As many of my readers know, my hobby and interests revolve around the history of the Middle Ages. So it was a real treat to visit the Royal Armory in Madrid, one of the premier collections of armor and weapons in Europe. There were some amazing examples of the armor makers art and I spent quite some time examining them. There was just one thing a bit troubling - none of it (well, most of it) was real.
Now, I'm not knocking the Royal Armory. The exhibit is amazing and worth seeing. However, my interest is in munitions grade armor - the stuff you could fight in. On display were suits of parade armor and others designed for jousting, a very specific type of mock combat. This type of armor was never intended to be used in combat. Indeed, they would have offered some serious disadvantages to the fighter if they were so used.
So here's the question for you: is your emergency plan "munitions grade" of only for parade?
One of the problems I see when I assess emergency plans is that many of them are written for review by a higher authority. Like parade armor, they really won't work well when relied on in a crisis. The planners make the mistake of focusing on requirements rather than on reality, forgetting that, in many cases, the "requirements" are actually guidelines.
An effective plan starts with the needs of the organization and builds out, incorporating guidelines as necessary and using them as a means of quality control. It doesn't start with the guidelines and "filling the blanks".
The true purpose of medieval armor was to give a warrior an advantage in a crisis. It's the same for the emergency plan. If your plan looks good and meets all requirements but cannot be used in a crisis, it's like parade armor. It looks really good but it won't give you an edge in surviving a crisis.
During a recent visit to my brother-in-law in Ireland, I realized that I had left my book in the living room. It was late at night and the house was dark. As I entered the room I reached for where the light switch should have been. Nothing. I tried the other wall. Same result. Eventually, I gave up, stumbled around in the darkened room and found my book. It was only when I returned to my bedroom that I remembered that in many Irish and English houses light switches are outside the room entrance. (They also have switches on wall plugs, which add a whole new dimension to trying to recharge electronics.)
What's this got to do with ICS? We have an expectation that since we are all using the incident command system in the US that we should be able to seamlessly integrate mutual aid agencies. However, as Dr. Jessica Jensen has shown in her research on ICS, very few of us apply it in exacly the same way. However, we expect that everyone will respond in exactly the same way we do, just as I expected the light switch to be where it was supposed to be. We forget that different jurisdictions do things differently. It is these jurisdictional differences that can cause friction during a mutual aid response.
The answer to much of this is to do joint exercises. However, this is not always feasible, particularly if you're attempting to integrate Federal resources in a major disaster. In these events the role of the liaison officer becomes extremely important. Unfortunately, we do little training for liaison officers and focus mainly on using them as points of contact. Instead, give some thought to how the liaison officer can help identify and ease operational differences.
In a recent post I wrote about a young stowaway who managed to penetrate security at a California airport and somehow survived a flight to Honolulu in the aircraft wheel well. This prompted a message from my friend and colleague Jeff Whitman from Air Safety Group.Jeff is an expert on aviation safety and security and I thought his comments might be of interest to you:
I think of safety and security as the obnoxious twins. Both can be annoying and certainly require effort to manage. These siblings are nearly identical. The primary difference is security protects us from others, while safety protects us from ourselves.
You spoke of layers of defense in your recent blog. I break these layers into two high-level categories, avoidance barriers and recovery barriers.
I find people need help understanding how/where to apply their barriers.
Avoidance barriers need to be applied well upstream of the potential consequence. In simplest terms, avoidance barriers defend against the triggers that cause the undesirable operational states (UOS). Recovery barriers are how we minimize the effects of reaching the UOS, after the avoidance barriers fail.
In the example of the 15 year-old breaching airport security, the teen reaching the aircraft could be considered one of many UOS, the consequence in this case, was a stowaway. There are other consequences that could have been much worse!
In order to defend against the UOS, we need to understand the hazard components (triggers) that allowed the teen to reach the aircraft (UOS). In this case, one of the hazard components is unauthorized access to the ramp. In theory, a person with authorized access to the ramp could have also reached the same (or similar) UOS, so this analysis tree has growth potential.
Pop quiz: What is the hazard in this scenario?
This is a very important question, because without accurately identifying the hazard, the potential for reducing risk is limited, at best.
Continuing with the stowaway example, adding the fence is clearly an avoidance barrier. Unfortunately, it failed. Why?
This is where the recovery barriers should kick in and protect against the fact that we’ve reached the UOS. In this case, there were recovery barriers in place, (security cameras), but they failed too. Why?
The classification of hazards, triggers, UOS, and consequence may shift, depending on where the analyst sits in the business process. For example, the persons responsible for the fence may identify the UOS as unauthorized ramp access and the hazard component as fence height. Without dragging on too long, the hazard and risk analysis tree can get pretty complicated.