentally ignoring the fact that ‘incident command teams’ are comprised every damn day on the fly from among responders deploying to an incident.  These are the exact people I espouse the need to train and support in my discussions on ICS.

My conclusions… First of all, this course does not do as it needs to do, which is training people how to work in an EOC.  While the preparedness information it gives is great, operators (people assigned to work in an EOC) will be taking this course expecting to learn how to do their jobs.  They will not learn that.  I’ve advocated before for most training to be set up similar to HazMat training, utilizing a structure of Awareness, Operations, Technician, Management, and Planning focused courses which are designed to TEACH PEOPLE WHAT THEY NEED TO KNOW based upon their function.  Largely, this course is a great Planning level course, that is it’s ideal for people who will be developing EOC operational plans, standard operating guidelines, position qualification standards, and other preparedness material.  I think that Operations, Technician, and Management level training is going to be left to jurisdictions to develop and implement, as it certainly isn’t found here.

I urge a lot of caution to everyone before you decide to teach this course.  Take a look at the material and decide if it’s really what your audience needs.

What are your thoughts on this course?  Will your jurisdiction get use out of it?

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

A New Vision for ICS Training

Yep, I’m still at it.  It seems with every post about the condition of Incident Command System training as we know it, I’m able to draw more people into our cause (aka the Crusade).  While I’ve never espoused there to be an easy solution, the training that we currently provide for ICS falls well short of doing us any favors.  People walk out of each subsequent training course with a marginally increased understanding of the system and how to use it.  And that’s really the fundamental problem, isn’t it?

Perhaps at some point, someone had the idea of developing ICS 100-400 to be knowledge-based courses, with position-specific training to be more about application.  Unfortunately, that’s a significant disservice to responders and the populations they serve, which was further exacerbated by the NIMS training requirements, creating a type of a false sense of security in which people believed that they have ‘been trained in ICS’, therefore all is well in the world.  Responders, in the broadest sense, at supervisory levels within every community should be trained not only in what ICS is but also how to implement it.  Not every community, for a variety of reasons, has reasonable access to position-specific training, so the core ICS curriculum absolutely MUST do a better job in teaching them how to implement the system.

This also goes further than just training.  ICS, like so many other things, is a knowledgebase that tends to degrade over time.  Without practice, you tend to lose the skills.  This is how people who are on Incident Management Teams or those who work regularly in an ICS-based Emergency Operations Center are so well practiced in the system.  In the absence (hopefully!) of actual incidents, planned events and exercises go a long way to keeping skills sharp.  Even those, however, can get costly and time-consuming to design and conduct.  Enter the hybridization of scenario-based training, which is something I’ve written on in the past.  Not only do we need to include more scenario-based training in everything, we need to include a scenario-based ICS skills refresher course as part of the core ICS curriculum.

While I continue to have various thoughts on what there is to be done with the ICS curriculum as a whole, here is my current vision…

ICS-100: (What is ICS?)  Pretty much keep this as is, with options for on-line and classroom delivery.  The purpose of this course is to serve as an introduction to ICS concepts for those who are likely to come into contact with it and work in lower levels within the system.  This is levels one (knowledge) and two (comprehension) of Bloom’s taxonomy.  It shall serve as a prerequisite to further ICS classes as it provides much of the fundamental terminology.

ICS-200: (How do I work within the system?)  Tear down/burn down/nuke the on-line version and never look back.  Simply making it ‘more accessible’ doesn’t mean that it’s good (it’s not).  The purpose of this course is to expand on knowledge and begin to approach functionality.  I expect content to reach deeper than what is currently within the course.  Without looking at specific content areas, I envision this course to be mostly level two (comprehension) of Bloom’s taxonomy with some touches on level three (application).  Perhaps the only level one content that should be introduced in this course are some fundamentals of emergency management.  Some of the content areas currently in the ICS 300 absolutely need to be moved into the ICS 200 to not only make the ICS 200 more impactful, but to also set up the ICS 300 as being fully focused on implementation of the system.  Expanded content may mean taking this course to a duration of up to three days (it even feels taboo writing it!). ICS 100 (taken within six months) is a prerequisite.

ICS-300: (How do I manage the system?) The most recent update of the ICS 300 course begins to approach the vision for what we need, but more work needs to be done.  This course needs to be much less about the system and more about how to IMPLEMENT and MANAGE the system.  This course is firmly rooted in level three (application) of Bloom’s taxonomy, with perhaps some level four objectives, which gets into analysis (troubleshooting and creative solutions… because that’s what emergency management is really all about!).  Much of this course is scenario-based learning centered on implementation and management of an incident through the use of ICS.  Less instruction, more guidance.  And because, at this point, ICS isn’t the only thing at play in real life, concepts of broader incident management are also applied.  ICS 200 is naturally a prerequisite, and should have been taken within a year.

ICS Implementation Refresher Course: This would be designed as a post- ICS 300 course, taken every year or two.  Reasonably, this can be accomplished in a day of intensive scenario-based training.

ICS-400: (A prerequisite for position-specific training).  Eliminate this from the core curriculum.  Seriously.  Most of the current content of this course is not needed in the core ICS curriculum.  Time is better spent in a more intensive ICS 300 course than teaching people about some (largely) obscure applications of ICS which are usually only ever performed by incident management teams.  The current content is largely fine, it just has such little impact on local implementation of ICS and is really rather awkward within the continuity of the curriculum.

Thoughts and feedback are always appreciated.  If we are to succeed and build a better mouse trap, it will be through dialogue and sharing of ideas.

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

A Podcast That is Not a Catastrophe

I’ve written in the past a few times about some emergency management and homeland security podcasts that I recommend.  As a podcaster myself, I’ve become a bit more discerning about what I listen to, which is a pretty extensive library of nerd culture, EM/HS, entrepreneurial, and political commentary podcasts.  I’ve recently come across a new podcast which is absolutely being added to my regular listening, and that’s Catastrophe!

Catastrophe! is hosted by Jess Phoenix and her husband Carlos.  Jess is a volcanologist with numerous television appearances and interviews related to such, and is well versed in a range of topics within emergency management and climate change.  Carlos is a cybersecurity and risk management expert, and together they run the non-profit Blueprint Earth.  The two complement each other well as hosts and are able to bring their experiences into the discussion.

As of my writing, Catastrophe! has released four episodes, with the current focus being on human caused disasters.  I’ve so far listened to the introductory episode and the fourth episode, which is on the Centralia PA Mine Fire, a disaster that has fascinated me for years.  While I do need to jump back to episodes 2 and 3, I’ll say that even in just the span of a few episodes, Jess and Carlos got more comfortable behind the mic, providing much smoother conversations.

The coverage they give on the catastrophes they discuss is great, with well researched topics and a presentation style that is interesting, entertaining, and even a bit instructional as they break down some of the technical aspects within each show’s topic area.  They have largely dedicated themselves to being a family friendly podcast, so I’d say that their show is appropriate for teens on up.  Their website, catastropheshow.com, also includes some great information complementing each show, with pictures, maps, links, and references.

I’m hopeful that Catastrophe! has a long and successful run.  You can find it through all the regular podcast apps or stream episodes from their website. Follow them on Twitter @catastrophepod and be sure to give them a listen, subscribe, and leave reviews wherever you find your podcasts.  I’m hopeful that they cover the Boston molasses flood soon!

  • Tim Riecker, CEDP

Conduct of the New ICS 300 and 400 Courses

Last month a colleague and I delivered the new ICS 300 and 400 courses for a client.  If you’ve missed them, I have some early review notes and overall thoughts posted.  Nothing gets you into the curriculum like teaching it, though.

First, some credit to our course participants, who were extremely supportive in this delivery.  They were patient with our occasional need to double check the instructor guide and even helped to point out some inconsistencies.  While we each have about fifteen years of experience in teaching the courses, the first few times out with a new flow and format, along with new activities takes a bit of getting used to.  The courses also offered some challenges that had to be overcome in our course prep and delivery.

Leading off with the good foot, both courses reflect a positive direction of change.  It’s not the wholesale change that I’ve been stumping for, so expect to continue to see me championing more changes, but we are seeing positive movement in the right direction, at least with the ICS 300 course.  (I still hold out that most of the content of the ICS 400 course isn’t necessary for most who take it.  Time would be far better spent with grounding the concepts of ICS and supporting implementation of the aspects that are most likely to be used.)

Both courses continue a trend of scenario-based learning reinforcement, with the ability to utilize a progressive scenario threaded throughout the ICS 300 course and scenarios within the ICS 400 that help demonstrate when and how these concepts might be used.  While the ICS 300 materials provide several new scenarios for use, we actually didn’t use their progressive scenarios as our client had some specific needs, requiring us to build a localized scenario for them.  That said, the scenarios provided in the ICS 300 are easily adaptable to meet your needs.  Just be aware of the intent of each phase of the scenario and don’t alter the overall concept.

The endeavor to ground ICS as an operational tool is emphasized in Unit 4 of the ICS 300, Implementing an Operational Process.  This unit really seems to pull together the whole reason for being for ICS, especially in an extended operation, and is a good introduction to the Planning Process.  This unit was very well designed and is one of the most progressive changes in the course.

Not a lot was substantially changed in the ICS 400.  Aside from my earlier comment on the questionable necessity for most of the content, the course, as designed, is good enough to address what is intended, even if that intent seems misguided.  Much of the course was kept the same as the previous version, but there were a few tweaks and adjustments throughout.  The activity in Unit 2, the Fundamentals Review is multi-tiered and is very effective.  Unit 5 provides a lot of content on EOCs which wasn’t previously included as much, as well as introducing disaster recovery topics, which at this level incident the leadership of organizations (i.e. those taking this course) need to be aware of.  This is largely ‘bonus content’ which I had provided in the course off script in the past, as it wasn’t included.  I’m very happy to see this as part of the course now. The capstone exercise is the same as the previous version of ICS 400 and is still very well structured and produces great outcomes for participants.

On the down side… well, there is some substantial down side. I provided a fairly detailed list (of both positives and areas for improvement) to EMI.  Taking the course at face value – that is looking at what we have, not what I think it should be, most of the issues I had with this course have to do with faulty instructional design.  There is no way around saying that it was done very poorly.  There was significant lack of attention to detail… so many mis-spellings (spell check is a free feature included in every word processing program – FYI), inconsistencies between the Student Manual and Instructor Guide, problems with scenarios which are not part of the progressive scenario, graphics so small they are not visible for participants in the student manual, and some issues of course flow and organization.

Unit 3 in the ICS 300 course is titled Initial Actions for Unified Command.  So much of the unit is built on the premise that a unified command is formed in the initial response of an incident, practically exclusive of even the possibility of a single command.  This is insanely misleading and required some significant extended explanation on the part of our instructional team to temper that content.

Earlier I complemented unit 5 of the ICS 400, particularly for the additional material provided on various types of EOCs and extending the discussion into recovery.  While these are great, the unit should be organized earlier in the material, especially with several earlier references to EOCs without explanation of what they are.  Practically speaking, the concept of the EOC has far more actual use than any of the other concepts discussed in the course.  There is also way too much material on federal-level EOCs, most of which are so far removed from incident management that most emergency managers have no interaction at all with them.  I think this content should speak about EOCs in general terms.

I think Central City needs to be erased from all memory, and a new fictional jurisdiction developed.  The maps for Central City, et al, keep getting recycled and are small in print, confusing in design, and clearly dated.

The final exams for both courses were very bad.  They each had questions that our instructional team agreed to throw out, as they were poorly worded or ambiguous and nearly every participant got them wrong.  Even most of the valid questions and answers simply aren’t suitable for short-duration training, and certainly not with a closed book exam.

In all, I provided three pages of comments back to EMI. I’m appreciative of EMI being so receptive to the feedback and candid about certain issues they had in the development of these courses.  In respecting their candor, I’m not going to get into some of the points brought up, but it certainly appears as though they are disappointed with the condition in which these courses went out the door and they have a desire to improve them.  Hopefully it won’t be too long until you see another update of the course materials with most of these issues addressed.

I look forward to hearing from others about their experiences with delivering these updated courses.  As such a central topic to the greater public safety and emergency management community, we need to do better with teaching incident management and ICS as the primary tool we use for incident management.  As a community of practice, we need to get behind this initiative and support the need for significant improvement.  Of course if you aren’t familiar with my crusade on the matter, check out the series of ICS Training Sucks articles I’ve posted over the past few years.

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Spreading the Word

Some of you may have noticed that Lucien Canton, who writes the monthly Emergency Management Solutions newsletter, has featured some of my articles over the past few months.  (Thanks Lu!)

While Lu and I have never met, we have periodically corresponded over the past several years.  He is a highly experienced emergency manager and consultant, speaker, and author in the field, who, like me, has a passion for writing.  He covers a variety of topics in his newsletters and articles, from emergency management, to business acumen, and more.  Lately, he has been kind enough, in the collaborative nature of emergency management, to feature other bloggers, such as me, in his newsletter as well.

You can check out his current and past newsletters and featured articles here, along with other services and materials he offers.  Be sure to subscribe to this newsletter, which has great information every month!

-TR