Last week the House Homeland Security Subcommittee on Emergency Communications, Preparedness and Response held a hearing on FEMA’s C2C program. C2C is designed to help states and localities manage their homeland security preparedness grants by providing a mechanism to apply for grants and measure the effectiveness of those grants across a range of capabilities that involve terrorism prevention, protection, response and recovery. In short, Congress was very concerned about the financial cost of the C2C program and its ability to actually deliver on its objectives. As one who participated in the C2C pilot program, I share many of those concerns and passed them onto FEMA over the summer. The bottom line is assessing capabilities and measuring the impact of homeland security investments, whether they be federal grant funds or state or local general funds, is a very complex endeavor that requires a “system of systems” approach. A single, one size fits all tool cannot manage such a huge task in a country as large and diverse as the United States.
A system of systems approach to measuring preparedness and what investments should be made in the future based on current levels of preparedness must be conducted as part of a larger planning process. Such a planning process must be one that a state, region or locality (hereinafter “jurisdiction”) uses for its own homeland security needs. In other words, to get real data, the jurisdictions must actually use the data for their own purposes beyond simply answering a federal data call. If FEMA and Congress want to gain access to such information, the homeland security community will have to establish an agreed upon process at all levels of government, and the private sector, to annually go out and capture this data. Doing so will involve several key steps each of which may involve one or more tools from software to services in order to access and analyze the data:
1. Assess Risks – What are the risks the state or locality faces from acts of terrorism, natural disasters or potential man made accidents. Said another way, what are the bad things that are most likely to happen in my community. Without this information you are literally shooting in the dark. These risks can often be summarized in the form of scenarios such as terrorist truck bombings, wildfires, earthquakes, or a chemical spill etc. Each jurisdiction will have its own set of unique risks. For example, the risk of a hurricane is limited in northern California but high in the Gulf Coast states. The risk of a terrorist truck bombing is higher in New York City than in Dubuque, Iowa and so forth. The private sector has already developed tools to address this first and critical task.
2. Identify Capabilities – Once you have established and prioritized the risks your jurisdiction faces you must identify the capabilities necessary to prevent, protect against, respond to and recover from such risks. Here, the federal government has produced a few useful tools: the National Incident Management System’s resource types used for identifying, locating, requesting, ordering, and tracking resources, and the target capabilities list, which is a list of 37 capabilities broken out among the four core mission areas of prevention, protection, response and recovery. The TCL includes capabilities ranging from Intelligence Analysis and Production to Structural Damage Assessment. Some jurisdictions may have a need for all 37 capabilities while others may need fewer. While the TCL needs significant work to establish agreed upon metrics behind each capability, it is a good start.
3. Assess Capabilities – At this point, the jurisdiction must assess its level of capability across the TCL’s especially those deemed most needed to address the highest risks faced by the jurisdiction. The point is to develop a gap analysis to see where the key capability deficiencies rest. This can be done through a number of methods to include questionnaires for public safety subject matter experts in the jurisdiction; a NIMS based resource inventory; a review of after action reports from exercises and real world incidents; an analysis of current operational and tactical level plans etc. Tools for this step have been developed by the federal government and the private sector.
4. Develop Goals and Objectives – Once all of this data has come in and is analyzed, it must be used to develop homeland security goals and objectives. Such goals and objectives must be tied directly to filling the gaps in capabilities most needed by the jurisdiction to address its highest risks. This can be done in the form of a homeland security strategic plan and spending plan going forward.
5. Develop Investment Justifications – Once the planning is complete, the jurisdiction must then develop an investment justification for the federal government for grant funding or some type of equivalent for its general fund budget. The goal is to outline in a convincing and data driven way what funding you need and why. This is the step C2C was trying to address most directly, but without having adequately gone through the prior four steps or developed metrics for evaluating investments and their impact on capabilities.
Finally, the federal government has used the fact that it provides grant funds to states and localities to demand answers to the questions surrounding the current level of local and state preparedness. However, the federal government has paid far less attention to measuring its own level of preparedness. For example, how capable are the FBI and Customs and Border Protection (CBP) at the TCL Counter-Terrorism and Law Enforcement and where is FEMA at Critical Resource Logistics and Distribution? The answers to these questions will directly impact the meaning of state and local answers to such questions since no level of government operates in a vacuum independent of the other levels of government when it comes to homeland security.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment