EIIP Virtual Forum Presentation March 24, 2004
Improving Homeland Security
Continuing Challenges and Opportunities
Paula D. Gordon, Ph.D.
Moderator, EIIP Technical Projects Coordinator
The following version of the transcript has been edited for easier reading and comprehension. A raw, unedited transcript is available from our archives. See our home page at http://www.emforum.org
[Welcome / Introduction]
Amy Sebring: On behalf of Avagene Moore and myself, welcome to the EIIP Virtual Forum! We are pleased to have this opportunity to bring you a session to mark the one year anniversary of the Department of Homeland Security. Our title is 'Improving Homeland Security: Continuing Challenges and Opportunities' and is based on recommendations put together by our guest one year ago.
Now, I have the pleasure of introducing today's speaker, Dr. Paula D. Gordon, who brings particular expertise in leadership behavior and theory, governmental management, organizational theory and development, and policy analysis and implementation to this issue. She is a writer, analyst, strategist, and consultant. She also serves as a member of the Practitioner Faculty of the Johns Hopkins University and has taught a variety of courses at Johns Hopkins and at other universities on the East and West Coasts.
While at FEMA during the 1980s, she developed issue and options papers in a wide range of issues areas, including the reorientation of national civil preparedness and nuclear attack preparedness efforts towards the "All Hazards" approach in use today. Further biographical information is available on our background page, as well as links to related material you may find useful.
Welcome, Paula. We are delighted to have you with us. I now turn the floor over to you to start us off please.
Paula Gordon: Thank so much to Amy Sebring, Avagene Moore, and the Emergency Information Infrastructure Partnership for this opportunity to share some of my views concerning ways in which the nation's homeland security efforts might be improved. I have provided these recommendations along with some additional recommendations to a few individuals at the Department of Homeland Security and to the staff or members of several commissions. I will be sharing some of these with you today.
What I have tried to focus on are some areas that seem to me to be receiving less that adequate attention. I touch on most all of these recommendations in the report on Improving Homeland Security and in other work that is posted on my Web site at http://users.rcn.com/pgordon/homeland/index.htm.
Please take a moment to look over the recommendations and then I will go over each of them in more detail:
1) Developing and implementing in-service education and training initiatives for those in major roles of responsibility for homeland security:
In-service education and training initiatives are needed for those in roles of public and private sector responsibility. An essential element in all of these efforts needs to be on nurturing a common understanding of the problems, threats, and challenges that face the world post 9/11 and on enhancing skills and capabilities needed to work in collaborative ways to address these problems, threats, and challenges.
In addition to promoting in-service education and training efforts, increased focus needs to be placed on promoting and promulgating of homeland security curricula in academia, particularly in business schools and schools of public administration, public policy, public affairs, public health, computer technology, and engineering.
2) Recognizing and addressing organizational culture challenges:
The implementation of in-service education and training initiatives could do much to address the organizational culture challenges confronting the Department of Homeland Security and those with whom they collaborate. A poster presentation on changing organizations that is posted on my website addresses these concerns. I have also written an article not as yet posted that is based on the ideas in that poster presentation. On request, I would be glad to e-mail anyone interested a copy of the article which is entitled "Transforming Organizations and Maintaining a Healthy Organizational Culture."
3) Greatly increasing critical infrastructure stability and reliability while also enhancing critical infrastructure protection and continuity efforts and stabilizing the economy:
Programs, policies, approaches and strategies are needed that are designed to ensure the stability and reliability of critical infrastructure while also enhancing critical infrastructure protection and security. The general thrust of such efforts would be the restoration, rebuilding, preserving, protecting, and securing of the nation's critical infrastructure and critical assets. This would include the nation's critical physical infrastructure as well as emergency services and public health and medical services.
A purpose in engaging in such efforts would be to enhance economic security and individual, community, and societal stability, while at the same time enhancing the security of the nation in general. Such multi-purpose actions are needed to minimize cascading impacts that future events could have. If the public sector does not assume the lead role, or assume a role as facilitator of public and private sector efforts, it is imperative that the private sector assume the leadership role.
4) Launching a comprehensive strategy focusing on cyber security, the Internet, and complex digital systems:
Programs, policies, approaches and strategies focused primarily on enhancing cyber security, securing the Internet, and ensuring the reliability and security of Program Logic Computers, Digital Control Systems, and Supervisory Control and Data Acquisition Systems are needed. All of these play a significant role in the nation's critical physical infrastructure. All play a critical role in national security, economic security, and individual, community, and societal security.
Strategies focusing on improving cyber security comparable to those developed and implemented for Y2K need to be spearheaded by the private sector or through public/private sector efforts, if the Department of Homeland Security, the National Institute for Standards and Technology, Congressional Committees, and/or the General Accounting Office or others do not assume lead roles in facilitating such efforts.
5) Focusing on the development of disaster resistant communities, states, and regions:
Private/public sector efforts are needed that aim at developing a "disaster resistant" nation with disaster resistant communities, businesses and industries, states, and regions. By becoming as "disaster resistant" as possible, cascading impacts that could be expected to occur as a result of any of a variety of potential events or tactics would be minimized or mitigated, if not prevented altogether.
DHS and FEMA/DHS need to emphasize the building of community-based and regional public/private sector efforts. Seattle, Washington and Jefferson County, West Virginia serve as two examples of such efforts. Existing efforts and networks that already aim at developing "disaster resistant" communities, businesses and industries, etc., need to be strengthened, used as models, and built on. Information concerning best practices and model approaches need to be widely available. Informal or formal technical assistance and mentoring need to be provided. The American National Red Cross could be a key player in such efforts.
6) Fostering an all hazards approach to emergency preparedness:
Emergency preparedness efforts, including attention to all phases of the emergency management cycle, are needed at all levels of society. There is a need to increase the number of days that individuals, families, work places, communities, and regions are prepared to be "self-sufficient" in the event people are unable to leave their homes or work places or travel freely. Such a situation could occur owing to any of a variety of events.
During Y2K preparedness efforts, some jurisdictions emphasized the need for 7 - 10 days of food, water, and medical supplies. Prior to Y2K, government guidance for disaster preparedness for natural disaster extended to two to three weeks of supplies. Currently guidance seems to focus on 3 days of supplies. Public and/or private sector leadership is needed to stress the goal of a vastly increased level of emergency preparedness for individuals, families, workers in the workplace, or communities.
The American Red Cross could play a major role in such efforts. Putting such measures in place could significantly minimize problems, including unnecessary hardship and potential social unrest that could otherwise be expected in the aftermath of any of a variety of natural, technological, or manmade events. An 800 number that people could call for advice such as the Public Information Center that existed for Y2K needs to be reinstated now. Not everyone has ready access to a computer. Not everyone is computer literate and even those who are may not be getting the answers they are seeking online or through the publications that they can request online or by an 800 number. Such a Homeland Security Public Information Center could also be used for rumor control.
7) Recognizing the most obvious vulnerabilities that could involve the greatest loss of life and destruction and taking steps to protect against and minimize the results of possible attacks and disruptions involving these elements of the nation's critical infrastructure:
The concerns that many involved in Y2K efforts had shared need to be revived again today. Actions need to be taken to ensure that those elements of the nation's critical infrastructure that could cause the greatest loss of life and damage should have primary attention: nuclear power plants, chemical plants, hazardous materials sites, pipelines, the electric power grid, agriculture and live stock, food supplies, transportation systems, water purification plants and distribution systems, and waste management and treatment systems.
The same concerns for worst-case scenarios that were considered during Y2K need to be considered again. Indeed, even the threats posed by cyber-warfare and cyber-terrorism could result in similar scenarios. (My White Paper on Y2K is archived on my homeland security website. These concerns were more fully discussed there in Part 2 of that White Paper. They are also touched on in an article on Y2K lessons learned and legacies that is posted on the website.)
8) Giving adequate attention and resources to interim, less than perfect, "make-do" plans and strategies as well as plans and strategies that can be ready in the near term:
Planning for the distant future alone is not sufficient. Indeed undertaking assessments that focus on minutiae may yield more information than is necessary or useable. Far more attention needs to be given to less complete approaches to dealing with incidents or catastrophes. While putting in place long term comprehensive strategies, we must also be ready to take action had an event occurred yesterday or if one were to occur today or tomorrow. Such approaches would place far more reliance on taking immediate practical steps to deal with the situation at hand.
Some instructive examples of how real world disasters can be addressed include the efforts of ESRI, E-Team, SAP, and Hewlett Packard and the support they provided to those who managed the response to the California Wildfires. There is also much to be learned from the New York City's response to 9/11. Leadership, pre-existing relationships, exercising, and preparedness and contingency planning made public and private sectors far more effective than they would have been otherwise.
9) Establishing at the highest levels of the Department of Homeland Security an internal think-tank, strategic planning, proactive, problem solving, troubleshooting arm that would, among other things, identify and address problems that no one presently "owns"
Such an arm of DHS could do much to keep any of a wide range of challenges, problems, and opportunities from slipping through the cracks. Mini-efforts modeled after the one that could be placed in the Office of the Secretary or the Deputy Secretary might also be created within each major component of the Department.
In the poster presentation on my website entitled "Recognizing and Addressing Problems of Scientific and Technological Complexity," I outline three such problems that are slipping through the cracks because they do not fall within the mission of any given entity of government, any Department, or any part of a Department. Proactive steps need to be taken to address these problems, challenges, and missed opportunities.
10) Organizing and implementing clearinghouse efforts that incorporate technical assistance support services:
Clearinghouse efforts that foster best practices and lessons learned in a broad array of areas could do much to advance homeland security efforts. An article on my website entitled "Using E-Technology to Advance Homeland Security Efforts" mentions the need for such efforts as does the poster presentation also posted on my website entitled "Successful Knowledge Transfer."
11) Fostering the use of the Homeland Security Impact Scale as a means of providing a common context for understanding the continuing impacts of 9/11 and the impacts of possible future attacks or tactics:
A section in my report on "Improving Homeland Security and Critical Infrastructure Protection and Continuity" is devoted to a simple survey tool that was used by those in the Washington DC Y2K Group to gather assessments from the 300 or so members of that group concerning what the possible impacts might be as a result of Y2K-related technology problems. I have adapted this scale for use in assessing homeland security impacts.
We will pause so you may review the scale at:
A primary value of the scale is that it forces individuals to consider what the impacts of 9/11 have been. It provides a common context or frame of reference to use when discussing what those impacts have been and what the impacts of possible future attacks or tactics could be. Use of the Impact Scale may even suggest steps that are needed to minimize past impacts as well as possible future impacts.
In closing, this last slide lists and provides links to a number of the resources available on my Website, including some that I have mentioned during this overview:
Thank you for this opportunity to share these recommendations with you. I would be pleased to hear your questions and comments, and if you wish to follow up offline, I can be reached at firstname.lastname@example.org . I now turn the floor over to our Moderator.
Amy Sebring: Thank you very much, Paula.
[Audience Questions & Answers]
Rick Tobin: I agree with your analysis on Critical Infrastructure Protection improvements, but the challenge lies in finding the funding. Have you any policy thoughts on that?
Paula Gordon: My primary concern at this point is getting everyone on the same page with regard to our understanding of the nature and scope of the challenges. I don't think we are there as yet.
Roger Hovis: Lawmakers have told the Department of Homeland Security they were concerned that a too-narrow focus on terrorism and a reorganization of the federal grants is undermining the nation's ability to deal with other disasters. I believe this is our primary message to DHS.
Paula Gordon: What has been done has been done. We must now try to improve and broaden the scope of our efforts.
José Musse: This available in Spanish language guidelines "disasters resistant" in reference to a Weapons Massive Attack?
Paula Gordon: I do not know if there are guidelines in Spanish. I do know that Barbara Miller's Project Impact group has been focusing on terrorism concerns. You may wish to contact her or Inez Pearce.
William R. Cumming: Do you have any evidence the administration is going to label small/medium natural disasters as not a federal problem?
Paula Gordon: I was concerned that DHS did not seem to be playing a major role in the Northeast blackout. I would have expected that they would have played more of a role.
William R. Cumming: Was it declared as a disaster? The Northeast Blackout?
Paula Gordon: I don't know that it was. Perhaps someone else here would know.
Ray Pena: We all say 9/11 changed everything. Where do you rank the events of 9/11 (and subsequent anthrax attacks) on your Impact Scale?
Paula Gordon: I would say that we are at a 3 or a 4 on the scale as a result of 9/11.
Jennifer Vuitel: When you discuss organizational culture, what level are you focusing on, or are there suggestions for local, state, etc.?
Paula Gordon: Organizations at all levels. I have a particular concern for DHS and for those portions of the Federal government that are most involved in homeland security.
Barry Hoerz: As a Fire/Law Enforcement Chaplain, I am concerned about the organized efforts of creating Critical Incident resources for post-event scenarios. Where can Chaplains fit into the planning?
Paula Gordon: I would hope at every stage of preparedness planning, response, and recovery.
Larry Clavette: How is the communication process faring between the DHS and agencies such as FEMA, particularly, in regards to sensitive information?
Paula Gordon: I have concerns in general regarding communication and collaboration between the various elements of DHS, no less so with FEMA, which of course is now a part of DHS.
Kyle Cleveland: John Kerry has expressed that the "War on Terror" should be a law enforcement issue. As an insider, do you know what his plans would be to change DHS and its role in this effort?
Paula Gordon: I have no knowledge of what ideas he may have on homeland security efforts.
Ed Purvis: Looking at disasters internationally, the initial response is always local -- government agencies are later. Inertia, jurisdiction and bureaucratic problems enter. Add communications (equipment and cultural problems), and the response must be local.
Paula Gordon: I don't agree that all responses are local. The response to the California wildfires is a good example of where there was public/private sector collaboration that involved all levels of government.
Rick Tobin: The use of technology to manage all hazards is becoming a problem in itself. I've seen a lot of money wasted on buying technology without first asking what it was needed for, and desired outcomes. A lot sits unused because of no everyday use. Any thoughts on this quandary?
Paula Gordon: I do try to address it some in work that is on my website. See especially the piece on "Using E-Technology to Advance Homeland Security Efforts." There are also some ideas on this in the report on "Improving Homeland Security and CIP".
Kevin Wilson: You commented on several weeks of supplies instead of a few days; why do you feel the need for this longer period of time?
Paula Gordon: For a couple of reasons: One is that people could share with neighbors if need be. Another is that there would be less likelihood of the social fabric coming apart due to civil unrest and the like. People would also be in a better place psychologically if they were homebound and yet had the basic necessities.
Tom Johns: With respect to the "All hazards approach to Emergency Response Plans (ERPs)" (#6), what assistance or legal requirements do you envision in the future that might mandate, or at a minimum, encourage businesses and governments to possess ERPs?
Paula Gordon: It may well be that it will be necessary for the private sector to take the lead in this as well as other areas. I have been encouraged by the work of the U.S. Chamber of Commerce and I think that they and the Homeland Security Industrial Association, plus Ken Watson's group, Partnership for Critical Infrastructure Security (PCIS), could assume key leadership roles.
Claire Reiss: Do you think the public has adequate information about realistic steps it can take to protect itself and prepare for an event? I have read comments lately that the public is in denial, and therefore has not prepared, but it seems to me that some of the recommendations have been somewhat overwhelming. (Keeping a car packed at all times with extensive emergency supplies, for example.) Is it possible that they have just given up?
Paula Gordon: I think that the public might well be encouraged to do more and do more basic things, particularly at first. There needs to be leadership and understanding about awareness and preparedness. Educational and awareness development efforts could be much better thought out.
Kyle Cleveland: Let me rephrase my earlier question: Do you feel that we will EVER reach "stasis" on the responsibilities of all of the alphabet soup agencies? Even after the election?
Paula Gordon: I think that if leaders in the private sector were fully apprised of possible scenarios that could evolve, they would be inspired to take the initiative if it is not being taken by the public sector. This could come about as a part of the election year dialogue. Whether it will or not is a real question.
William R. Cumming: In the case of a Weapons of Mass Destruction (WMD) event, do we (the public) know who, what, when, where the feds will show up and who is specifically in charge or coordinating any better now than on 9/12/01? If a WMD event occurs today what "Plan" is used? I don't believe either the National Incident Management System (NIMS) or the National Response Plan (NRP) are effective, so it would be the Federal Response Plan (FRP), Federal Radiological Emergency Response Plan (FRERP), National Contingency Plan (NCP) in some permutation and combination, and state and local Emergency Operations Plan (EOP) and WMD annexes.
Paula Gordon: TOPOFF 2 reports would seem to indicate that there are real concerns that have yet to be adequately addressed when it comes to coordinate response efforts and determining who has responsibility for what. I wonder if it would not be far more effective to focus next on assimilating lessons learned and creating better and more viable networks and better mutual aid agreements, and engaging in tabletop exercising at increasing levels of challenge before trying to address far more complicated scenarios.
Bill, to respond to the second part of your question, that is a real challenge. I think we need to be thinking in terms of at least three approaches to planning and action. The first being what we would be doing if something had happened yesterday or if something happened tomorrow. The second being what we might be doing in six months or a year from now given that amount of time to refine our "immediate" plan of action; and the third being a more comprehensive approach we will need to work on for several years to come.
Larry Clavette: Regarding our borders - I've heard several strategies discussed for tighter security against illegal immigrants. Have you heard recently of any particular strategies that seem, at the least, adequate?
Paula Gordon: Larry, that is not an area that I have been focusing on and would be hesitant to make any statement about it that were not better thought out.
David Graham: Are you aware if DHS has any surveys or other information on the percentages or numbers of companies and government agencies that have emergency response plans in place and/or where such information might be found?
Paula Gordon: I am not aware of any such surveys that have been done by DHS. The folks involved with CPM East and West have had presenters at their conferences who have addressed such matters. The U.S. Chamber of Commerce might also be a source of information, plus a number of other organizations concerned with business continuity. You might want to have a look at my January 6, 2004 listing of references and resources to identify some of those groups.
Amy Sebring: Thank you very much, Paula, for your time and effort. Great job! We hope you enjoyed the experience.
Paula Gordon: Thank you all for your kind words and for the opportunity to share ideas with you.
Amy Sebring: Please stand by while we make some quick announcements.
The transcript will be posted late tonight and you will be able to access it from our home page or the background page. We also have a great archive of transcripts which you can access by topic from the home page.
If you are not currently on our mailing list, and would like to get program announcements and notices of transcript availability, please see the Subscribe link on our home page.
We have three new Partners to announce:
If your organization is interested in becoming an EIIP Partner, please see the 'Partnership for You' link on our home page.
Thanks to everyone for participating today. Great questions and comments. We stand adjourned but before you go, please help me show our appreciation to Paula for a fine job.