Incident Management – Beyond ICS

The Incident Command System (ICS) provides an important foundation to incident management.  ICS grounds us in standards, providing structure and processes which help mitigate against the fact that all incidents themselves are unique.  While ICS may not be perfect, and I have been and continue to be highly critical of ICS training, the Incident Command System has proven to be effective – when properly implemented.  One of our biggest stumbling blocks with the implementation of ICS is the human factor – something else I’ve written about on a few occasions.  The other obstacle to effective incident management is relying too heavily on ICS.  ICS is not the solution to incident management – it’s a tool.  For incident management to be truly effective, we need to think beyond ICS.

So aside from ICS, what do incident managers need to know and do to be more effective? (Note that I’m not using the term ‘incident commander’ here, as incident management, fundamentally, is a team sport.  I’m using the term ‘incident managers’ as a collective term for all personnel involved in the higher echelons of incident management).

First, good incident managers should have proven leadership and management skills.  I’m not going to go at this one in length… there are no fewer than a gazillion books written on leadership and management and the importance of effectively leading organizations.  Just like any other organization, someone in a position of incident management who can’t properly lead is not only going to fail themselves, but also the organization.

Second, good incident managers need to have a grasp of emergency management.  Not just an application of public safety, such as the fire service or law enforcement, or whatever field they happen to be performing response in (i.e. public health, transportation, etc.).  They should have a solid awareness of what each major participant in emergency management does and the major processes of emergency management.

Next, incident managers should understand the fundamentals of project management.  This one is really important.  The tactics we execute in our response to an incident are really a series of projects.  Not that a Gantt chart needs to be developed for each incident (although I’ve actually done this for prolonged incidents – and it is seriously insightful), but an understanding of tactical timeframes, progress toward completion, and what activities can be done simultaneously versus those that should be done in sequence can be a huge help.  It’s a great visual tool that can be easily developed with the help of ICS 204s.  Progress toward completion (i.e. how much of a tactic have we accomplished as part of the whole) helps us to measure effectiveness, gauge how long we continue to need certain resources, and will answer the questions ‘how are we doing?’ and ‘are we there yet?’.  In larger incidents (NIMS Type 3 and larger) this is incredibly important.  What’s the progress on evacuation?  How much longer until all the boom is deployed?  How much debris has been cleared?  Etc.  These aren’t just pain the ass questions asked by elected officials and the media… these are questions you should be asking as well.

Continuing on with project management (that’s how important I think it is), I’ll make a few more notes here.  First of all, field observers are really important to monitoring progress.  Don’t rely on the tacticians to do this.  First of all, the tacticians are too busy.  They need to be focused on getting things done.  Also, they may be too close to the situation to give an objective assessment (or in the case of the use of contractors, it’s simply good contract management).  Digging into your ICS knowledge, recall that field observers are an actual position (although one not used often) within the Planning Section assigned to the Situation Unit.  Their job is to monitor and report on tactical progress and other situational information.  Also consider that if you see issues with a slower than expected progress toward completion, that means that either your initial estimates were wrong or something is slowing down the operation.  This may justify a root cause analysis to determine why things are not progressing as they should be.  Perhaps there was more to accomplish than anticipated, or the wrong resources are being applied?

Next, the highest members of incident management (i.e. incident command, unified command, EOC manager, etc.) need to have some separation from the rest of the incident management staff, agency representatives, and tactical operations.  They can’t be ‘in the pit’, ‘on the floor’, ‘in the trenches’, or whatever other lingo you might use in your command post, EOC, or field operations – at least not as their usual place to be.  Yes, some measure of ‘management by walking around’ is good, but I’ve been in plenty of command posts, EOCs, and departmental operations centers that have command right in the mix of everything.  These places get noisy and there are a lot of distractions.  You can’t hold a productive meeting in this environment, much less concentrate.  People are also inclined to go directly to command with issues and problems… issues and problems that are likely best solved by someone else.  Even in the field, an IC shouldn’t be too close to the tactics on a large incident.  Pull back and think about incident management, not tactics.

That’s the list that I have for now.  It’s a topic I’ve been thinking about for a while, so I plan on adding to it in the future.  I also expect to be doing some presentations in the near future as well.  What thoughts do you have on this?  What can we do to improve on incident management?

© 2018 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

Advertisements

A New NFPA Standard for Active Shooter/Hostile Event Response

The National Fire Protection Association (NFPA) has recently published a new standard for Active Shooter/Hostile Event Response (ASHER) programs.  NFPA 3000 is consistent with other standards we’ve seen published by the organization.  They don’t dictate means or methods, leaving those as local decisions and open for changes as we learn and evolve from incidents and exercises.  What they do provide, however, is a valuable roadmap to help ensure that communities address specific considerations within their programs.  It’s important to recognize that, similar to NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs, you aren’t getting a pre-made plan, rather you are getting guidance on developing a comprehensive program.  With that, NFPA 3000 provides information on conducting a community risk assessment, developing a plan, coordinating with the whole community, managing resources and the incident, preparing facilities, training, and competencies for first responders.

NFPA standards are developed by outstanding technical committees with representation from a variety of disciplines and agencies across the nation.  In the development of their standards, they try to consider all perspectives as they create a foundation of best practices.  While the NFPA’s original focus was fire protection, they have evolved into a great resource for all of public safety.

I urge everyone to take a look at this new standard and examine how you can integrate this guidance into your program.  The standard is available to view for free from the NFPA website, but is otherwise only available by purchase.  Also available on their website is a fact sheet and information on training for the new standard.

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Use of Pre-Developed Exercises – Proceed with Caution

I was recently asked by a client about my thoughts on pre-developed or ‘canned’ exercises.  As it turns out, I have a lot of feelings about them, most of them negative.  Pre-developed exercises, if properly understood and applied, can be a huge help, but the big problem is that we’re dealing with human nature, and some people are just damn lazy.  Garbage in, garbage out.

We need to keep in mind that exercises, fundamentally, are developed to validate plans.  Not my plans.  Your own plans.  While standards of practice mean that most plans have a high degree of commonality (i.e. a HazMat response plan for a jurisdiction in California will be largely the same as one for a jurisdiction in New York State), it’s often the deviations from the standards and the local applications that need to be tested most.  So it doesn’t do well for anyone to replicate an exercise that doesn’t test your own plans.  Similarly, the foundation of exercise design is objectives.  While the pre-developed exercise may have a theme that coincides with what you want to test, sheltering, for example, there are a lot of different aspects of sheltering.  The pre-developed exercise might not focus on what you need to exercise.  With all this, anyone who wants a quality exercise from something pre-developed is going to have to do a lot of re-development, which might be more frustrating than starting from scratch.

HSEEP1

If you want a quality exercise, you really can’t short cut the process.  Not only might HSEEP be required for whatever grant funding you are using for the exercise, but it’s a best practice – and for good reason.  So often people want to cut corners.  If you do, the final product will look like you’ve cut corners.  It might lack proper context, good reference documents, or meaningful evaluation.   The exercise planning meetings have defined purpose, and the documents help capture that process and communicate the intent to specific audiences.

On the other hand, there are proper ways to use materials from a previously developed exercise to benefit your own exercise.  The development of good questions in discussion-based exercises and injects for operations-based exercises can be a challenge.  Reviewing other exercises, especially when there might be some similarity or overlap in objectives, can be a huge help, so long as they are properly contextualized and relate back to objectives for your exercise.  This isn’t a copy and paste, though… as it all should still be applied within the exercise design process.

There are some exercises out there that might seem like exceptions to what I’ve written above.  The first that comes to mind are FEMA’s Virtual Table Top Exercises (VTTX).  The VTTX is a great program, conducted monthly, focusing on different themes and hazards.  FEMA’s Emergency Management Institute (EMI) assembles a package of materials that go to each community registered for the event, allowing a measure of local customization.  While jurisdictions may use this material differently, it is at least an opportunity to discuss relevant topics and hopefully capture some ideas for future implementation.

Similarly, my company, Emergency Preparedness Solutions, recently completed a contract with the Transportation Research Board for a project in which we developed a number of ‘generic’ exercises for airports.  These functional exercises, facilitated through a web-based tool, can be easily customized to meet the needs of most airports across the nation and are written with objectives focused on the fundamentals of EOC management within the timeline of an incident.  While specific plans aren’t directly referenced in the exercises, airport personnel are able to examine the structure of response in their EOC and can reflect on their own plans, policies, and procedures.  Similar to FEMA’s VTTX series, they aren’t a replacement for a custom-developed exercise, but they can help examine some fundamentals and start some important discussions.  I’m not able to get into much more detail on this project, as the final report has yet to be published, but look forward to future posts about it.

All in all, I tend to caution against using pre-developed exercises.  I simply think that most people don’t use them with the right intent and perspective, which can severely limit, or even skew, outcomes.  That said, there exists potential for pre-developed exercises to be properly applied, so proceed with caution and with your wits about you.  Understanding that time, money, and other resources can be scarce, emergency management has always done well with ‘borrowing best practices’.  While there is sometimes nothing wrong with that, short cutting the process will often short cut the benefits.  Do it right.  Use of a custom-developed exercise is going to maximize benefit to your community or organization.

© 2018 – Timothy Riecker, CEDP

EPS New logo

Public Health Preparedness as Part of Emergency Management

I’ve written in the past on the need for emergency managers, in the broadest definition, to become more familiar with public health preparedness.  As emergency management continues to integrate, by necessity, into and with other professions, this understanding is imperative.  We need to stop considering EMS as our only public health interface.  Public health incidents, of which this nation has yet to be truly and severely struck by in decades, require more than public health capabilities to be successfully managed – so we can’t just write off such an incident as being someone else’s responsibility.  We’ve also seen non-public health-oriented disasters take on a heavy public health role as concerns for communicable diseases, biological agents, or chemical agents become suspect.  If you are an emergency manager and you aren’t meeting regularly with public health preparedness officials for your jurisdiction, you are doing it wrong.

Aside from meeting with public health preparedness staff, you should also be reading up on the topic and gaining familiarity with their priorities, requirements, and capabilities.  (don’t skip either of those links… seriously.  They each contain more info on public health preparedness).  One of the best resources available is TRACIE.  TRACIE is a resource provided by the US Department of Health and Human Services (HHS) Assistant Secretary for Preparedness and Response (ASPR).  TRACIE stands for the Technical Resources, Assistance Center, and Information Exchange.  I’ve been digging around in ASPR TRACIE for the past several years and also receive their monthly newsletter.  I get a lot of newsletters from different sources… some daily, some weekly, some monthly.  I’ve recently unsubscribed to a bunch which seem to have information that has diminished in value, doesn’t seem to be timely, or are poorly written.  TRACIE is one of those that stays.  It has tremendous value, even if you aren’t directly involved in public health preparedness and response.  The information and resources provided here come from public health preparedness experts – these are emergency managers.

Recently, ASPR did a webinar on Healthcare Response to a No-Notice Incident, highlighting the Las Vegas shootings. Check it out.

But public health speaks a different language!  True.  So do cops, firefighters, and highway departments.  So what’s your point?  While public health certainly does have certain terminology that covers their areas of responsibility, such as epidemiology, med-surge, and others, that doesn’t mean their language is totally different.  In fact, most of the terminology is the same.  They still use the incident command system (ICS) and homeland security exercise and evaluation program (HSEEP), and can talk the talk of emergency management – they are just applying it to their areas of responsibility.  Are there some things they might not know about your job?  Sure.  Just like there are things you don’t know about theirs.  Take the time to learn, and make yourself a better emergency manager.

What have you learned from public health preparedness?  How do you interface with them?

© 2018 – Timothy Riecker, CEDP

EPS New logo

New Jersey Terrorism Threat Assessment – A Model for the Nation

Earlier in the month, the New Jersey Office of Homeland Security and Preparedness released their 2018 Terrorism Threat Assessment.  This unclassified document gives an outstanding review of matters of interest to the State of New Jersey, with relevant information no matter where you are in the US, or any other nation.  While the focus early in the document is specifically relevant to New Jersey and surrounding states, much of the document provides outstanding information and brief case studies on groups such as homegrown violent extremists (HVEs), domestic terror groups, international terror groups, and more.

Terrorism rarely pays attention to borders, especially those within the nation.  While some areas, particularly those with higher populations and higher value targets, have a greater risk profile than others, we’ve seen that terrorists, in the broadest definitions, can live, train, and execute attacks anywhere in the nation – from unincorporated lands, to small towns, to major metropolitan areas.

The document highlights the threat of HVEs, traditionally inspired, but not directly supported by larger terror groups or movements.  These tend to be lone wolves or small cells, having such a small footprint, they often leave intelligence for law enforcement to trace.  The document also mentions a changing trend in militia groups.  Several groups have been seen to change behaviors, seemingly to align with the government or law enforcement, but in actuality chasing their own vigilante agendas.

I encourage everyone who is interested to review this document.  The content is current, relevant, and informative.  I think it’s a model for states and communities around the nation, providing an excellent snapshot of the current landscape of terrorism.

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Guidance for Operational Security and Access

Operational security can be a big issue, especially on prolonged incidents.  An incident occurs.  Evacuations have to take place.  A scene has to be secured.  Issues like safety and evidence preservation are priorities.  Inevitably someone says they ‘need access’.  Who are they?  Do they really need access?   Are they an evacuee?  A responder?  Media?  A government official?  A critical infrastructure operator?  When is it OK to allow someone access and under what circumstances?

While NIMS has been advocating for credentialing as an effort to identify responders and their qualifications, along with ensuring that they have appropriate identification to grant them access to an incident scene and to utilize them to the best ability, there is still a lot of work to do, and little has been done beyond first responders.  I’ve been on incidents where the perimeter was not well established and anyone could stroll in to an incident site or a command post.  I’ve been on incidents where the flash of a badge or ID was good enough to get through, even though the person at the perimeter didn’t actually examine it, much less verify it.  I’ve also been on incidents where no entry was allowed with a badge, official ID, and a marked car – even though entry was necessary and appropriate. Thankfully, I’ve also been on some incidents where identification is examined, and the access request is matched to a list or radioed in for verification.  This is how it should work.

While credentialing and access control are two separate topics, they do have a degree of overlap.  Like so many aspects in incident management, little ground has been gained on more complex matters such as these because there is little to no need for them on the smaller (type 4 and 5) incidents.  Type three (intermediary) incidents generally use an ad-hoc, mismanaged, band-aid approach to these issues (or completely ignore them), while larger (type 1 and 2) incidents eventually establish systems to address them once a need (or usually a problem) is recognized.  While every incident is unique and will require an-incident specific plan to address access control and re-entry, we can map out the primary concerns, responsibilities, and resources in a pre-incident plan – just like we do with so many of our other operational needs in an Emergency Operations Plan (EOP).  Also, like most of what we do in the development of an EOP, access control and re-entry is a community-wide issue.  It’s not just about first responders.

Here’s an example of why this is important.  A number of years ago I ran a tabletop exercise for the chief information officer (CIO) agency of a state government.  The primary purpose was to address matters of operational continuity.  I used the scenario of a heavy snow storm which directly or indirectly disabled their systems.  We talked about things like notification and warning, remote systems access (the state didn’t have a remote work policy at the time), redundant infrastructure, and gaining physical access to servers and other essential systems.  Without gaining physical access, some of their systems would shut down, meaning that many state agencies would have limited information technology access.  Closed roads and perimeter controls, established with the best of intentions, can keep critical infrastructure operators from accessing their systems.  The CIO employees carried nothing but a state agency identification, which local police wouldn’t give a damn about.  Absent a couple hours of navigating state politics to get a state police escort, these personnel would have been stuck and unable to access their critical systems.  Based upon this, one of the recommendations was to establish an access control agreement with all relevant agencies where their infrastructure was located.

Consider this similar situation with someone else.  Perhaps the manager of a local grocer after a flood.  They should be able to get access to their property as soon as possible to assess the damage and get the ball rolling on restoration.  Delays in that grocer getting back in business can delay the community getting back on their feet and add to your work load as you need to continue distributing commodities.

There are a lot of ‘ifs’ and ‘buts’ and other considerations when it comes to access control, though.  There aren’t easy answers.  That’s why a pre-plan is necessary.  Like many things we do in emergency management and homeland security, there is guidance available.  The Crisis Event Response and Recovery Access (CERRA) Framework was recently published by DHS.  It provides a lot of information on this matter.  I strongly suggest you check it out and start bringing the right people to the table to start developing your own plan.

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC