InfoGram 5-07: February 8, 2007

This InfoGram will be distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures. For further information, contact the Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC) at (301) 447-1325 or by email at emr-isac@fema.dhs.gov.

Good Governance

Good governance can be characterized by predictable, open, honest, effective, and enlightened policy-making. It is certainly a means to accomplish organizational effectiveness among the departments and agencies of the Emergency Services Sector (ESS). Many ESS leaders, owners, and operators would agree that organizational effectiveness strengthens the uninhibited response-ability in all-hazard environments.

The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) asserts that good governance is also about achieving desired results that can enhance critical infrastructure protection (CIP). The ESS history substantiates that without adequate protection of critical personnel, physical assets, and communication/cyber systems (i.e., critical infrastructures), there are no guarantees regarding an organization's ability to complete mission-essential tasks during and/or after a disaster.

Literature on this subject suggests that good governance depends markedly on the cultural norms and values of the organization. EMR-ISAC research indicates that a positive correlation exists between an organization's norms/values and good governance. Considering that good governance can potentially improve the CIP posture of an ESS department or agency, the EMR-ISAC offers the following few universal indicators or norms of good governance from multiple sources:

• Participation. All department or agency officers have an equitable voice in decision-making to acquire excellence and relevance of plans, policies, and procedures.
• Openness. The free flow of information throughout the organization with clarity of language regarding purpose, direction, and motivation.
• Responsiveness. The willingness of senior leadership to respond to the interests, concerns, and recommendations of all personnel within and outside of the organization.
• Accountability. The obligation of all leaders to be responsible for all decisions affecting the organization.
• Efficiency. The delivery of timely results that meet objectives and needs while making the best use of scarce resources.

Continuity Management

Failure is not an option in the emergency services. Regardless of the circumstances, Emergency Services Sector (ESS) departments and agencies must continue to operate and provide critical services to the citizens for whom they exist to serve. Such is why the Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) promotes continuity management as an action to complement critical infrastructure protection (CIP).

Continuity management is not just about surviving. The EMR-ISAC argues that simply surviving is not success for the ESS organization and its community. It really pertains to the measures and techniques that ensure continuity of operations (COOP) and response-ability in an all-hazards environment. Any spending, therefore, can be justified in terms of increasing an essential and expected return on the investment: mission assurance whenever and wherever.

Generally, ESS personnel are about action and results. Hence, the goal of continuity management should be the achievement of results that guarantee COOP and uninterrupted response-ability during and/or after a disaster. Therefore, the EMR-ISAC borrows the following "SMART" mnemonic to guide any continuity management actions that may be implemented by ESS entities: Specific, Measurable, Achievable, Results Oriented, and Time Efficient.

WMD-CST: A Critical State Asset

One of the Emergency Services Sector's (ESS) highly valuable resources was present, but behind the scenes, at last week's Super Bowl: Florida's Weapons of Mass Destruction-Civil Support Team (WMD-CST).

The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) noted a recent announcement that five additional CSTs have been certified, bringing the total number of Department of Defense-certified teams to 47. Eight more teams are projected to receive their certification in September 2007. The U.S. Congress authorized 55 WMD-CSTs, enough to field at least one team in every state, territory, and the District of Columbia.

These National Guard teams assist state governors in preparing for and responding to chemical, biological, radiological or nuclear (CBRN) incidents as part of a state's emergency response structure. Each team's 22 members acquire as much as 800 hours of initial training above their military occupational skill qualification or professional military education requirements.

WMD-CSTs are unique because of their federal-state relationship. They are federally resourced, trained, evaluated, and operate under federal doctrine. But they perform their mission primarily under the command and control of the governors of the states in which they are located. They are, first and foremost, state assets. Operationally, they fall under the command and control of the adjutant generals of those states. As a result, they are available to respond to an incident as part of a state response, well before federal response assets would be called upon to provide assistance.

Teams are equipped with state-of-the-art substance identification and detection equipment, a mobile laboratory system, and a secure digital satellite communications system designed to connect with any agency around the world. Teams and their equipment are completely self-contained and can be airlifted to disaster areas if needed. They typically are airborne-ready within two hours of being notified.

The EMR-ISAC encourages ESS leaders to contact the State Office of Emergency Management as a starting point in establishing a working relationship with their state's WMD-CST. In some states, responder organizations plan and exercise with their team and report the benefits of having established relationships before incidents occur. Links to the websites of individual teams are available at GlobalSecurity.org.

OPSEC for the ESS

The Federal Law Enforcement Training Center (FLETC) in Glynco, GA, announced a three-day course on operations security (OPSEC) designed for all disciplines of the Emergency Services Sector (ESS). Many FLETC courses are tuition free. While tuition is charged for OPSEC for Public Safety Agencies Counterterrorism Training Program (OPSACTP), it is on the list of approved courses maintained by the U.S. Department of Homeland Security's Office of Grants and Training. DHS encourages responder organizations to use Homeland Security Grant Program (HSGP) funds to pay for training according to guidance at FirstResponderTraining.gov.

The Emergency Management and Response-Information Sharing and Analysis Center (EMR-ISAC) affirms that this OPSEC course covers topics that support critical infrastructure protection objectives. Examples of these topics include public safety agency vulnerabilities, threat analysis, threat assessments, OPSEC case studies, communications vulnerabilities, and computer security for public safety agencies. The program also contains a table-top exercise and student work in an OPSEC laboratory. Specific information about the course is available at the FLETC Website.

In addition to FLETC courses, six (hour-long) telecasts are available at its website, including one on the dangers of clandestine methamphetamine labs. Interested individuals should call (800) 743-5382, ext. 3269, to register for a telecast or to request a free CD of a telecast.