Natural and man-made disasters such as hurricanes, wildfires and terrorist attacks can present unexpected challenges that are notoriously difficult to prepare for. Technology plays a growing role in how emergency managers address these challenges, monitor for new information, and communicate in the field.
This list shares the wisdom of those who learned important lessons during their emergencies. These are the stories and words of advice from emergency managers and first responders who helped their communities pull through trying events, often in unexpected ways.
1. Expect your technology to fail
Redundant systems are a response to the idea that anything can break. But even with backups in place, overconfidence in technology can be just as harmful as a lack of planning, warned Jay Bowden, an emergency planner at the city of Newport News, Virginia. Bowden says he’s worked in emergency management for 35 years “in some form or fashion,” watching as technology has eased the lives of those who use it but simultaneously eroded skills that are potentially critical during times of emergency.
“I’m not sure my grandson would survive in a shelter once the battery died on his iPad,” Bowden said. “Everything now relies on electricity, right down to the water supply, sewer. You name it, it’s got a plug on it.”
Back in 1993, when he was a deputy director for the Mayor’s Office of Emergency Management in Nashville, Tennessee, the city faced an unusual ice storm that reminded local authorities that technology doesn’t always work as planned. Incidentally, the storm came just weeks after the city had launched a new emergency response program.
“We had [plan] notebooks that hadn’t even been passed out when it happened,” Bowden said.
The storm was unique, he said, because the region lost many of its power lines and transformers, but the roads somehow remained ice-free. Bowden said he and his team had been in their emergency operations center for three days responding to the storm when they received an unwelcome surprise.
“We learned there was an entire community up in one of the rural parts of our county that was completely without power,” Bowden said. “They had lost telephone service, they had lost all communications, so they had no way of letting anybody know there was a problem.”
Police cars were supposed to be patrolling that area, and there was a fire department there, but no one radioed for help. Bowden said he never quite figured out why it happened that way, but the incident taught him a valuable lesson.
“It was one of those miscommunications where somebody thought that somebody thought that somebody else had done something else,” he said. “But the bottom line was that the public couldn’t call for help, couldn’t call for 911. They didn’t have any power.”
The lesson, he said, was never to expect that something is working right just because nobody says it’s broken. In 1993, the way to check that a region had power was to call a facility that had an answering machine or a fax machine, such as a school, and see if it picked up, but because there was no specific plan outlined to check on the community that had gone without power, no one did.
That day also reinforced in Bowden the idea that people who enjoy the comforts of city life tend to lose the self-reliance and survival skills that often accompany life in a rural area. Nothing disastrous happened, he said, and the people who lived in that area knew how to build fires, heat up food outside and make do. But not everyone does, and those skills are becoming increasingly rare, he pointed out.
“That’s the whole thing about technology,” Bowden said. “We’re running hard into it because it makes our lives so much easier and so much quicker and so much everything. But in the course of doing that, we lose track of what we might be losing, too.”
2. Don’t fall victim to information paralysis
As a meteorologist and not a trained emergency management specialist, Derek Arndt said he was not prepared for the onslaught of information confronting him several years ago during a field study for a new type of radar system.
While leading a weather-data training and provisioning crash course in Oklahoma called OK-First, Arndt was asked to help in testing a relaitvely inexpensive short-wavelength radar system to fill in coverage gaps for traditional (and expensive) long-wavelength radar systems.
As a supporting researcher, Arndt said he sometimes pretended to be an emergency dispatcher while monitoring the system to get an idea of what it would be like to use it during an emergency. But the new technology turned out to have an “intense” characteristic that he said he hadn’t been prepared for. The traditional radar system delivered updated data every four or five minutes, but the new system delivered a new data point every 60 seconds. More information may sound like a good thing, but Arndt said he noticed it had a strange psychological effect.
“When the updates are 60 seconds, there’s this odd paralysis that happens,” Arndt said. “You think, ‘OK, the next update’s only 30 or 40 seconds away, so I can afford to wait for that one to make my decisions. And then you get that one and you’re like, ‘I can afford to wait for the next one. It’s right around the corner.’ I was paralyzed by this rapid onset, this overload of information.”
Had this happened during a real emergency, Arndt said the way he handled the fast-churning data would have been “disastrous.”
James Hocker, the current program manager of OK-First said information paralysis is definitely something he hears about, particularly for newer emergency managers.
He said there’s no simple cure for it, save awareness that it can happen and practical experience in the field.
3. Trust your threat intelligence
As protests and riots in Ferguson, Missouri, stretched the resources of local authorities in the summer of 2014, the state’s chief information security officer, Michael Roling, said he knew the state would also need help in fortifying Missouri’s cybersecurity efforts and monitoring the public’s activity online.
A united effort across state, local and federal agencies to gather threat intelligence helped public safety and law enforcement identify potential incidents before they happened. Roling said that collecting threat intelligence from social media websites enabled law enforcement to invest their time and resources wisely.
That intelligence allowed agencies to respond effectively to online actors threatening to “dox” law enforcement and inflict damage on the state’s digital services — a plan that was thwarted, he said, because the state knew what to look for.
“We were able to identify key threat actors communicating on open channels like Twitter, and understand their tactics, techniques and procedures,” Roling said.
Roling, who has served as Missouri’s CISO since 2009, told StateScoop that the unrest in Ferguson was the first time he’d seen a coordinated intelligence campaign effort between all three levels of government.
The act of gathering threat intelligence, he said, mostly revolved around homegrown tools at the state and local levels that combed social media, online forums and message boards for mentions of Missouri or other trigger words related to the protests.
Support from federal groups in particular gave the team a chance to stay one step ahead of threats made online, he said. The Multi-State Information Sharing and Analysis Center, U.S. Department of Homeland Security, FBI and the state were all huddled in various channels talking to each other as events were transpiring, Roling said.
“The [online] threat actors, they don’t differentiate necessarily between different forms of government,” Roling said. “They just call it government and go after it. So we had to unify our front — state, local and federal — when it comes to these styles of attacks, and going back to Ferguson, that was the first big event that I can recall where I got to see that in action and be a part of it and it worked.”
The intelligence Roling and his team gathered helped back up law enforcement on the ground and also bolstered government services online.
“[Threat intelligence] should shape everything from network endpoint all the way to the human, because the human is the number one attack target and will continue to be in perpetuity,” Roling said. “Understanding how they’re being attacked is absolutely critical because you can educate your employees as to what to look for.”
4. Standardize your data
The wildfires that tore through California’s wine country last October gave residents little time evacuate or check in on their loved ones. And for the most vulnerable residents — hospital patients, residents of mental health and long-term-care facilities, and kids enrolled in daycare centers — the fires were even more dangerous.
Inside the California Health and Human Services Agency, which oversees the state’s hospitals and other care centers, state workers scrambled to account for the facilities within range of the blaze.
But it was chaotic at first.
Marko Mijic, the agency’s assistant secretary for program and fiscal affairs, recalled that the early effort to determine which facilities were safe was challenging for a rather simple, but easy-to-avoid reason: agency offices contacting affected facilities were collecting data differently from each other.
That left CHHS with an incomplete picture of which of the 3,000 facilities it regulates in Northern California were out of the fires path and which needed to be evacuated.
“How people were collecting addresses across departments was completely different,” Mijic told StateScoop. “We had no way to aggregate the data we had and no way to give a holistic look at the data.”
Compiling all the data into a usable format took nearly two weeks, during which CHHS had to send employees into the field to verify the status of facilities that weren’t accounted for. In the meantime, CHHS couldn’t always help panicked residents who called about the well-being of their relatives receiving treatment at unverified facilities.
“We had the public calling us, wanting to know where their family members were,” Mijic said. “We needed a better way to communicate.”
The response to the Northern California fires wasn’t a complete debacle. Mijic and CHHS’ then-deputy secretary, Michael Wilkening, established a task force to secure medical and care facilities out of the state operations center, which helped the agency figure out which sites needed to be evacuated, and when could be repopulated.
In an ideal emergency response, Mijic said, CHHS would have uniform datasets that could be loaded into a publicly accessible dashboard tool that residents could use to get updates in real time.
When more fires broke out in Los Angeles and San Diego counties last December, Mijic and his team had learned its lesson about data collection. A full-blown public dashboard wasn’t ready yet, but CHHS had set up a tool that was essentially just an Excel spreadsheet with standard data fields. Within 48 hours of the first outbreak on Dec. 4, Mijic said, CHHS had aggregated the statuses of 2,500 facilities into a map that helped the agency determine which needed to be evacuated first.
Wait, there’s more! Cyberattacks, the importance of communication and the essential step of battle-testing your gear — click through to page 2 of StateScoop’s “10 things ‘I wish I had known’ before the disaster hit.’