The Hawaii Saga

I simply don’t think I can refrain from some extended commentary on the Hawaii missile notification incident any longer.  I’ve tossed a few Tweets on this topic in the past couple of weeks, but as the layers of this onion are peeled back, more and more is being revealed.  I’m not a conspiracy theorist, but the number of half-truths that have been reported on this incident lead me to believe we still don’t know everything that transpired that morning.  Now that the FCC has leaned into this investigation, more and more information is being revealed, despite reports that the employee at the center of it gave limited cooperation in the investigation (likely at the advice of an attorney).  Most of my commentary is based upon information reported by the Business Insider and Washington Post which includes information from the ongoing FCC investigation.

eas_logo_rev1_3

First, why was public notification of a false missile strike such a big deal?  The effective practice of notification and warning in emergency management relies on the transmission of accurate, timely, and relevant information.  Since emergency management is already challenged by a percentage of citizens that willfully don’t pay attention to warnings, don’t care about them enough to take action, or otherwise refuse to take action, the erosion of any of these pillars will degrade public trust in an already less than ideal environment.  We sometimes struggle to get accurate weather-related warnings issued, but when a warning is sent for a ballistic missile strike that isn’t occurring, that’s a significant error.  We certainly saw across social media the stories of people on the Hawaiian Islands as well as those in the continental US with friends and family in Hawaii.  The notification of an impending ballistic missile strike is terrifying to a population.  Imagine saying good bye to your family and loved ones for what you think is the last time.  What truly made this erroneous notification unforgivable was the 38-minute time span it took for it to be rectified.

While there is a lot of obvious focus on the employee who actually activated the alert, I see this person as only one piece of the chain of failures that occurred that morning.  It was first reported that the employee accidentally selected the wrong option in a drop-down menu; selecting an actual alert instead of a test.  While mistakes can and do happen in any industry, the processes we use should undergo reviews to minimize mistakes.  Those processes include the tools and technology we use to execute.  Certainly, any system that issues a mass notification should have a pop-up that says ‘ARE YOU REALLY SURE YOU WANT TO DO THIS???’ or a requirement for verification by another individual.  I’ll note that the Business Insider article says there is a verification pop-up in the system they used, so clearly that wasn’t enough.

Findings released from the initial FCC investigation found that the employee apparently thought this was a real incident instead of an exercise, therefore, their action was intentional.  So, we have another mistake.  As mentioned before, the processes and systems we have in place should strive to minimize mistakes.  A standard in exercise management is to use a phrase similar to ‘THIS IS AN EXERCISE’ in all exercise communications.  By doing so, everyone who receives these communications, intentionally or otherwise, is aware that what is being discussed is not real.  I would hope that if the warning point employee heard that phrase with the order to issue an emergency alert, the outcome would have been different.  According to the FCC report, the phrase ‘Exercise, exercise, exercise’ was used, but so was the phrase ‘this is not a drill’.  While reports indicate some issues with past performance of this employee, I would caution that messages such as this are confusing and should never be issued in this manner.  They need to take a serious look at their exercise program and how it is managed and implemented.

Next, 38 minutes of time passed before a retraction was issued.  Forgive me here, but what the fuck happens in 38 minutes that you can’t issue a retraction?  There are timelines posted in the Business Insider and Washington Post articles on this matter.  I believe that what I’m reading is factual, but I shake my head at the ineptitude of leadership that existed, ranging from the employee’s supervisor, to the agency director, and all the way up to the Governor.  There is no reason a retraction could not have been issued within minutes of this false alarm.  We see things in this timeline such as ‘drafting a retraction’ and ‘lost Twitter password’.  Simply bullshit.  There isn’t much to draft for an initial retraction other than ‘False Alarm – No missile threat’.  We know from later in the timeline that this could have been sent through the same system that sent the initial message.

It’s noted that Hawaii EMA didn’t have a plan in place for issuing retractions on messages.  An easy enough oversight, I suppose, but when they report that this same employee had issued false messages on two previous occasions, a plan would have been developed for something that was an obvious concern.

A possible path to correction is a bill that may be introduced by Sen. Brian Schatz which would give the US Departments of Defense and Homeland Security the responsibility to notify the public of an incoming missile attack.  Is this a perfect fix? No.  Consider that weather alerts can be issued by the National Weather Service, or by state or local emergency management agencies based upon NWS information or what they are actually observing on the ground.  I’m a big believer in state’s rights as well as their ultimate responsibility to care for their populations, so I believe the states should have the ability to issue such alerts, however they should generally be defaulting to DoD, as DoD has the technology to detect an incoming attack.

There are numerous layers of failure in this situation which need to be examined and addressed through rigorous preparedness measures.  It obviously was an embarrassing occurrence for Hawaii EMA and I’m sure they are working to address it.  The intent of my article isn’t to harp on them, but to identify the potential points of failure found in many of our systems.  Unfortunately, this situation makes for a case study that we all can learn from.  Current technology provides every state, county, city, town, and village the ability to access an emergency alert system of some type.  Some are municipal systems, some are regional, some are state, and some are national (IPAWS).  We access these systems through custom developed programs or commercially available interfaces.  These systems will instantly issue alerts to cell phones, email accounts, social media, radio, and TV; and some will still activate sirens in certain localities.  The technology we have enables us to reach a high percentage of our populations and issue critical communications to them.  While the technology is great and the message we send is important, it’s only one element of a good public information and warning program.  Clearly, we see from the occurrence in Hawaii, that we need to have solid plans, policies, procedures, systems, training, and exercises to ensure that we can effectively and efficiently issue (and retract) those messages.  So crack open your own plans and start making a list of what needs to be improved.

© 2018 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC SM

Advertisements

Emergency Management Professional Organizations

Many professions have professional membership organizations which can be joined by those working in the field, retired from the field, or aspiring to work in the field.  The practice of emergency management, both broadly and specifically, has a number of professional organizations which you can join.  Professional organizations each have their own goals and benefits, which should be examined.  Some are simply mutually supportive, providing an opportunity to share and discuss professional ideas and network, supporting the practice from within.  Others are active in lobbying and political influence, helping to shape the legal and regulatory landscape of profession.  Most provide training and continuing education opportunities, and some even provide certifications.

Here are a few you may want to consider:

National Emergency Management Association (NEMA).  NEMA began as an organization for state emergency management directors in the US.  The State Directors are still the core group of membership, but NEMA has expanded membership opportunities for others.  NEMA’s focus is on supporting emergency management in the US, which they do through providing resources, conferences, and legislative influence.

International Association of Emergency Managers (IAEM).  IAEM, as their name indicates, is an international membership organization.  Similar to NEMA, they provide a variety of resources, conferences and other events (US regional, US national, and international), and legislative influence.  They also provide the credentials of Certified Emergency Manager and Associate Emergency Manager.

Disaster Recovery Institute (DRI).  DRI’s focus is on organizational emergency management, which includes the tech side of disaster recovery as well as all phases of emergency management and business continuity.  Along with resources, conferences, and training, they offer a variety of certifications in business continuity both generally and specific to certain sectors.

Personally, I think professional organizations can be great, but you must understand what they offer, what you want, and determine if you will gain value from membership, especially in consideration of membership dues.  These organizations and other offer substantially reduced dues to full time students, which provides a great opportunity for aspiring practitioners to network and learn.

From personal experience, I’ve found that the benefits gained from professional membership organizations often correspond to your amount of involvement.  While they all have resources available to members, networking and opportunities arise from involvement.  Going to meetings and conferences, getting involved in committees, and working on projects will often lead to gaining value from your membership.

What I will caution with professional organizations, also from experience, is that they are often cliquish.  The development of social groups is a matter of human nature, but I feel that organizations should do more to break down the barriers that can make new members feel unwelcome.  Also, examine organizations with a critical eye.  Are they simply supportive of their membership or are they supportive of the profession/community as a whole?  For example, my local Chamber of Commerce, which I had a very poor experience with, is typically only interested in supporting a certain part of their membership.

A number of membership organizations offer training and professional certifications.  Typically, these opportunities are open to everyone, with members often enjoying discounts.  The financial commitments should be evaluated based on your own needs.  I also suggest that you examine other avenues for training and certification.  Training from FEMA, state emergency management offices, and homeland security consortium agencies is usually free, although training obtained from professional organizations may be more targeted or contemporary.  As for certifications, as with anything else, you should weigh the benefits against the investment and explore what other opportunities may exist.  For example, the requirements for a certain popular emergency management credential are very similar to that of the Certified Emergency and Disaster Professional (CEDP), which is a credential I hold.  The CEDP is provided by the International Board for Certification of Safety Managers, a non-profit, independent credentialing organization which maintains credentials for a variety of safety-related professions.  Their focus is on professional credentialing, not membership.

The bottom line is that there are a lot of opportunities out there.  Professional memberships can be very valuable, but you should always go in knowing what you want from your membership, but also recognize that the real benefits of membership are often proportionate to your measure of involvement in the organization.  If you don’t feel you are getting what you want, give feedback to the organization.  If things don’t change, don’t feel compelled to keep throwing money at them.  Speaking of throwing money at them, non-profits are required to publish annual reports.  These can be helpful in seeing what the organization focuses on, what their goals are, and what they have accomplished in the past year.  Remember that you are entitled to ask questions, both as a member and a prospective member.

I’d love to hear your thoughts and experiences with professional organizations, particularly across emergency management. I know there are a number of organizations in the broader emergency management community which I didn’t list here, but I didn’t want to go too far down that rabbit hole.

As always, thanks for reading.

© 2018 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC SM

Emergency Management as a Career

I was recently asked if I would post some information assembled for the Arizona State University (ASU) online emergency management program for those who might want to know more about emergency management careers.  The infographic they sent provides a great snapshot of emergency management career opportunities.

From their outreach office: “When different agencies work together to manage a disaster, someone has to coordinate their activities to ensure things run smoothly.  This is where emergency management specialists are crucial.  From helping reduce vulnerability to hazards to helping communities manage disasters effectively.  Below is a look at emergency management as a career.” Information on their program can be found at https://asuonline.asu.edu/.

emergency-mgmt-an-in-depth-look-at-emergency-management-as-a-career_final

Studying Strange Disasters – The Boston Molasses Flood

27366-molasses_flood-flickr

Aftermath of the Boston Molasses Flood.  Source: Boston Public Library

Anyone who has been in the trade of emergency management will likely tell you to always expect the unexpected.  No two disasters are ever the same.  While we can predict similarities from one flood, fire, or hurricane to another, there are always different impacts, needs, and circumstances which often give us cause to consider different means and methods in our response.  Some disasters are noted for specific uniquenesses in their impacts, needs, or circumstances which tend to be a theme of sorts for that disaster.  Every once in a while, however, a disaster occurs which was largely unexpected.

99 years ago this month, the City of Boston encountered one of those unexpected disasters when a flood of over two million gallons of molasses rushed through several blocks of Boson’s North End, killing 21 people and several horses, injuring 150 people, and destroying numerous buildings.  The molasses took weeks to clean and the cause and origin investigation took years, with a final ruling against the company which owned the massive storage tank being found liable.

While I had originally intended to write more about the incident in-depth, I think it most prudent to steer readers toward some of the sources I had looked at, as the information is quite interesting.

While an incident like this seems so unlikely as to never occur again, never say never.  In 2013 over 200,000 gallons of molasses was spilled into Honolulu Harbor.  While no people were killed or buildings destroyed from this pipe leak, the fish kill in the harbor was massive.

And yes, even a beer spill can be hazardous.  In 1814 several tanks containing over 300,000 gallons of beer ruptured in London.  The tidal wave of ale damaged and destroyed several structures and killed 8 people, aged 3 to 63.

We often think about hazardous materials as only being volatile chemicals which can ignite or cause harmful, noxious fumes.  We must consider that any substance in sufficient quantity introduced into a space where it’s not supposed to be can be extremely hazardous, both to people and the environment.  A flood is the most fundamental of these… I don’t think we need to detail the threat and impacts from flood waters.  But as you assess hazards in your community, consider that bulk storage of things like milk, grains, or other materials, which we often don’t consider hazardous, can cause great impact should they be unleashed on people, infrastructure, and the environment.  While our safety regulations (a mitigation measure) are certainly stronger than those which were in place in the 1800s and early 1900s, the hazards still exist.  Be smart and don’t dismiss those hazards outright.

What out of the ordinary hazards concern you?

© 2018 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC SM

NIMS Implementation Objectives and A Shot of Reality

Happy 2018 to all my readers!  Thanks for your patience while I took an extended holiday break.  A minor surgery and the flu had sidelined me for a bit, but I’m happy to be back.

This morning, FEMA issued NIMS Alert 01-18: National Engagement for Draft NIMS Implementation Objectives.  NIMS Implementation Objectives were last released in 2009, covering a period of FY 2009-FY2017.  With the release of the updated NIMS last year, FEMA is updating the implementation objectives and has established a national engagement period for their review.

So first, a bit of commentary on this document…

The new objectives are broken out by major content area of the updated NIMS document, including: Resource Management, Command and Coordination, and Communication and Information Management; as well as a General category to cover issues more related to management and administration of the NIMS program.  What we also see with these updated objectives are implementation indicators, which are intended to help ground each objective.  Overall, the number of objectives in this update has been cut in half from the 2009 version (28 objectives vs 14 objectives).

All in all, these objectives appear to be consistent with the current state of NIMS implementation across the nation.  They are certainly suitable for most matters in regard to the oversight of implementing NIMS and it’s various components.  The biggest sticking point for me is that this document is intended for use by states, tribal governments, and territories.  If the goal is to have a cohesive national approach to implementation, I’d like to know what the implementation objectives are for FEMA/DHS and how they compliment those included in this document.

Objectives 8 through 11 are really the crux of this document.  They are intended to examine the application of NIMS in an incident.  These objectives and their corresponding indicators (which are largely shared among these objectives) are the measure by which success will ultimately be determined.  While it’s a good start for these to exist, jurisdictions must be more open to criticism in their implementations of NIMS and ICS.  In addition, there should be an improved mechanism for assessing the application of NIMS and ICS.  While formal evaluations occur for exercises under the HSEEP model, we tend to see inconsistent application of the feedback and improvement activities to correct deficiencies.  Proper evaluations of incidents, especially at the local level, are often not performed or performed well. For those that are, the same issue of feedback and improvement often stands.

Extending this discussion into reality…

The reality is that many responders are still getting it wrong.  Last year my company conducted and evaluated dozens of exercises.  Rarely did we see consistently good performance as far as NIMS and ICS are concerned.  There are several links in this chain that have to hold firm.  Here’s how I view it:

First, the right people need to be identified for key roles.  Not everyone is suited for a job in public safety or emergency management in the broadest sense.  Organizations need to not set up individuals and their own organization for failure by putting the wrong person in a job.  If a certain job is expected to have an emergency response role, there must be certain additional qualifications and expectations that are met.  Further, if someone is expected to take on a leadership role in an ICS modeled organization during an incident, there are additional expectations.

Next, quality training is needed.  I wrote a couple years ago about how ICS Training Sucks.  It still does.  Nothing has changed.  We can’t expect people to perform if they have been poorly trained.  That training extends from the classroom into implementation, so we can’t expect someone to perform to standards immediately following a training course.  There is simply too much going on during a disaster for a newbie to process.  People need to be mentored.  Yes, there is a formal system for Qualification and Certification in ICS, but this is for proper incident management teams, something most local jurisdictions aren’t able to put together.

Related to this last point, I think we need a new brand of exercise.  One that more instructional where trainees are mentored and provided immediate and relevant feedback instead of having to wait for an AAR which likely won’t provide them with feedback at the individual level anyway.  The exercise methodology we usually see applied calls for players to do their thing: right, wrong, or otherwise; then read about it weeks later in an AAR.  There isn’t much learning that takes place.  In fact, when players are allowed to do something incorrectly and aren’t corrected on the spot, this is a form of negative reinforcement – not just for that individual, but also for others; especially with how interrelated the roles and responsibilities within an ICS organization are.

While I’m all for allowing performers to discover their own mistakes and I certainly recognize that there exist multiple ways to skin the proverbial cat (no animals were harmed in the writing of this blog), this is really done best at a higher taxonomy level.  Many people I see implementing portions of ICS simply aren’t there yet.  They don’t have the experience to help them recognize when something is wrong.

As I’ve said before, this isn’t a school yard game of kickball.  Lives are at stake.  We can do better.  We MUST do better.

As always, thoughts are certainly appreciated.

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC SM