AmalfiCORE Blog

Shoe on the Other Foot: Wildland Fire Evacuation

Event

On Halloween evening in 2001, a small wildland fire spread to 1200 acres before being contained and controlled. It occurred near my home in the country west of Berthoud, Colorado.  We were notified via reverse 9-1-1 to evacuate, and we did (partly) by sending my mother-in-law, the kids, and animals off premise into town for safety. My wife and I stayed along with a team of my friends (volunteer rescuers from out of district) came to our aid.  They raked leaves and watered down the grass around the home. A friend with a home-made foam device, covered the roof and house to retard oncoming flames. No homes were lost and there were thankfully no injuries.

Response

Since I have been part of a responding rescue agency on many a similar incident, I have some idea of what to expect for response from a fire department. In general, the response was immediate for a rural department. Escalation of the incident was rapid, and soon neighboring cities and counties were sending apparatus and personnel. However, as serious as this incident was, 1200 acres is quite small compared to many of the large wildland fires throughout  the United States.

Lessons [1]

1. Water availability was difficult, especially as the fire spread and evening fell. Hydrants (a rarity in the countryside) have since been installed on our dirt road.

2. Distance to the nearest response agency is over 8 miles.  A new fire station with personnel and apparatus was built and is operating.

3. Mutual aid was either slow to be called or had difficulty interfacing with ICS due to interoperability issues. Now all mutual aid agencies share a few common radio channels.

4. Many rural privately owned ‘streets’ (long-driveways into subdivisions) are unpaved and have no street signs. Street sign and house numbering program implemented and completed.

Personal Impact

1. No amount of evacuation planning prepares one for the ‘feeling’ of having to actually evacuate. Nor does pre-planning what to take with you from your home.

2. Just because I had responded to dozens of fire calls in my volunteer career, I was not mentally prepared for dealing with my own family and home being directly impacted. I thought back to the hundreds of people whose door I knocked on giving them five minutes to get out. Or, the residents I turned away at a road block, who were worried about pets or needed their medicine. Shoe on the other foot syndrome, for sure.

Reference

[1] Berthoud [CO] Fire Protection District, Sept 2007. “WILDLAND URBAN INTERFACE COMMUNITY WILDFIRE PROTECTION PLAN”, source accessed 9-09.http://csfs.colostate.edu/pages/documents/BerthoudFPDCWPPFinal.pdf

Government’s Role in Business Disaster Recovery

Most of us would probably agree that disasters are managed locally, that is, local citizens, first responders, and government entities help in the early stages of a disaster. Sometimes large business lend specialty resources. Dozens of volunteer agencies [1] across the nation provide untold numbers of volunteer hours and resources. Most, if not all of this effort is directed toward the people, the citizens.

The people directly impacted by disasters want help, they want it now, and they don’t care much who does the helping. I would guess that if we asked some large portion of our 300 million residents of the United States who they think should help them in a time of need, the majority would say ‘the government’.

What about the private sector? Should the government provide the same level of recovery support for businesses as it does for citizens? I believe the answer is yes, the government should provide support to the private sector only to the extent that doing so improves the general welfare, safety, and short-term recovery of the citizens. However, in the long-term, I believe business have a responsibility to have prepared for disaster recovery as part of doing business.

The conundrum is that a disaster is devastating to both the people and to the businesses, and then people are impacted a second time by businesses not being able to continue services or provide employment. So, it does make sense for there to be a partnership in the recovery efforts.

During a disaster, government agencies play a number of significantly helpful roles including emergency response, hazard mitigation, large scale response resources for long-term recovery, and vital resumption of services. These major support mechanisms exist to help a community get through the most extremely difficult period.

An example of how a disaster like Katrina dwarfs the ability of local communities to recovering, can be found in the white paper by Frost and Sullivan [2] which highlights how catastrophic was the communications devastation:

“The Federal Communications Commission reported Hurricane Katrina knocked out more

than 3 million customer phone lines in the Louisiana, Mississippi, and Alabama area.

• more than a thousand cell sites were out of service

• as many as 700,00 cable television lines were out of service

• millions of telephone calls were incomplete

• 37 broadcast radio stations in the area were disabled

• 20 telephone switching centers were out of service

• approximately 1,700 DS-3 interoffice facilities were out of service

• six public safety answering points (PSAPS) were out of service

• approximately 100 radio and television stations off the air.

• communications sites were dependent on back-up power” [2]

Disaster recovery is a monumentally complex process supported by a myriad of activities. A quick look at the modern day disasters (Haiti, Katrina, 9-11 and others) show both short and long term impacts directly and indirectly on people, property, socio-economic stability, productivity, and perhaps, most of all, morale, hope, and peace.

Reference

[1] DisasterCenter.com. 2007. “Disaster Relief Agencies“. Source accessed 1-27-10: http://www.disastercenter.com/agency.htm

[2] Frost & Sullivan. “Planning is the Key to Successful Disaster Recovery“., Source accessed 1-27-10: http://www.corp.att.com/stateandlocal/docs/wp_disaster_recovery.pdf

Water Supply, A Critical Infrastructure to Protect

According to government sources, there about 1,800 federal reservoirs and 1,600 municipal waste water facilities [1]. As I mentioned in the other post, I believe that damage to our water supply is our biggest exposure because of the impact it has on human life.

Amy Simonne writing for the University of Florida extension program guides readers on how to prepare for outages and disasters saying “Having enough clean drinking water is a top priority during any emergency! A normally active person needs at least two quarts of water each day.” [2]

The water sector (comprised of drinking water and wastewater treatment) is actually more broad and includes dams. There is a separate plan for the ‘Dam Sector which has its own dependencies and interdependencies including: [3]

• The Agriculture and Food Sector, as a continued source of water for irrigation and water management;
• The Transportation Systems Sector uses dams and locks to manage navigable waters throughout inland waterways;
• The Water Sector, by supplying potable water to concentrated populations and commercial facilities in the U.S.;
• The Energy Sector, by providing approximately 8 to 12 percent of the nation’s power needs with hydropower dams; and
• The Emergency Services Sector, which relies on Dams Sector assets for firefighting water supply, emergency water supply, and waterborne access in the event of a significant disaster.[3]

The National Infrastructure Protection Plan [4] is a plan that defines the “…approach that is used to establish national priorities, goals, and requirements for critical infrastructure and key resources (CI/KR).[5  The combined participation of private sector and the government is necessary in order to gain the "...opportunity to use collective expertise and experience to more clearly define CIKR protection issues and practical solutions and to ensure that existing CIKR protection planning efforts, including business continuity and resiliency planning, are recognized."[4]

In the NIPP, the Water Sector plan specifically addresses a wide scope of water related disasters, puts a plan in place to address each, discusses coordination and partnerships with multiple government agencies and the private (utility) sector, and outlines a number of priorities.  The scope seems to me to be enormous and I wonder how such a large plan is coordinated and introduced to the vast numbers of people who need to be involved and knowledgeable in order to successfully implement the  plans.

I would think that natural disasters could impact dams, water supply and water distribution in ways uncommon from terrorist attacks. I believe that regardless of the event, the Water Sector vulnerability would continue to take precedence over recovery of other critical infrastructures.

Reference

[1] Department of Homeland Security, 2003. “The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets-The Strategy“. 8-11, Source accessed 1-19-10: http://www.dhs.gov/xprevprot/publications/publication_0017.shtm

[2] Simonne,  Amy H. Ph.D.,  August 2, 2007. “Preparing for Disasters: Your Food and Drinking Water Supply“. University of Florida. Source accessed 1-20-10: http://edis.ifas.ufl.edu/fy617

[3]  Department of Homeland Security, 2008. “Dams Sector: Critical Infrastructure and Key Resources“. Source accessed 1-20-10: http://www.dhs.gov/files/programs/gc_1189103468978.shtm

[4] Department of Homeland Security, 2009. “National Infrastructure Protection Plan- The National CI/KR Protection Annual Report“.  Source accessed 1-20-10: http://www.dhs.gov/xlibrary/assets/nipp_annrpt.pdf

[5] Environmental Protection Agency,. May 2007. “Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan“.  Source accessed 1-20-10: http://www.epa.gov/safewater/watersecurity/pubs/plan_security_watersectorspecificplan_executivesummary.pdf

What is Information Sharing Analysis Center-ISAC?

Shared responsibility for any mission or charter takes a concerted effort by all participants to ‘think’ and ‘be’ collaborative. I think the critical infrastructure protection plans for each sector are best served and will be most effective when both the public and private sectors work jointly toward common goals.

I find when I research topics in business continuity that there seems to be dozens of different government agencies, divisions, and organizations, with many different names, acronyms, and structures. What can sometimes be confusing is how do all of these organizations deal with important threat data in an efficient and effective manner.

The Multi-State Information Sharing and Analysis Center-MS-ISAC was established in 2003. It “is a collaborative state and local government-focused cyber security entity…”[1] designed to “…enhance cyber threat prevention, protection, and response and recovery…”[1]. The center(s) operate 24×7 and provide monitoring, data collection, analysis and information sharing on cyber security threats.

In the MS-ISAC annual report, the organization describes several noteworthy activities which demonstrate a cooperative attitude of sharing, particularly among states and between the public and private sector. For example, there is a state-specific portals operated by MS-ISAC. The states can share information between each other regarding “…cyber security advisories and information, securing messaging, policies, white papers and other information to help that state enhance its cyber security posture”. [1]

A few examples stood out for me. One was the practice scenario exercises conducted by MS-ISAC. An exercise, conducted in March of 2008 and called CyberStorm II, involved individual states, five countries, 18 federal cabinet-level agencies and more than 40 private sector companies.[1]

The other example was the SCADA Procurement Project[1] which “…is a joint effort among public and private sectors focused on development of common procurement language that can be used by everyone. More than 400 individuals from the public and private sectors around the world are participating in the SCADA Workgroup.”[1]

What I find encouraging is the collaborative nature of all of these efforts. Even the Department of Homeland Security-DHS describes a transformation statement focused on becoming the type of culture to “…foster an information sharing environment that ensures the right information gets to the right people at the right time”. [2]

I don’t believe that the ISAC is the only answer, however, a central clearing house concept, along with modern electronic access and networking, may be a significantly good solution. In the end, it’s all about good data versus not so good data and what to do with the data once it is shared.

Reference

[1] Pelgrin, William F., 2008. “Multi-State Information Sharing and Analysis Center Annual Report”.  Source accessed 1-20-10 http://www.msisac.org/about/documents/MSISACAnnualReportJanuary2008throughDecember2008.pdf

[2] Department of Homeland Security,  April 18, 2008. “Department of Homeland Security Information Sharing Strategy“,  Source accessed 1-20-10: http://www.dhs.gov/xlibrary/assets/dhs_information_sharing_strategy.pdf

Protecting Critical Infrastructure

To protect our water is a shared responsibility, as is protection of all of our critical sectors. I believe in today’s age of terrorism, it is incumbent upon private sector companies to be held accountable in fair ways for actively participating in this protection. The government can act as enabler by providing awareness, education, guidance, and expertise. However, it is still up to individuals and companies to carry out the strategies necessary to keep us all protected. For me, the drinking water is the key sector.

The vast majority of critical infrastructure is owned, operated, and controlled by the private sector. [1] The United States government does directly operate and control several critical functions and has authority to regulate many of the private sector infrastructures. However, on a regular daily basis, the strategy, management, and operational control for security and protection resides with the private sector. [1]

The critical infrastructure at James Madison University is similar to that identified by the US government and is divided into the following sectors:

• “Agriculture
• Banking and Finance
• Chemicals and Hazardous Materials
• Defense Industrial Base
• Emergency Preparedness
• Energy
• Postal and Shipping
• Public Health
• Telecommunications
• Transportation
• Water” [2]

This list appears to be a complete list, since most of the subordinate and corollary functions of each infrastructure are included for each. However, I would think that as the subordinate ripple businesses are more and more removed from the primary infrastructure, that the attention to security diminishes. This is a my supposition based on some general reading but also common understanding of how small and medium-sized businesses operate.

There is no way for any government or entity to possibly control all security at 100%. I do think that the strategy which rose from the Department of Homeland Security-DHS [1] work in the past decade (since the tragic events of 9-11) and all that has been implemented, is probably well focused and successful.

The eight guiding principles of the strategy that supports the national infrastructure security policy are:

1. Assure public safety, public confidence, and services;
2. Establish responsibility and accountability;
3. Encourage and facilitate partnering among all levels of government and between government and industry;
4. Encourage market solutions wherever possible and compensate for market failure with focused government intervention;
5. Facilitate meaningful information sharing;
6. Foster international cooperation;
7. Develop technologies and expertise to combat terrorist threats; and
8. Safeguard privacy and constitutional freedoms.[1]

I do not have enough data or information know which sector is most vulnerable. Based on a reading of the DHS and other work [3, 4], I still believe that our water supply is most at risk. Humans can live without technology for same period of time. Now, today, of course we know that technology runs everything including the power and water plants. Nevertheless, staying alive requires sustenance and water is necessary to survive past 2-3 days at moderate temperatures, longer if it’s colder [5].

Let’s protect it all, but let’s protect the water first.

Reference

[1]  February 2003. “The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets-The Strategy“. 8-11, Source accessed 1-19-10: http://www.dhs.gov/xprevprot/publications/publication_0017.shtm

[2] James Madison University. May 2004. “Interdependencies: Do You Know What Runs Your World?”. James Madison University’s Institute for Infrastructure and Information Assurance, Source accessed 1-19-10  http://www.jmu.edu/iiia/webdocs/Publications/2004%20Citizens%20Guide.pdf

[3]  Critical Infrastructure Assurance Office (CIAO). (2000). Practices for Securing Critical Information Assets.
http://www.infragard.net/library/pdfs/securing_critical_assets.pdf

[4] George Mason University’s School of Law. Critical Infrastructure Protection Program monthly CIP Report.
http://cipp.gmu.edu

[5] “How Long Can You Survive Without Water?“. Source accessed 1-20-10:

http://www.survivaltopics.com/survival/how-long-can-you-survive-without-water/

Plan for Crisis Commications

The Colorado Non Profit Association defines the purpose of a crisis communications plan “To effectively manage communications through a formal, clearly defined channel in order to mitigate crisis, or serious negative repercussions for the Association or the sector, and maintain a reputation of leadership and transparency on vital issues and breaking news.”[1]

Crisis communication systems can fail for several reasons usually associated with lack of preparation, not knowing the audience, inappropriate selection of a spokesperson, lack of adequate or timely information, human error in judgment, and inadequate or no use of known workable tools.

A mid 1990′s reverse, almost tongue-in-cheek approach to understanding crisis communications is presented by Bernstein who suggested these pitfalls to avoid:

• “Play Ostrich Hope that no one learns about it.
• Only Start Work on a Potential Crisis Situation after It’s Public, be defensive and foster a look of being unprepared
• Let Your Reputation Speak for You, ‘Arthur Anderson’, [today think, Tiger Woods, Lehman Brothers, Bernard Madoff]
• Treat the Media Like the Enemy, bad mouth a reported in public
• Get Stuck in Reaction Mode Versus Getting Proactive, continue to look as if you’re the guilty party defending yourself.
• Use Language Your Audience Doesn’t Understand, Jargon and arcane acronyms are but two of the ways you can be sure to confuse your audiences,
• Don’t Listen to Your Stakeholders, practice narrow thinking from only your viewpoint

• Assume That Truth Will Triumph over All, You have the facts on your side, by golly, and you know the American public will eventually come around and realize that.
• Address Only Issues and Ignore Feelings, ‘the green goo which spilled on our property is absolutely harmless to humans.’
• Make Only Written Statements, it’s impersonal and some people think it means you’re hiding and afraid.
• Use “Best Guess” Methods of Assessing Damage, “Oh my God, we’re the front page (negative) story, we’re ruined!” Congratulations — you may have just made a mountain out of a molehill.
• Do the Same Thing Over and Over Again Expecting Different Results, The last time you had negative news coverage you just ignored media calls, the result was a lot of concern amongst all of your audiences, internal and external, and the aftermath took quite a while to fade away.” [2]

At the heart of communications is planning. Planning and appropriate preparation can go a long way toward ensuring a more successful outcome to any situation.  Here are the key elements I would include in a plan which can counteract weaknesses of communication systems [3][4]:

• Have a plan and make the plan part of an overall communications program
• Practice the plan with the people most likely to participate during the crisis
• Select practice scenarios most likely to occur
• Be flexible and nimble, as most crisis change rapidly which may require a modified action plan
• Create a formal Crisis Management Team
• Develop criteria specific to your environment and then select an suitable spokesperson

Reference

[1]   “Crisis Communication Plan Nonprofit Toolkit“.  Colorado Non Profit Association. Source accessed 1-13-10: www.coloradononprofits.org/crisiscomm.pdf

[2]   Bernstein, Jonathan. 1996. “Crisis Management-Making a Crisis Worse: The Biggest Mistakes in Crisis Communications“. Source accessed 1-13-10: http://www.bernsteincrisismanagement.com/docs/the_biggest_mistakes_in_crisis_communications.html

[3] Hoffman, Judith C. (2008). “Keeping Cool on the Hot Seat-Dealing Effectively with the Media in Time of Crisis“.  Section III- Understanding Your Audiences.

[4] Melanie L Herman, & Barbara B Oliver. (2002). “A primer for crisis management“. Risk Management, 49(1), 48-53.  Retrieved January 13, 2010, from ABI/INFORM Global. (Document ID: 98406669).

Crisis Communications

People communicate in different ways, that’s part of the nature of being ‘individual’.  Knowing something about those different ways, particularly during a crisis, can help the spokesperson deliver useful messages.[1]

It’s often said that good communication is a two-way street requiring an exchange of information, feelings, thoughts, and not just a unidirectional push of data. Developing a flexible but practiced process allows for a more effective exchange. During a crisis is not the time to ‘wing it’. The employees, citizens and other constituents don’t appreciate misinformation and so a practiced process makes good sense. [2]

During a crisis, a good communications process would include the answers to the most simple and basis questions and a designated time for delving further into detail. Good communications provides timely, accurate, and useful information to those that need it in a manner best received by the audience. [3] The manner of dissemination of information can be a variety of tools and depends on what is available in combination with how the audience is best able to hear or obtain the information.

According to standards established by NFPA 1600, Emergency Response Plans should include a crisis communications process and that plan should be integral to the response plan.

Reference

[1] Hoffman, Judith C. (2008). “Keeping Cool on the Hot Seat-Dealing Effectively with the Media in Time of Crisis“.  Section III- Understanding Your Audiences.

[2] Melanie L Herman, & Barbara B Oliver. (2002). “A primer for crisis management“. Risk Management, 49(1), 48-53.  Retrieved January 13, 2010, from ABI/INFORM Global. (Document ID: 98406669).

[3]  Norwich University. 2008. “Principles of Incident Management and Emergency Response-Crisis Communications“.  MSBC Lecture Week 5-pg 2. Norwich University School of Graduate Studies.

[4] NFPA. 2007 “NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs“. 2007 edition Section 5.10 Communications and Warning. Source accessed 1-12-10: http://www.nfpa.org/assets/files/pdf/nfpa1600.pdf

Use of Social Media During Crisis Notification

With an aging population and boomers leaving the workforce, some planners may begin to think of new ways of reaching employees, students, and citizens during a crisis. In the past, phone calls, company bulletins, loudspeakers, and the news media were the primary forms of information dissemination. Today, that may still be the case for millions of people.

Going forward, we find more and more generations to be more connected through social media. There have been some successful demonstrated uses of social media to alert people during emergencies, for example, last year “in May 2009, the Los Angeles Fire Department (LAFD) informed the public about numerous incidents through Twitter”[1].

I believe that emergency planners need to considerate less traditional and more suitable means to reach people during a crisis. Such means can include:

1. Social media (Twitter[2], Facebook[3])
2. Email
3. Electronic software SaaS tools [4] (computer accessible text messaging, automated phone tree announcers)
4. [continue] Traditional communication outlets (news media, audible sirens and announcers, phone trees)

In my newest case study, a local community college system, the management is making use of one of the many communication tools, this one called ConnectED by Blackboard. [5]. According to the Manager of Public Safety[6], the system works quite well in simulated scenarios and has been put to the test during major weather events and power outages which closed the school campus.

The use of such tools as that at the college campus system allow for the early warning of crisis or major events, the message can be tailored to the audience, the audience can be told what to do, where to go or not go, and when the crisis has changed or concluded.

The cons include not being able to reach those people who are not connected to social media, not using a cell phone, not able to get a signal with a cell phone, out of power and unable to read email, and those in a section of a building or area of business/campus/town that is out of range.

Nevertheless, I believe that the advantages of using multiple ways of communicating, including new tools, outweigh the disadvantages.

Reference

[1] Collins, Hilton. 27-JUL09. “Emergency Managers and First Responders Use Twitter and Facebook to Update Communities“. Source accessed 1-13-10: http://www.emergencymgmt.com/safety/Emergency-Managers-and-First.html

[2] www.Twitter.com

[3] www.Facebook.com

[4] Webopedia. “Software as a Service. Source“. accessed 1-13-10: http://www.webopedia.com/term/s/saas.html

[5] Blackboard Inc. 2010. “Blackboard ConnectEd-Reach Thousands in Minutes“. Source accessed 1-13-10: http://www.blackboard.com/Alert-Notification/Connect-Platform.aspx\

[6] Manager of Public Safety at Anonymous Colorado Community College. Interviewed by Andy Amalfitano, 11-JAN10.