Page 1
1
Introduction
Crises, whether natural disasters such as hurricanes or earthquakes, or human-made disasters, such as terrorist attacks, are events with dramatic, sometimes catastrophic impact. Natural disasters in the United States and its territories were recently estimated as having taken a toll of roughly 6,000 lives between 1975 and 1994, and catastrophic natural disasters have caused dollar losses of about $500 billion during the past two decades, with frequent periods since 1989 when losses averaged about $1 billion per week.1 A single hurricane, Mitch, killed more than 11,000 people and destroyed a substantial portion of the infrastructure in several Central American countries in November 1998.
Crisis managementan activity encompassing the immediate response to such events, recovery efforts, and mitigation and preparedness efforts to reduce the impact of future crisespresents problems of large scale and high complexity (measurable in numbers of people and amount and diversity of data, databases, and applications), unpredictable nature of the local infrastructure and other capabilities, and urgency. Crisis management is an activity in which government plays a key role and in which a broad range of players at all levels of government are involved.
As part of a broader study exploring how information technology
1Denis S. Mileti. 1999. Disasters by Design: A Reassessment of Natural Hazards in the United States. An activity of the International Decade for Natural Disaster Reduction. Joseph Henry Press, Washington, D.C.
Page 2
research can enable improved and new government services, operations, and interactions with citizens, the Computer Science and Telecommunications Board's (CSTB's) Committee on Computing and Communications Research to Enable Better Use of Information Technology in Government organized a workshop focused on crisis management (Appendix A). This workshop, on which this summary is based, explored how information technology (IT) research can contribute to more effective crisis management.
What Is Crisis Management?
Crises are extreme events that cause significant disruption and put lives and property at risksituations distinct from ''business as usual." The first panel of the six that made presentations at the workshop described a number of different crisis scenarios, covering a scope and scale ranging from localized effects of flash flooding to the regionwide impact of earthquakes and hurricanes to the impacts in cyberspace posed by Y2K computer bugs.2 These case studies, which included both natural disasters and human-made disasters such as nuclear accidents and the effects of a terrorist bombing, provide a sense of the sorts of challenges faced in the crisis management community, as well as a concrete context for the IT-focused discussions that follow. The reader who is unfamiliar with such disaster scenarios may wish to read the case study overviews in Appendix B, which are based on the experiences of crisis managers who participated in the workshop.
As used in this report, the term "crisis management" encompasses activities ranging from the immediate response to mitigation and preparedness efforts that are aimed at reducing the impact of future events and take place over a longer time period.3 The following four, commonly described phases of crisis management are referred to throughout this report:
2The workshop from which this report stems focused largely on civilian crisis management, and most of the examples are related to natural disasters as opposed to such threats as the use of weapons of mass destruction by terrorists. However, the essential nature of crisis response in all these cases is not dissimilar. Many of the requirements established by the urgent, disruptive nature of both and the research opportunities discussed in this report are generally applicable to both.
3Two notes on usage. The term "crisis management" is sometimes used to refer only to the response phase and not to other elements of coping with crises such as mitigation efforts to reduce the impact of disasters in the future. Also, in some contexts a distinction is made between "crisis management" and "consequence management." This distinction has been made in a series of presidential decision directives and in the recently added terrorism
(footnote continued on the next page)
Page 3
• Crisis response is dedicated to the immediate protection of life and property. It requires urgent action and the coordinated application of resources, facilities, and efforts beyond those regularly available to handle routine problems. The response phase includes action taken before the actual crisis event (e.g., when a hurricane warning is received), in response to the immediate impact of a crisis, and as sustained effort during the course of the emergency. Actions taken during the buildup of a crisis situation are designed to increase an organization's ability to respond effectively and might include briefing government officials, reviewing plans, preparing information for release to the public, updating lists of resources, and testing warning and communications systems.4 Preimpact warning systems may be activated, resources mobilized, emergency operations centers activated, emergency instructions issued to the public, and evacuation begun. The emphasis is on saving lives, controlling the situation, and minimizing the effects of the disaster.
Crisis response includes the logistics of getting medical care, food, water, shelter, and rescue teams to the scene. Regional, state, and federal resources may be provided to assist with helping those affected and reducing secondary damage, and response support facilities may be established.
Eventually, in the aftermath, crisis response becomes a more routine operation and the challenge shifts from the need to get information quickly and comprehensivelybut not necessarily entirely accuratelyto an emphasis on process, accuracy, and accountability with systems called on to work more in a production mode. For example, activities following the Exxon Valdez disaster ultimately became what might be termed the world's largest rock-washing operation.
• Recovery encompasses both short-term activity intended to return
(footnote continued from the previous page)
annex to the Federal Response Plan, the document that lays out federal agency responsibilities for responding to a crisis (Federal Emergency Management Agency (FEMA). April 1999. Federal Response Plan. FEMA-9230.1 PL, FEMA, Washington, D.C., available online at <http://www.fema.gov/r-n-r/frp>). There, "crisis management" is used to refer to the predominantly law enforcement responsibilities to "prevent, preempt, and terminate threats or acts of terrorism and apprehend and prosecute the perpetrators" whereas "consequence management" refers to measures to protect health and safety, restore services, and provide emergency relief to those affected. For the purposes of this report, the term "crisis management" is understood to encompass the full range of responses to a crisis, but the report does not specifically address requirements unique to law enforcement activities.
4Some of this discussion is adapted from Office of Emergency Services Planning Section. May 1998. California Emergency Plan. Planning Section, Governor's Office of Emergency Services, State of California. Available online from the State of California Governor's Office of Emergency Services Web site at <http://www.oes.ca.gov>.
Page 4
vital life-support systems to operation and longer-term activities designed to return infrastructure systems to predisaster conditions. This process is much slower than response, involves administrative work, and is subject to regulations of many kinds (e.g., building codes). Much of this work takes place in an office and requires an appropriate set of tools and supporting network (voice and data) capabilities.
• Mitigation, now recognized as the foundation of successful crisis management,5 is the ongoing effort to reduce the impact of disasters on people and property. Mitigation includes steps such as keeping homes from being constructed in known floodplains, proper engineering of bridges to withstand earthquakes, strengthening crisis service facilities such as fire stations and hospitals, and establishing effective building codes to protect property from hurricanes. Mitigation can be a slow, time-consuming processorganizing a community buyout of homes in a threatened area (e.g., in a floodplain) can take many years, for example, because of the politics and the myriad players. The process is administratively intensive and involves countless situation- and location-specific detailsa circumstance in which the use of computer systems clearly applies. Predictive models are also an important tool in mitigation efforts. Elevation data combined with hydrological models, for example, permit prediction of areas likely to be affected by riverbed flood. Ground-shaking-intensity modeling allows prediction of the impacts of earthquakes on sites for storage of hazardous materials.
• Preparedness covers a range of activities taken in advance of a crisis. It includes day-to-day training and exercises as part of increased readiness, as well as development and revision of plans to guide crisis response and to increase available resources. Preparedness is enhanced by training crisis responders who may be called into action in the event of an emergency. Information technology contributes to a variety of preparedness efforts. For instance, the software tool HAZUS, a product developed by the National Institute for Building Sciences in cooperation with the Federal Emergency Management Agency (FEMA), simulates a postulated earthquake and provides a map-based analysis of casualties, infrastructure and building damage, and dollar losses expected. Another dimension of preparedness is the development, improvement, and testing of information and communication resources required for all phases of crisis management. Systems for remote sensing (Box 1.1) are identified and developed, and the use of information technology tools is practiced, including how to integrate the multiple information resources that are likely to be needed in a crisis.
5See, e.g., Dennis S. Mileti. 1999. Disasters by Design. Joseph Henry Press, Washington, D.C.
Page 5
|
The Response Phase: Difficult Challenges for Information Technology
Crisis response is characterized by the generation and distribution of large amounts of unstructured, multimedia data that must be acquired, processed, integrated, and disseminated in real time. As such, this phase poses many of the most difficult information technology challenges in crisis management and is the context for much of the discussion in this report.
The incident command system, a model commonly used to describe the functions required for command, control, and coordination of the response to a crisis, illustrates the range of activities undertaken as part of crisis response.6 The incident commander provides overall command and control for the response effort. Additional command functions, typically carried out by command staff, include disseminating information to media, coordinating with other agencies participating in the response, and ensuring the safety of crisis responders. The incident commander is supported by general staff sections that provide the following functions:7
6See, e.g., Emergency Management Institute. 1998. Incident Command System. Independent Study Course IS-195. Emergency Management Institute, Federal Emergency Management Agency, Emmitsburg, Md.
7Exercise of military command requires a similar set of functions, and an analogous standard framework is used. A task force will typically have divisions responsible for person-
(footnote continued on the next page)
Page 6
• Planning and intelligencecollection, evaluation, processing, and dissemination of information on situation and resources; documentation of the incident and the response to it;
• Operationsdirection and coordination of response operations;
• Logisticsmanagement of facilities, services, and material needed to support responders; and
• Finance and administrationtracking of incident costs and reimbursement accounting.
Information Technology Users in Crises
Crises touch many people, ranging from the crisis responders who try to reduce the loss of life and property to those in the affected communities who rely on warnings and other information to inform their own, individual responses. Because of the central role of information and communications for each group, information technology research challenges arise when considering how to improve crisis management from the perspective of each group of users.
Citizens
Information technology aimed at citizens is becoming an increasingly important tool for crisis management. Expanding access to tools such as the Internet and cell phones provides new possibilities for informing and interacting with citizens affected directly by a crisis, as well as for supporting crisis responders. At the same time, however, citizens have become much more dependent on complex infrastructure services (e.g., cash machines and other electronic commerce) whose advent has also increased expectations for speed and ease of access to relief funds. Tele-registration is an example of a technology aimed at improving the services provided to citizens following a disaster (Box 1.2).
Crisis Responders
Crisis response requires effective delivery to and use of information by many different actors. These crisis responders might be in an incident command post, orchestrating efforts to respond to a disaster, or located in
(footnote continued from the previous page)
nel; intelligence; operations; logistics; plans and policy; and command, control, communications, and computer systems. See, e.g., Joint Chiefs of Staff (JCS). 1995. Unified Action Armed Forces (Joint Pub 0–2). JCS, Department of Defense, Washington, D.C., p. IV–13. Available online at <http://www.dtic.mil/doctrine/jel/new_pubs/jp0_2.pdf>.
Page 7
|
the field, requiring situational information about the disaster itself as well as about their own location and that of other field responders. Common to all crisis responders is the dynamic, stressful nature of the situation and the potential for information overload. Many will have to integrate information from a wide range of sources and be able to coordinate activities among a potentially large, diverse set of individuals and organizations.
Government and Other Crisis Management Organizations
Government at all levels may be involved in responding to a crisis, with counties, cities, and towns providing the primary response to most emergencies. Thus a major objective is providing these jurisdictions with the resources to meet their disaster needs and maintain continuity of government. During the threat of, or in the midst of actual disaster conditions, local authorities must put emergency response plans into immediate operation and take actions required to cope with disaster situations. Special districts (e.g., for fire protection) also play an important role in emergency preparedness and response.
State emergency management offices provide planning, coordinating response and recovery, mitigation, and training. They are responsible for coordinating the provision of mutual aid and the allocation of essential supplies and resources; receiving and disseminating emergency alerts
Page 8
and warnings; monitoring and prioritizing resource requests in coordination with federal disaster operations; and, in conjunction with the federal government, directing and coordinating recovery programs to mitigate future disasters and to recover disaster costs. Other state agencies also play a role in crisis management, cooperating as appropriate with state emergency management officials, each other, and other political subdivisions to prepare for, respond to, and mitigate the effects of an emergency.
At the federal level, overall responsibility for most emergency preparedness and operational activities is assigned to FEMA.8 To manage its activities, FEMA has recently put a new information technology tool, the National Emergency Management Information System (NEMIS), into production (Box 1.3). Assignments for other federal agencies, based on their regular functions and capabilities in areas ranging from transportation to health and medical service, are detailed in the Federal Response Plan.9 Federal emergency management activities include administering of natural disaster relief programs and responding to technological and other emergencies requiring federal assistance. Initial requests for federal assistance are normally coordinated with FEMA by state officials unless other, more specific procedures are agreed on and contained in mutually approved contingency plans.
Nongovernmental organizations also play a significant role in crisis response. The American Red Cross, also a signatory to the Federal Response Plan, provides disaster relief to individuals and families, as well as emergency mass care in coordination with government and private agencies. Other volunteer agencies, such as the Salvation Army, provide important services and resources. Following a disaster, these organizations continue to provide services for their constituents, as well as for the governmental agencies that have need of their unique services. Frequently, these organizations are preidentified through statewide information and referral networks and are trained to maximize their efficiency and ability to be integrated into response-and-relief efforts.
8A newly issued annex to the Federal Response Plan (Federal Emergency Management Agency (FEMA). April 1999. Federal Response Plan. FEMA-9230.1 PL, FEMA, Washington, D.C., available online at <http://www.fema.gov/r-n-r/frp>) on terrorism gives responsibility for crisis management, which has a significant law enforcement component for this sort of crisis, to the Department of Justice and responsibility for consequence management, that is, coping with the effects of attacks, to FEMA.
9The Federal Response Plan (Federal Emergency Management Agency (FEMA). April 1999. Federal Response Plan. FEMA-9230.1 PL, FEMA, Washington, D.C., available online at <http://www.fema.gov/r-n-r/frp>) is the master document describing the federal government's plans for providing assistance to states in dealing with significant disasters, including planning assumptions, policies, and specific assignments of responsibility to federal departments and agencies in providing assistance.
Page 9
|
Business
Businesses also play an important role in crisis response, due to both self-interest and the significant resources they can bring to bear. Business and industry leaders recognize that mitigation and preparedness measures can make a difference in terms of a company surviving a disaster, a significant positive outcome for a community that depends on its ser-
Page 10
vices. For example, because of the critical role of infrastructures such as gas, electric, telecommunications (including wireless), water, waste-water, and petroleum pipeline industries, the participation and effective coordination of emergency responses with utilities is critical. Emergency planning assists not only businesses but also the community at large by clearly articulating decision-making authority and identifying successors; identifying actions necessary to protect company property and records during disasters; and providing such things as a listing of critical products and services, contacts with local emergency management officials, and methods to provide and accept goods and services from other companies during a crisis situation. (These issues are discussed in the context of electronic commerce in Chapter 3.)
Information Technology Challenges and Opportunities in Crisis Management
Previous Study
All phases of crisis managementresponse, recovery, mitigation, planning, and preparednessare information- and communication-intensive efforts that impose demanding requirements on underlying information technologies. Indeed, based on an earlier series of workshops involving computing and communications researchers and crisis management professionals, a previous CSTB committee concluded that preparing for and responding to crises pose demands that cannot be readily satisfied with existing information technology tools, products, and services. Their report, Computing and Communications in the Extreme (National Academy Press, Washington, D.C., 1996), identified opportunities for incremental and more radical innovation in several areas, such as communications (requirements for communications networks extending from hand-held radios and the public telephone network to high-speed digital networks for voice, video, and data); information processing and management technologies (support for resource discovery, dealing with uncertainty, modeling and simulation, and multimedia fusion and integration of information); and technologies to support the instant bureaucracies that form and must collaborate in managing a given crisis (including support in stressful contexts and to meet needs for ease of use, ease of learning, adaptability, and judgment in decision making) (see Appendix C).
Page 11
This Workshop Report
This workshop report builds on that earlier experience and can be distinguished from it in several ways. Since the mid-1990s, some aspects of the information technology base available for crisis management have changed. The leading example is the Internet, which in the past several years has become a pervasive element of the communications infrastructure that is being used in all aspects of crisis management, providing at least part of the means for information exchange between organizations and for individualized interactions with citizens, just as it does throughout government and society at large. More generally, citizens and crisis responders alike with access to computers and the Internet are more likely to make regular use of networked information resources. Another change, spurred by the rapid emergence of the Internet, has been the rapid growth of electronic commerce, which presents both new challenges and new opportunities for crisis management.
Moreover, the context of this inquiry differs from that for the earlier effort. This workshop report summarizes the first phase of a study that is examining the application of information technology research across government. An effort thus has been made to explore a range of crisis management activities, including some that have analogues elsewhere in government, such as how government and individual citizens, or government and business, interact. Also, the overall study of which this workshop report is a part more strongly emphasizes the process by which the IT research community can collaborate with the crisis management community and by which IT innovation can be translated into improvements in the technologies and systems used in government.
Experience has shown that research and application communities both potentially benefit from interaction. The introduction of new IT frequently enables organizations not only to optimize the delivery of existing capabilities but also to deliver entirely new capabilities. That is, advances in information technology research represent opportunities not only for increased efficiency but also for a change in the way government works, including the delivery of new kinds of services and new ways of interacting with citizens. Collaboration with government agencies also represents a significant opportunity for IT researchers. Government in general, and crisis management in particular, provides a set of real, frequently large-scale application domains in which to test new ideasapplications that have texture, richness, and veracity that are not available in laboratory studies.
Page 12
A first step in such interactions is the discussion of needs and the identification of opportunities. Chapter 3 of this workshop report explores a number of research topics that emerged during the discussions summarized hereopportunities that were identified as addressing the demanding requirements of crisis management and presenting interesting research problems in their own right. In addition to yielding these specific opportunities, the discussions resulted in another outcome: an increased recognition of the potential of such interaction. Indeed, both crisis management professionals and IT researchers who had expressed some initial skepticism about the benefits of such research indicated after the workshop that the discussions had increased their awareness of the interesting challenges and possible opportunities offered by the conduct of IT research for crisis management.
The development of a comprehensive set of specific requirements or a full, prioritized research agenda is, of course, beyond the scope of a single workshop, and this report does not presume to do either. Nor is it an effort aimed at identifying immediate solutions (or ways of funding and deploying them). Rather, it examines opportunities for engaging the information technology research and crisis management communities in longer-term research activities of mutual interest and illustrates substantive and process issues relating to collaboration between them.