Thursday, May 30, 2013

Our national preparedness -- why do we care?

Every year, the federal government produces a report on our country's level of preparedness through the lens of 31 pre-defined core capabilities.  Last year's report went back a full ten years to review improvements in our state of readiness since 9/11.  This year's report looks a 2012, a year filled with a range of natural disasters and cyber-threats, and makes new recommendations in two areas:  the overall resilience of our country's infrastructure, whether in the hands of the public or private sector; and the maturity level(s) of our public-private partnerships around critical infrastructure.

This report relies heavily upon the input of state, local and tribal authorities, so it may not be so surprising that some states and territories do not intend (translation:  have no funds) to improve their core capabilities, but will choose instead to rely upon the federal government.

There were three carry-forward items for improvement:  cyber-security, for which a national physical and virtual exercise took place in 2012, and which banks credit with making them more agile for subsequent events; core-focused recovery, especially in the areas of economic recovery, housing and natural and cultural resources after disasters take place; and  integration of the disabled into actuality rather than just plans, noting that disaster centers set up after Hurricane Sandy lacked the ability to handle the disabled until weeks or months after opening.

Two new areas of focus have been added in this year's report, and will be scrutinized for progress during 2013.  The first is enhancement of critical infrastructure, on both the public and private sector sides.  Areas getting special mention ranged from physical and cyber security to water, transportation, electricity, communications and fuel systems.  Most of these areas are seen as high priority by state, local and tribal entities but are among the five weakest capabilities.

The other area is a topic near and dear to my heart:  critical infrastructure public-private partnerships.  The  National Infrastructure Protection Plan (NIPP) sets out the partnership model between sectors and supply chains.  Two improvements last year were the implementation of a national business emergency operations  center in July of 2012; and the DHS National Infrastructure Coordinating Center, for information sharing between the public and private sectors.  And, to a certain extent, Hurricane Sandy showed improved capabilities on both sides, but government felt it to be a real stretch to maintain capabilities and unity of effort with state and local government over such a period of time.  On the government side, there will be an effort to move toward an integrated multi-agency approach" and to eliminate department-centric bureaucracy.

I'm chairing a session at the 2013 DHS-FEMA Public Private Partnerships conference in Washington DC in late July.  If you have specific recommendations you'd like to make about how the private sector can better align with the government on such preparedness efforts, please drop me a line.  One thing is clear about the report:  it is really a government report, drawing much of its data from the federal, state, local and tribal levels.  Not from the private sector.  My session, the last of the conference, will look at where we go from here, and will look carefully at the role of the private sector that, after all, owns 80-85% of this critical infrastructure that we have been discussing, especially give the challenges in both the cyber and the disaster recovery areas.

Please send on your recommendations to

Monday, May 20, 2013

Earthquakes and the Northwest

The Seattle Times published a good article this morning on the results of scenario tests for the region, based upon various magnitudes of earthquakes. Readers may shiver, but will they actually take steps so that their families are prepared?

Virginia earthquake

There are so many sites where you can go to get a list of what goes into an emergency plan; and what should be part of your emergency kit.  Let me recommend two here: the first is What to Do to Make It Through; and the other is FEMA's own website to help you plan.   

The first chapter of Advice From A Risk Detective also has a list of emergency supplies and items to include in your family's emergency plan.

Earthquakes are serious business. It's likely that homes would be without power or assistance from emergency responders for five or more days if it were a higher magnitude event.  It pays to be prepared.

Contents of our emergency kit, much of which is held in this backpack in the first floor closet of our home.

Thursday, May 16, 2013

Can the center hold?

Top of Freedom Tower lifted into place at One World Trade Center.

We published our May issue of ASA News & Notes last Monday, after I spent a good part of the weekend considering how to handle the topic I'd selected.  Writers work in different ways, but I spend more time thinking about what shape my writing topic will take than on the actual writing, once I have worked it out in my mind.

In reviewing numerous research findings on terrorism, including academic papers on what correlations could be made about terrorists, I found that distinctions between mass murderers and terrorists are fairly straightforward, but that how terrorists who operate as "lone wolfs" become radicalized is not so clear.  What is clear is that such persons consider themselves as agents operating for the greater political (and often religious) good, and that they can do tremendous damage to people, facilities and to the human spirit.

Poetry has been a trusted companion all these years, and it often becomes part of my research. After World War I, William Butler Yeats wrote a poem called "The Second Coming," calling up all the melancholia and instincts for good that obtain once some form of resolution follows terrible death and destruction.  Here is the first part of the poem, which surely affected what I wrote about terrorism.

"Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere anarchy is loosed upon the world,
The blood-dimmed tide is loosed, and everywhere
The ceremony of innocence is drowned;
The best lack all conviction, while the worst
Are full of passionate intensity.
Surely some revelation is at hand;
Surely the Second Coming is at hand."

I would not want to suggest that the Department of Homeland Security (DHS) is the "rough beast" hunching toward Bethlehem that Yeats goes on to describe in the next stanza of his poem, but the recommendation I made in the column was directed at DHS -- to move much more quickly to streamline its intelligence gathering services and clean up its databases; and to adapt sophisticated technology it uses to target terrorists to accomplish these two pieces of work.  Simply lumping 22 agencies under this department has not done the trick, and refinement of the strategy and tools is in order at this time.

If we do not get this work done, then we will be out of time and the center will not hold.  We will see more actions by lone wolfs as well as hostile nation states.  On this soil, not just in the Mideast. 

What can you do?  I would say the single practice you could learn would be to become more situationally aware.  It's very hard to do in a consistent fashion -- rather like saying to someone "do learn yoga and you will be calmer."  A couple of situational awareness practices: when you enter a large building, a movie theater (for instance) or a public event, note in passing where the exits are in case you need them.  Keep your eyes open for suspicious, unattended packages or backpacks or bags.  And, in the words of the New York Police Department campaign, "If you see something, say something."

Tuesday, May 7, 2013

Two way question: Are you a good fit?

I was charmed yesterday when I was introduced as the owner of a "boutique operational risk firm based in Seattle."  During an informal discussion period, when I was asked what sized company we might consult with, I realized several things simultaneously.

First, the term "critical infrastructure" does not have much meaning to most companies, so only very large companies know whether or not they are part of "our nation's critical infrastructure."  Our May internal challenge is to find a better description than "critical infrastructure" for the clients we can serve. 

Second, most companies are so busy trying to steer through unprecedented economic pressures of the last five years that the last thing they need -- at least as they see it initially -- is to have to manage a consultant on top of  fragile internal projects and employee anxiety and/or dissatisfaction .

My firm tends to have only as many clients as we can handle at any given time.  If we think you'd find a better fit elsewhere, we'll refer you to another company.  We're not trying to set up long term contracts that stretch out our services.  Instead, we're interested in helping companies find and fix their problem areas.  To do this, we use both our expertise and our analytical research strengths  We've laid out some of the types of situation that might bring you to our doorstep on our website.  In that same section of the website, you can find some frequently asked questions.

I filed ASA's articles of incorporation in May of 2009.  As we move into our fifth year of business we have refined some of our services, but the commitment to the client remains the same:  confidentiality and a customized approach to the program gaps we identify.  If you take us on, we take your institution on.   We become your "neutral third eye," with no particular stake in the ground.  We don't sell hardware or software.  We provide assessments with roadmaps your team can follow.  We do offer recommendations on best practices your teams might adopt. 

And we're here if you need our help again at any time.

Thursday, May 2, 2013

Take it to the next level

When we first designed the website for Annie Searle & Associates LLC, we architected our products and services at the same time.  In other words, we determined just what work we would do and how we would do it.  As part of that effort, after a long conversation with  Kevin Desouza, I set up two sides to the business.  The first is ASA Risk Consultants, where we do work for clients that ranges from executive coaching around business risk, to redesign or rework of existing security or business continuity plans.  The other is the ASA Institute for Research and Innovation, where we determined early on that we would publish research notes or papers that focused on a wide range of operational risks.  At no charge. And available to anyone who wanted to read them.
From that initial vision came ASA News & Notes, our monthly newsletter that introduces new research notes, covers upcoming events of interest to risk professionals, and includes my own monthly column, usually a rumination on a current risk-related issue.  It ships around the globe, to roughly 700 subscribers every month.  I get notes back from readers every month, but none pleased me more than this one: "Say, Annie, I just thought I should say “Well done!” with your consistent newsletters and research notes. Many people intend to produce such things but few actually do, and so consistently. So: Well done!"

Though we've gathered research notes into volumes once we hit a certain level of critical mass, you can still find the original pieces on our website at no cost.

This commitment to the open expression of ideas has other manifestations as well.  I teach regularly as an affiliate faculty member at the University of Washington.  And  I support literacy  through my work at the Seattle Public Library Foundation board.

I also do the kind of work that falls to the research and teaching side of the equation because it feeds my own desire to take it to the next level.  When I was asked earlier this week if I was concerned about others copying my approach or my ideas, I had to laugh.   Who said "imitation is the sincerest form of flattery?"

Of course the academic in me wants to remind emulators to credit me when appropriate, especially if excerpting or patterning from my copyright work. Meanwhile, I'll just keep putting work out there.  I have two large writing projects with upcoming deadlines.  The first is a second edition of Advice From A Risk Detective.  I think I've mentioned here before that it includes a new chapter to deal with personal risk at school, as well as a number of other additions and updates since first published in 2011.  The other is a second volume of Reflections on Risk, for which I'm writing a forward and head notes on each of the 25 or so research notes, all written by ASA research associates or by students in my UW courses.

As we begin our fifth year of operation later this month, I'll keep setting the bar higher for myself.   That's how it's possible to take it to the next level.