Changing The Lexicon on Terrorism Preparedness, Response, and Recovery

A couple months ago I posted about NFPA 3000: Standard for Active Shooter/Hostile Event Response Program.  Soon after posting, I ended up purchasing a copy of the standard and, combined with other readings and discussions, am fully bought into not only this standard but a change in our lexicon for this type of incident.

NFPA3000

First off, in regard to NFPA 3000, it’s not rocket science.  There is nothing in this standard that is earth shattering or itself wholly changing to what we do or how we do it.  But that’s not the intent of NFPA standards.  NFPA technical committees compile standards based upon best practices in the field. The standards they create are just that – standards.  They are a benchmark for reference as we apply the principles contained therein.  NFPA 3000 provides solid guidance that everyone in EM/HS should be paying attention to.

What NFPA 3000 has helped me realize is that our focus has been wrong for a while.  Terrorism isn’t necessarily the thing we need to be preparing for.  Why?

First, let’s look at what is generally referenced definition of terrorism in the United States.  This comes from Title 22 Chapter 38 US Code § 2656f.  It states that terrorism is “premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents’.  Note that the definition focuses on motive more than action or consequence.  While motive is very important in prevention/intelligence and prosecution, it is far less important to most preparedness, response, and recovery activities.

The term ‘active shooter’ has been used quite a bit, yet it’s not a good description of what communities and responders can face when we consider that perpetrators could use means and methods instead of or in addition to firearms.  We’ve seen a wide variety of these instances that involve knives, vehicles, improvised explosives, and more.

This is why I prefer the term ‘active shooter/hostile event response’ or ASHER.  While the term has been around for a bit (a quick internet search shows references going back to at least 2013), NFPA 3000 has essentially canonized it in our lexicon.  The definition provided in NFPA 3000 is focused on the incident, rather than the motivation, and is comprehensive of any means or methods which could be used.  That definition is – Active Shooter/Hostile Event Response (ASHER): An incident where one or more individuals are or have been active engaged in harming, killing, or attempting to kill people in a populated area by means such as firearms, explosives, toxic substances, vehicles, edged weapons, fire, or a combination thereof.

When it comes to preparedness, response, and recovery ASHER is the focus we need to have.  Motivations generally make little difference in how we should respond.  We should always be looking for secondary devices or other attackers – these are not features unique to terrorist attacks.  As we do with any crime scene, we should always be mindful of evidence that can lead us to the motives and potential co-conspirators of an attacker.  That’s important for investigation, prosecution, and the prevention of further attacks.  Does the term ‘terrorism’ still have a place?  Of course it does.  In our legal system, that’s an important definition.  Philosophically, we can argue that all attacks are acts of terror, but because of the legal definition that exists of terrorism, we can’t – at least in the US.

I encourage everyone to start making the move to changing the lexicon to ASHER where appropriate.  It makes sense and gives us the proper perspective.

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

Advertisements

Updated NIMS and ICS Courses

Be sure to head over to https://training.fema.gov/is/ to check out the updated IS-100.c (Introduction to the Incident Command System) and IS-700.b (Introduction to the National Incident Management System).  These courses have been updated to reflect the ‘refreshed’ NIMS doctrine, which includes some information on EOC structures, among other things.  For my review of the NIMS refresh, check out this article.

©2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

An Updated Comprehensive Preparedness Guide 201 (THIRA/SPR)

In late May, FEMA/DHS released an updated version of Comprehensive Preparedness Guide (CPG) 201.  For those not familiar, CPG 201 is designed to guide communities and organizations through the process of the Threat and Hazard Identification and Risk Assessment (THIRA).  This is the third edition of a document that was originally released in April 2012.  This third edition integrates the Stakeholder Preparedness Review (SPR) into the process.  Note that ‘SPR’ has commonly been an acronym for State Preparedness Report, which is also associated with the THIRA.  The goal of the Stakeholder Preparedness Review appears to be fundamentally similar to that of the State Preparedness Report which some of you may be familiar with.

Picture1

First of all, a few noted changes in the THIRA portion of CPG 201.  First, FEMA now recommends that communities complete the THIRA every three years instead of annually.  Given the complexity and depth of a properly executed THIRA, this makes much more sense and I fully applaud this change.  Over the past several years many jurisdictions have watered down the process because it was so time consuming, with many THIRAs completed being more of an update to the previous year’s than really being a new independent assessment.  While it’s always good to reflect on the progress relative to the previous year, it’s human nature to get stuck in the box created by your reference material, so I think the annual assessment also stagnated progress in many areas.

The other big change to the THIRA process is elimination of the fourth step (Apply Results).  Along with some other streamlining of activities within the THIRA process, the application of results has been extended into the SPR process.  The goal of the SPR is to assess the community’s capability levels based on the capability targets identified in the THIRA.  Despite the THIRA being changed to a three-year cycle, CPG 201 states that the SPR should be conducted annually.  Since capabilities are more prone to change (often through deliberate activities of communities) this absolutely makes sense. The SPR process centers on three main activities, all informed by the THIRA:

  1. Assess Capabilities
  2. Identify and Address Gaps
  3. Describe Impacts and Funding Sources

The assessment of capabilities is intended to be a legacy function, with the first assessment establishing a baseline, which is then continually reflected on in subsequent years.  The capability assessment contributes to needs identification for a community, which is then further analyzed for the impacts of that change in capability and the identification of funding sources to sustain or improve capabilities, as needed.

An aspect of this new document which I’m excited about is that the POETE analysis is finally firmly established in doctrine.  If you aren’t familiar with the POETE analysis, you can find a few articles I’ve written on it here.  POETE is reflected on several times in the SPR process.

So who should be doing this?   The document references all the usual suspects: state, local, tribal, territorial, and UASI jurisdictions.  I think it’s great that everyone is being encouraged to do this, but we also need to identify who must do it.  Traditionally, the state preparedness report was required of states, territories, and UASIs as the initial recipients of Homeland Security Grant Program (HSGP) sub-grants.  In 2018, recipients of Tribal Homeland Security Grant Program funds will be required to complete this as well.  While other jurisdictions seem to be encouraged to use the processes of CPG 201, they aren’t being empowered to do so.

Here lies my biggest criticism…  as stated earlier, the THIRA and SPR processes are quite in-depth and the guidance provided in CPG 201 is supported by an assessment tool designed by FEMA for these purposes.  The CPG 201 website unfortunately does not include the tool, nor does CPG 201 itself even make direct reference to it.  There are vague indirect references, seeming to indicate what kind of data can be used in certain steps, but never actually stating that a tool is available.  The tool, called the Universal Reporting Tool, provides structure to the great deal of information being collected and analyzed through these processes.  Refined over the past several years as the THIRA/SPR process has evolved, the Universal Reporting Tool is a great way to complete this.  As part of the State Preparedness Report, the completed tool was submitted to the FEMA regional office who would provide feedback and submit it to HQ to contribute to the National Preparedness Report.  But what of the jurisdictions who are not required to do this and wish to do this of their own accord?  It doesn’t seem to be discouraged, as jurisdictions can request a copy from FEMA-SPR@fema.dhs.gov, but it seems that as a best practice, as well as a companion to CPG 201, the tool should be directly available on the FEMA website.  That said, if the THIRA/SPR is being conducted by a jurisdiction not required to do so, the tool would then not be required – although it would help.

Overall, I’m very happy with this evolution of CPG 201.  It’s clear that FEMA is paying attention to feedback received on the process to streamline it as best they can, while maximizing the utility of the data derived from the analysis.  A completed THIRA/SPR is an excellent foundation for planning and grant funding requests, and can inform training needs assessments and exercise program management (it should be used as a direct reference to development of a Training and Exercise Plan).

For those interested, EPS’ personnel have experience conducting the THIRA/SPR process in past years for a variety of jurisdictions and would be happy to assist yours with this updated process.  Head to the link below for more information!

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

Responder Depression, PTSD, and Suicide

This week the world lost two celebrities to suicide. These losses are absolutely tragic, and even if you didn’t know them personally, it raises awareness of mental health matters. In the last few days the world also lost many people to suicide that so many of us don’t know, but they were a son, daughter, father, mother, brother, sister, aunt, uncle, cousin, friend, spouse, lover… Some of those were also responders, dispatchers, doctors, nurses, or others that deal with tragedy every day and make our communities safer. They may have been a coworker or colleague. A brother or sister on the line.

Despite a lot of efforts to change perspectives, depression, PTSD, and suicide are still labels that are associated with shame and weakness. There is nothing shameful or weak about them. They are a reality of life. If you haven’t been effected by them directly, you know someone who has.

When you work in public safety, you deal with some pretty bad shit. Not just once, but over and over. You see people at their worst. Your see death and devastation. You see hopeless and desperate people. Broken people. Sadness and anger. We see more than most people do. On top of that, we deal with our own personal issues. Maybe a divorce, illness of a family member, or death of a pet. Finances might be tight.

How do we deal with it? We build walls. We make it impersonal. We stay professional and work in the moment, focusing on what needs to be done. But what do you think about after the call? Or the next day? Or even years after? Sometimes it doesn’t hit you right away. Sometimes it’s something completely different that triggers memories and emotions. What then? Maybe we shrug it off, or maybe we shut down for a while and have a bad day. But that bad day turns into another and another. Soon you may not be able to remember happiness.

What should we be doing? Talk to people. Maybe a coworker, a friend, or a mental health professional. If you are in a paid service, you may have an employee assistance program. Fuck the stigma, the shame, and the macho bullshit. This is as serious as cancer or a heart condition. You can’t ignore it and expect it to go away.

Maybe it’s not you, but a friend or coworker. You notice changes. Irritability. A lack of focus. Dramatic loss or gain of weight. Alcohol and drug abuse. Talk to them. Find a professional to talk to them. Yeah, it’s a tough call to make, but it could save their life.

Depression, PTSD, and suicide suck. We can’t ignore their impact on society and on public safety professionals. We need to work harder to end the stigma and ensure better access to services so people can get the help they need and stop suicides.

©️ 2018 – Timothy Riecker, CEDP

Emergency Management Exercises: Not for the Inexperienced

Many think exercise design is easy.  I’ve seen agencies relegate it to interns and new staff with little supervision, or even performed by seasoned emergency managers with little concept of what the Homeland Security Exercise and Evaluation Program (HSEEP) is.  Sadly, we have people completing HSEEP training and even FEMA’s Master Exercise Practitioner (MEP) program, thinking they are ready to conquer the world of preparedness exercises, but with little practical experience designing exercises under their belts.  We all need to learn sometime.

Just as any organization or jurisdiction should be eased into their exercise program, exercise designers need to be eased into designing exercises.  They should be starting small and with focused tasks, always under the mentorship of someone experienced, even if they aren’t within your own agency, to give some guidance and feedback.  While HSEEP gives a lot of great guidance, exercise design can quickly become complex.  It can be easy to lose track of tasks or have an oversight.  There are political matters, organizational needs, safety issues, and simply good exercise practices that all need to be recognized and addressed.  I’ve seen far too many exercises go off the rails due to a lack of awareness of these issues, poor exercise design, and poor exercise management.

Have partner agencies (even if not participating) been properly notified?  Do notifications need to go out to the media or public so they are not alarmed?  How about dispatch?  Every exercise, especially operations-based exercises, should be periodically evaluated for risk throughout the design process.  Identify what actions or lack thereof can cause things to go bad.  Consider politics, the media, the public, and safety of participants, observers, and exercise staff.  Do you need a weapons policy?  How will you enforce it?  Are there risks associated with traffic?  How will exercise staff communicate?  The template for the Exercise Plan (ExPlan) prompts you to address some things, but there may be additional needs.

What contingencies do you have for inclimate weather?  Maybe you need to dip into the ICS tool box and conduct an incident (exercise) safety analysis, from that developing a safety plan (you can probably get a qualified/experienced safety officer to help you with this).  Consider what operations will be conducted in the exercise, what can go wrong, how you will mitigate against them, and what resources are needed if something does go wrong.  In the event of a real-world emergency, what needs to happen?  Should you have EMS standing by?  Should you have a rapid response team in reserve for a rescue situation?  The information assembled in your risk assessment and safety plans should be provided to exercise staff prior to the exercise as part of their pre-exercise briefings.

As with exercise design, it can be a great learning experience for new staff to be part of the exercise support staff, but don’t put them in charge.  You should have experienced staff serving in the key positions of exercise director, lead controller, and lead evaluator.  If you are using a simcell, you want a strong and experienced simcell lead.  Safety matters aside, the staff of an operations-based exercise need to have great awareness of what’s going on and excellent communication up their chain of command and with the simcell to ensure that the exercise is flowing properly.  For a discussion-based exercise, your facilitators should be experienced as well.  Participants in discussion-based exercises may take a discussion in a different direction.  While this is generally not desired, sometimes it does bring great unintended results.  An experienced facilitator should know how to properly handle this to ensure that participants and stakeholder agencies are getting the most benefit.

Far too many poorly designed exercises have gotten to execution, resulting in a failure to accomplish the exercise objectives, frustrating participants, and even resulting in inter-agency political issues or injuries.  Even a well-designed exercise can be poorly conducted or facilitated, getting similar results.  If you are new to emergency management and have little experience in the design, conduct, and evaluation of exercises, there is no shame in asking for help or at least another set of eyes to look over your exercise documents.  While we want to encourage learning and growth, no one learns properly by being shoved into a situation with no guidance and so many pitfalls.  Train people up properly, giving them mentored practical experience to compliment their classroom training. If you don’t have the personnel in place, there are a number of well experienced and well qualified firms (ahem…) that provide these services.

For more information on running an exercise program, take a look at this 10-part blog post.

What tips do you have for people new to the exercise world?

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC™

2018-2019 HSEEP Training

Based on my listing last year of Homeland Security Exercise and Evaluation Program (HSEEP) training, some have asked recently where they can find HSEEP training.  One of the most convenient sources is the web-based program run through FEMA’s Emergency Management Institute (EMI).  This course, K0146, is conducted in a live webinar over several blocks of time.

The schedule can be found at this link.  Just type K0146 into the course search field.

Also keep in mind that many state emergency management/homeland security offices offer the HSEEP course in a classroom setting.

-TR

 

Hurricane Harvey AAR – Lessons for Us All

Harris County, Texas has recently released their After Action Report (AAR) for Hurricane Harvey that devastated the area last year.  I applaud any AAR released, especially one for an incident of this magnitude.  It requires opening your doors to the world, showing some incredible transparency, and a willingness to discuss your mistakes.  Not only can stakeholders in Harris County learn from this AAR, but I think there are lessons to be learned by everyone in reviewing this document.

First, about making the sausage… The AAR includes an early section on the means and methods used to build the AAR, including some tools provided in the appendix.  Why is this important?  First, it helps build a better context for the AAR and lets you know what was studied, who was included, and how it was pulled together.  Second, it offers a great example for you to use for future incidents.  Developing an AAR for an incident has some significant differences from developing an AAR for an exercise.  Fundamentally, development of an AAR for an exercise begins with design of the exercise and is based upon the objectives identified for that exercise.  For an incident, the areas of evaluation are generally identified after the fact.  These areas of evaluation will focus the evaluation effort and help you cull through the volumes of documentation and stories people will want to tell.  The three focus areas covered in the AAR are Command and Control, Operations, and Mass Care and Sheltering.

Getting into the Harvey AAR itself… My own criticism in the formatting is that while areas for improvement in the AAR follow an Issue/Analysis/Recommendation format, identified strengths only have a sentence or two.  Many AAR writers (for incidents, events, or exercises) think this is adequate, but I do not.  Some measure of written analysis should be provided for each strength, giving it context and describing what worked and why.  I’m also in favor of providing recommendations for identified strengths.  I’m of the opinion that most things, even if done well and within acceptable standards, can be improved upon.  If you adopt this philosophy, however, don’t fall into the trap of simply recommending that practices should continue (i.e. keep doing this).  That’s not a meaningful recommendation.  Instead, consider how the practice can be improved upon or sustained.  Remember, always reflect upon practices of planning, organizing, equipping, training, and exercises (POETE).

As for the identified areas for improvement in AAR, the following needs were outlined:

  • Developing a countywide Continuity of Operations Plan
  • Training non-traditional support personnel who may be involved in disaster response operations
  • Transitioning from response to recovery operations in the Emergency Operations Center
  • Working with the City of Houston to address the current Donations Management strategy

If anything, for these reasons alone, the AAR and the improvement planning matrix attached should be reviewed by every jurisdiction.  Many jurisdictions that I encounter simply don’t have the POETE in place to be successful in addressing these areas.

What is your biggest take away from this AAR?

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC™