Well, now that Hurricane Katrina has blown away and former FEMA director Michael Brown isn't even a joke for late-night comedians any more, it's time to look at how we- as a society and as an infrastructure- handle the next disaster.
A disaster that could come from avian pathogen, terrorist pathogen, another hurricane, or a plot currently being planned in Peshawar, Pakistan or Ponca City, Oklahoma.
We have to ask: Has government's ability to deal with mass crises such as 9/11 improved with the introduction of more sophisticated technology and the establishment of the Department of Homeland Security?
With the recent debacle of uncoordinated Hurricane Katrina-related assistance response among various government agencies still fresh in our minds, it has become painfully obvious that buying government agencies better radios or more BlackBerrys is not the solution. Especially if it takes a year or 18 months for those solutions to go thru the cumbersome RFP (Request for Proposal) procurement process.
I discussed the issue at length today in my future-looking Broadband blog for the technology site ZDNet. I will include elements of that post here- revising in places because I do understand lots of you are not technologists who would understand all the buzz-phrases.
Lots of folks understand that emergency crisis responsiveness on the national, regional and local level is barely passable, if that.
Back in 2002, Portland-based tech entrepreneur Charles Jennings came to this view. After a lunch with City of Portland director of emergency communications Carl Simpson, Jennings organized several large public meetings to see what the local private sector tech community thought of various solutions. Those meetings eventually led to Jennings founding a nonprofit technology consortium called the Regional Alliances for Network and Information Security (RAINS).
Engineers working for Jennings then became aware of Common Alerting Protocol, a type of technology standard able to facilitate emergency communications between various public sector agencies. They enhanced the CAP standard with messaging, mapping and security features. Jennings then-new company, Swan Island Networks, then began to license the package to area public safety agencies under the name of Connect & Protect.
Three years on, Connect & Protect is not only deployed by emergency response agencies, but by private security firms and schools. This way, for example, a teacher out with a class on a field trip to a local park could receive an automated alert on her BlackBerry if a shootout breaks out down the street from where the pupils under her charge happen to be.
With considerable success getting private and public sector buy-in to C&P and RAINS, Jennings envisions that C&P could become a national, broadband wireless-delivered alert coordination system for emergency situations. In fact, an article entitled Reinventing 911 in the forthcoming December, 2005 issue of Wired magazine (which should be online next week) provides a close-up of Jennings, his accomplishments, and his vision.
Like me, Jennings is a Portlander. I recently sent him an email, inviting him to further detail his vision of how Connect & Protect could be used nationwide. The text of that interview - which first ran on ZDNet- follows.
Russell Shaw: Why, more than four years after 9/11, are there still endemic threat dissemination and response strategy glitches- all the way from DHS and FEMA down to local first-responder and law enforcement agencies? Is there some sort of overarching systemic problem here, or are the breakdowns too agency-specific to generalize? Outdated computers, poor distribution, stovepiped systems, RFP red tape, etc?
Charles Jennings: The central problem with emergency response is that we still rely too much on government to do it. There is no "Big Brother" ready and equipped to save us. As the Wired story points out, what we have developed is a system that redefines the concept of "Emergency Response Agency" - from simply government to something much broader that includes hospitals, schools, building owners, private security firms, and so on.
The dirty little secret about emergency responders is that there simply are not enough of them to manage extreme disasters. Given that fact, if you are on your own in an emergency, and are called upon to make life-saving decisions, you would hope to have the best possible set of facts available to you to make that decision. We help provide the basis for such a decision.
Shaw: Nationally, as well as on the local level "911" is seen as a front line defense against all sorts of threats. What's your current assessment of the efficacy of our "911" infrastructure?
Jennings: 911 systems are designed to handle routine emergencies, not extreme ones. In San Diego during the wildfires, in New York after 9/11, in Louisiana after Katrina, 911 systems all failed. By extending the function and reach of 911 systems to include an Internet-based communications platform, they can become more survivable, and more effective.
Shaw: Three or four years ago, now-former White House terrorism adviser Richard Clarke was telling anyone who would listen that throughout the U.S., first-responder agencies were not set up to talk to each other during a crisis. It's now more than three years on. Has the situation improved? If yes, how and by how much? If not, why, and what needs to be done?
Jennings: It's been four years since 9/11, and the issues of non-interoperability and an inability to share meaningful information are still with us. Government must move beyond reliance on proprietary, customized systems that fail to keep pace with emerging technology, and start outsourcing much more to private sector innovators who fully leverage highly distributed commercial systems.
Shaw: What constructive opportunities do these shortcomings present?
Jennings: The extreme disasters of the past year present a unique opportunity to remake the emergency response landscape. But if new programs continue to rely exclusively on government resources, and highly proprietary government IT "stovepipes," we will make very little real progress.
Shaw: In the same vein, what would be the best strategies for private enterprise initiatives to take advantage of their nimbleness that per the last question red-tape government doesn't have to help with these issues- while at the same time, engaging and even embracing key elements of government infrastructure at all levels?
Jennings: What private sector initiatives can do are 1) solve real problems, using the same techniques tat are used in enterprise and other commercial markets- and, 2) join together with like-minded companies in alliances like RAINS. Government has a bias against single vendor initiatives. By joining coalitions, private companies can become much more politically palatable to government.
Shaw: OK, whether it is a string of fires set during an evening's mayhem, a chemical spill, bird flu rumors, an intercepted Al-Queda message, or whatever, there are probably countless millions of threat related data points churned out each day or week. What can information security technology- including dissemination technology, do to unite these threat data points into actionable information?
Jennings: A lot. What we do is integrate all manner of emergency alerts into a common framework: tsunami warnings, severe weather, 911 emergency data, Amber Alerts, etc. All these incidents are aggregated and displayed in a geospatial display- i.e., they are represented on a map. This provides an up-to-the-minute display of a current "operating picture" so that all the various factors at work in an emergency can be viewed at once.
Shaw: Threat and emergency info, and networks that distribute them, must be distributable in order to be of benefit. But distribution methodologies are changing, even as we speak. We have wider use of BlackBerry, IP-enabled mobile telephony and data networks and devices, VoIP (with its current E911 dialing restrictions) Wi-Fi, WiMAX, mesh networks, etc. A skeptic might look at all this and say that all these public service agencies are still using stovepipe data collection and threat dissemination technologies from 20 years ago, but the technologies for broadcasting and receiving this data are very cutting edge. Insofar as these cutting edge communications networks and devices, do we run a risk of running even further ahead of first-responder agencies that are still stuck with old equipment? In other words, even if they are catching up, is all this new stuff- WiMAX, Wi-Fi ,IP, etc., making it harder for them to catch up? If yes, what can private partnerships do to help?
Jennings: Government is wasting huge amounts of money by not using cutting edge dissemination technologies. VoIP can replace radio; distributed Web services environments can replace proprietary stovepipes; BlackBerrys and WiMAX can extend the reach of alerting systems. The importance of what we have done with Connect & Protect is that we have leverage cutting edge IP systems and applied them at very low cost to the realm of emergency management.
This is the only model I know of for moving us out of the dysfunctional situation we find ourselves in today. The stakes are high- many lives are at stake.
Shaw: Finally, a bit about Connect & Protect. What's your 15-second "elevator pitch?" Kind of like the "two minute airline seat" pitch...
Jennings: The key to helping everyone involved in an emergency make better decisions is to give them the best possible picture of what's going on. That requires that government agencies as well as private companies start sharing what they know much more than ever before. Connect & Protect has great value within Oregon, the region we serve. A much more powerful model would be a nation of Connect & Protect systems, all inter-linked via CAP protocols.
I'm not one to reflexively diss goverment-provided solutions, but it does sound to me that Jennings makes some crucial points about how private-sector nimbleness can merge with government provided scalability to develop the emergency response solutions we need.