Thinking Beyond the Active Shooter

While there is obviously a great deal of attention placed on preparing for, preventing, and responding to active shooter events, is that where the focus really needs to be?  Yes, active shooter incidents are devastating, but they aren’t taking into consideration the full potential of we might be facing.  The DHS definition of ‘active shooter’ actually allows room for additional potential, but the term is still misleading and indicates the presence of only one perpetrator.  (DHS definition: “Active shooter is an individual actively engaging in killing or attempting to kill people in a confined and populated area.”)

First, let’s consider that more than one person could be perpetrating the incident.  Second, let’s consider that the perpetrator/perpetrators might be using something other than or in addition to firearms.  This could include edged weapons, blunt weapons, improvised explosives, or other threats.  Third, let’s consider an increased complexity, including synchronized attacks conducted by one or more independent teams occurring at multiple locations sequentially or in close succession.

To address these potentials, we’ve heard the terms ‘Active Assailant’, which certainly addresses individual(s) using any form of weapon(s) in their attack methodology.  This can also address the more highly complex incident type, which is commonly referred to as a ‘Complex Coordinated Attack’ or ‘Complex Coordinated Terrorist Attack’.  In essence, we are talking about the same conceptual incident, with varying complexity.  But what’s the difference?

The difference is that we should be preparing for a credible worst-case scenario.  While a single shooter is more likely to occur in most places, we’ve seen incidents of knife attacks such as those in recent months in London and Japan.  We’ve also seen motor vehicle attacks in Berlin and NiceThe Columbine High School attack involved firearms, knives, and improvised explosive devices, although the latter weren’t successfully detonated.  For their own reasons, none of these seem to match up with the impression most have with the term ‘Active Shooter’.  ‘Active Assailant’ might be better a better term generally for these kinds of incidents.   More specifically, by current standards, Columbine would likely meet the definition of ‘Complex Coordinated Attack’.  A complex coordinated attack doesn’t necessarily require a high value target or an international terrorist group to perpetrate.

When a jurisdiction plans for a flood, they generally don’t prepare for a couple of road washouts that might occur with a hard rain storm.  They should be preparing for the sudden destructive power of flash floods and the slower but equally devastating potential of areal flooding.   If the jurisdiction is prepared for the credible worst-case scenario, their preparations should be able to address flooding of a lower magnitude.  I’d argue the same for the range of active assailant incidents.  Active shooter incidents are one specific type of active assailant incident, but are not what our preparedness activities should be focused on, as these kinds of incidents can be much more complex and devastating.  Preparedness efforts should, instead, focus on the complex coordinated attack, which is arguably the most multifaceted and impactful type of this incident.  Preparing for the credible worst-case scenario will help ensure our preparedness across the entire spectrum of this kind of incident.

As always, feedback is appreciated.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Reviewing Health Care and Public Health Capabilities

Most in emergency management and homeland security are aware of the National Preparedness Goal’s 32 Core Capabilities, but are you aware of the Health Care and Public Health capabilities promulgated and published by the HHS/ASPR and the CDC?

Recently updated, the 2017-2022 Health Care Preparedness and Response Capabilities are assembled by the US Department of Health and Human Services (HHS) Assistant Secretary for Preparedness and Response (ASPR).  According to ASPR, these capabilities are intended to ‘describe what the health care delivery system must do to effectively prepare for and respond to emergencies that impact the public’s health’.  The health care delivery system includes health care coalitions (HCCs), hospitals, and EMS.  These consist of four capabilities:

  1. Foundation for Health Care and Medical Readiness
  2. Health Care and Medical Response Coordination
  3. Continuity of Health Care Service Delivery
  4. Medical Surge

The Centers for Disease Control and Prevention (CDC) (also part of HHS) publishes the Public Health Preparedness Capabilities.  The current version of the Public Health capabilities is dated 2011, with the CDC being anticipated to begin updating the document in late summer of 2017.  The CDC’s Public Health Preparedness Capabilities help to establish standards for state and local public health preparedness through 15 capabilities, which are:

  1. Community Preparedness
  2. Community Recovery
  3. Emergency Operations Coordination
  4. Emergency Public Information and Warning
  5. Fatality Management
  6. Information Sharing
  7. Mass Care
  8. Medical Countermeasure Dispensing
  9. Medical Material Management and Distribution
  10. Medical Surge
  11. Non-Pharmaceutical Interventions
  12. Public Health Laboratory Testing
  13. Public Health Surveillance and Epidemiological Investigation
  14. Responder Safety and Health
  15. Volunteer Management

Similar to the use of the Core Capabilities in emergency management and homeland security broadly, I see the ASPR and CDC sets of capabilities as providing an opportunity to identify capabilities which are functionally focused.  Aside from the three common Core Capabilities (Planning, Public Information and Warning, and Operational Coordination), there is only one public health/health care-specific Core Capability: Public Health, Health Care, and Emergency Medical Services.  It makes sense for these areas to need to further identify and refine their own capabilities.  It might be interesting to see other sub-sets of public safety, such as fire and law enforcement do the same relative to the Core Capabilities they each heavily participate in.  Or it might send us down a rabbit hole we don’t need to jump down…

That said, I always champion opportunities for synergy and streamlining of existing systems and doctrine, and I’m rather disappointed that has not been done.  There is clearly overlap between the ASPR and CDC capabilities as compared to the Core Capabilities; that being apparent in even the titles of some of these capabilities addressing topics such as operational coordination, mass care, and public information and warning.

Corresponding to the recent release of ASPR’s updated Health Care Preparedness and Response Capabilities, I sat through a webinar that reviewed the update.  The webinar gave an opportunity for me to ask if there was any consideration given to structuring these more similarly to the National Preparedness Goal’s Core Capabilities.  In response, ASPR representatives stated they are working with the Emergency Preparedness Grant Coordination Working Group, which consists of ASPR, CDC, Health Resources and Services Administration, DHS/FEMA, US DOT, and the National Highway Traffic Safety Administration.  This working group has developed an interim crosswalk, applicable to the current documents, and expected to be updated with the CDC’s update to the Public Health Preparedness Capabilities.  While a crosswalk helps, it still acknowledges that each are operating within their own silos instead of fully coordinating and aligning with the National Preparedness Goal.  The world of preparedness is dynamic and made even more complex when efforts aren’t aligned.

Regardless of the lack of alignment, these are great tools.  Even if you aren’t in public health and health care, you should become familiar with these documents, as they represent important standards in these fields.  Similar to the Core Capabilities, grants and preparedness activities are structured around them.  If you interface with public health and health care, you have even more reason to become familiar with these – as they are likely referenced in multi-agency discussions and you should be aware of the similarities and differences between these and the Core Capabilities.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Pre-Disaster Recovery Planning Guidance

So much of preparedness focuses on the Response mission area, which is necessary, given the need to protect life and property in the immediate aftermath of a disaster; but we should never leave disaster recovery by the way side.  I’ve blogged in the past about the significant lack of Recovery mission area exercises we typically see, but we shouldn’t forget that the foundation of preparedness is planning.  How does your pre-disaster recovery plan look?

If jurisdictions have a pre-disaster recovery plan at all (and I mean beyond two paragraphs in their comprehensive emergency management plan), it’s typically focused on debris management.  This isn’t without good cause.  Debris management is incredibly complex, has a lot of benchmarks to follow in terms of best practices, and must include all of FEMA’s requirements, which largely stem from lessons learned in debris management.  Having a debris management plan in place can also qualify a jurisdiction to receive a higher percentage of reimbursement.  That said, debris management isn’t the only aspect of recovery that must be planned for.

FEMA recently released the Pre-Disaster Recovery Planning Guide for State Governments (November 2016).  I’ll admit, the first thing I looked for in the document were references to CPG-101, which is FEMA’s established standard for planning.  I was thrilled to find that it’s not only mentioned, but much of the document is based upon CPG-101.  Found in the document’s early narrative are topics such as the importance of aligning disaster recovery with hazard mitigation, as well as aligning disaster recovery with response.  These are two important factors which make disaster recovery even more complex, as disaster recovery is clearly not only an end state itself, but also a bridge between response and mitigation.

The document also outlines the differences and similarities between pre-disaster recovery planning and post-disaster recovery planning.  Another important distinction.  Many give the excuse of not having a vigorous pre-disaster recovery plan because there are too many unknown variables to anticipate and plan for.  I usually throw my bullshit flag on this statement.  While there is some truth to the statement, it’s also a convenient excuse.  For the same reasons why we create emergency operations plans before a disaster ever strikes, we must develop recovery plans before a disaster strikes.  While there are unknowns, there are also many solid assumptions we can make for the foundation of our planning.  We can identify key activities, assign responsibility, and work toward identifying gaps and building capability and capacity.  Once a disaster does occur, we then pull people out of the response to begin drawing up more specific plans for disaster recovery, hopefully capitalizing on our pre-disaster planning efforts.

Much of the document is a breakdown of CPG-101 planning steps in the context of disaster recovery.  They give some great examples and references throughout the document.  From my quick review, this is a pretty solid document.  While the intended audience is state government, I see easy applicability of this document to most, if not all, local governments – so long as it’s approached with a scaled perspective.

I’m very pleased that FEMA continues to tie preparedness standards together, doing away with decades long practices of response-oriented preparedness tasks being handled one way, while the tasks of other mission areas are handled very differently.  Across the whole spectrum of preparedness, in consideration of every mission area and each of the POETE elements, we need to start identifying critical intersections which will help us capitalize on efforts.  We need to do away with the isolation and siloing of these, and begin working more collaboratively.  From this, we will see greater success.

Consume and ponder.  Feedback is always appreciated.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Measuring Preparedness – An Executive Academy Perspective

A recent class of FEMA’s Emergency Management Executive Academy published a paper titled Are We Prepared Yet? in the latest issue of the Domestic Preparedness Journal.  It’s a solid read, and I encourage everyone to look it over.

First off, I wasn’t aware of the scope of work conducted in the Executive Academy.  I think that having groups publish papers is an extremely important element.  Given that the participants of the Executive Academy function, presently or in the near future, at the executive level in emergency management and/or homeland security, giving others the opportunity to learn from their insight on topics discussed in their sessions is quite valuable.  I need to do some poking around to see if papers written by other groups can be found.

As most of my readers are familiar, the emphasis of my career has always been in the realm of preparedness.  As such, it’s an important topic to me and I tend to gravitate to publications and ideas I can find on the topic.  The authors of this paper bring up some excellent points, many of which I’ve covered in articles past.  They indicate a variety of sources, including literature reviews and interviews, which I wish they would have cited more completely.

Some points of discussion…


The authors discuss the THIRA and SPR – two related processes/products which I find to be extremely valuable.  They indicate that many believe the THIRA to be complex and challenging.  This I would fully agree with, however I posit that there are few things in the world that are both simple and comprehensive in nature.  In particular regard to emergency management and homeland security, the inputs that inform and influence our decisions and actions are so varied, yet so relevant, that to ignore most of them would put us at a significant disadvantage.  While I believe that anything can be improved upon, THIRA and SPR included, this is something we can’t afford to overly simplify.

What was most disappointing in this topic area was their finding that only a scant majority of people they surveyed felt that THIRA provided useful or actionable information.  This leaves me scratching my head.  A properly done THIRA provides a plethora of useful information – especially when coupled with the SPR (POETE) process.  Regardless, the findings of the authors suggest that we need to take another look at THIRA and SPR to see what can be improved upon, both in process and result.

Moving forward within the discussion of THIRA and SPR, the authors include discussion of something they highlight as a best practice, that being New York State’s County Emergency Preparedness Assessment (CEPA).  The intent behind the CEPA is sound – a simplified version of the THIRA which is faster and easier to do for local governments throughout the state.  The CEPA includes foundational information, such as a factual overview of the jurisdiction, and a hazard analysis which ranks hazards based upon likelihood and consequence.  It then analyses a set of capabilities based upon the POETE elements.  While I love their inclusion of POETE (you all know I’m a huge fan), the capabilities they use are a mix of the current Core Capabilities (ref: National Preparedness Goal) and the old Target Capabilities, along with a few not consistent with either and a number of Core Capabilities left out.  This is where the CEPA falls apart for me.  It is this inconsistency with the National Preparedness Goal that turns me off.  Any local governments looking to do work in accordance with the NPG and related elements, including grants, then need to cross walk this data, as does the state in their roll-up of this information to their THIRA and SPR.

The CEPA continues with an examination of response capacity, along the lines of their response-oriented capabilities.  This is a valuable analysis and I expect it becomes quite a reality check for many jurisdictions.  This is coupled with information not only on immediate response, but also sustained response over longer periods of time.  Overall, while I think the CEPA is a great effort to make the THIRA and POETE analysis more palatable for local jurisdictions, it leaves me with some concerns in regard to the capabilities they use.  It’s certainly a step in the right direction, though.  Important to note, the CEPA was largely developed by one of the authors of the paper, who was a former colleague of mine working with the State of New York.

The Process of Preparedness

There are a few topic areas within their paper that I’m lumping together under this discussion topic.  The authors make some excellent points about our collective work in preparedness that I think all readers will nod their heads about, because we know when intuitively, but sometimes they need to be reinforced – not only to us as practitioners, but also to other stakeholders, including the public.  First off, preparedness is never complete.  The cycle of preparedness – largely involving assessment, planning, organizing, equipping, training, and exercising – is just that – a cycle.  It’s endless.  While we do a great deal of work in each of these, our accomplishments are really only temporary.

The authors also mention that our information is not always precise.  We base a lot of what we do in preparedness on information, such as a hazard analysis.  While there are some inputs that are factual and supported by science, there are many that are based on speculation and anecdote.  This is a reality of our work that we must always acknowledge.  As is other of their points – there is no silver bullet.  There is no universal solution to all our woes.  We must constantly have our head in the game and consider actions that we may not have ever considered before.

ICS Improvement Officer

The authors briefly discuss a conceptual position within the ICS Command Staff they call the ICS Improvement Officer.  The concept of this fascinating, if not a bit out of place in this paper given other topics of discussion.  Essentially, as they describe this position, it is someone at the Command Staff level who is responsible for providing quality control to the incident management processes and implementations of the organization.  While I’ve just recently read this paper and haven’t had a lot of time to digest the concept, I really can’t find any fault with the concept.  While the planning process itself is supposed to provide some measure of a feedback loop, there isn’t anyone designated in the organization to shepherd that process beginning to end and ultimately provide the quality control measures necessary.  In practice, I’ve seen this happen collaboratively, among members of the Command and General Staff of a well-staffed structure, as well as by the individual who has the best overall ICS insight and experience in an organization – often the Planning Section Chief.  The authors elude to this position also feeding an AAR process, which contributes to overall preparedness.  I like this idea and I hope it is explored more, either formally or informally.


There are a number of other topic areas of this paper which I haven’t covered here, but I encourage everyone to read on their own.  As mentioned earlier, I’d like to see more of the research papers that come from FEMA’s Emergency Management Executive Academy available for public review.  Agree or disagree with their perspectives, I think their discussions on various topics are absolutely worth looking at.  It’s these discussions like these which will ultimately drive bigger discussions which will continue to advance public safety.

I’m always interested in the perspectives of my readers.  Have you read the paper?  What do you think of the discussion topics they presented?

© 2017 – Timothy M Riecker, CEDP

Emergency Preparedness Solutions, LLC