Lieberman & Thompson Urge PS-Prep Is a Necessity, Not a Luxury

June 5, 2010

With so much in the news surrounding British Petroleum (BP)’s difficulties and inabilities –for now nearly thirty (30) days — to cap its gushing oil well nearly a mile below sea level, a strong message of the need for more preparedness or readiness (or perhaps the lack of preparedness and/or readiness) is being raised across the U.S. and we believe that growing level of awareness in the U.S. can and should focus more attention again on PS-Prep — the voluntary program to help private sector companies develop preparedness, resiliency, response, recovery, and business continuity plans.

On Thursday June 3, Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and House Homeland Security Committee Chairman Bennie Thompson, D-Miss., co-wrote a letter to DHS Secretary Janet Napolitano noting that the PS-Prep program still has not been launched – even though that was a requirement coming from legislation passed by Congress almost three years ago.

The essence of the letter was that Lieberman and Thompson both urged the Department of Homeland Security to step up its implementation of PS-Prep.

Another strong message in the letter stressed that “private sector preparedness is a necessity not a luxury” – given that the private sector owns nearly eighty-five (85%) per cent of critical infrastructure in the U.S.

To read more about the message that Lieberman and Thompson sent to DHS’s Napolitano, we offer the full content of the letter reproduced below –

June 3, 2010

The Honorable Janet Napolitano
Secretary
Department of Homeland Security
Washington, DC 20528

Dear Secretary Napolitano:

We are writing to urge you to accelerate the Department of Homeland Security’s (DHS) launch of the voluntary private sector preparedness accreditation and certification program, commonly referred to as PS-Prep, required by Section 901 of the Implementing Recommendations of the 9/11 Commission Act of 2007, P.L. 110-53 (hereon referred to as “the Act”).

The Act, which was signed into law nearly three years ago, required DHS to adopt one or more preparedness standards for the program and to implement the program not later than 210 days after enactment. Unfortunately, the previous Administration missed the statutory deadline for implementation and failed to widely promote the program. To date, the program still has neither been implemented, nor promoted, as required by the law.

The Executive Branch’s failure to implement the program is regrettable. Given that the private sector controls 85 percent of the critical infrastructure in the nation, private sector preparedness is a necessity, not a luxury. The National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission) found that the private sector remains largely unprepared for disasters, and the recent devastating oil spill in the Gulf of Mexico serves as a painful reminder of why preparedness is so important.

To address these preparedness vulnerabilities, Congress required DHS to establish the PS-Prep program to replace ad hoc and isolated preparedness measures with appropriate voluntary standards implemented through a structured approach. The program will also raise the visibility of the importance of private sector preparedness and provide a roadmap to preparedness, benefitting businesses that choose to participate and making America safer.

We appreciate that under your leadership DHS has published draft standards for public comment and engaged in 10 public information sessions. However, we remain concerned that the timeline for adopting final standards for PS-Prep continues to recede. This past winter, DHS officials told staff from both Committees that they intended to adopt final standards this spring, but DHS recently informed us that it would miss this deadline. Current expectations for implementation appear to be set for this autumn. Needless to say, every additional delay in implementation further violates the Act and means less security for our country.

While DHS has moved forward with the rulemaking process, we note that DHS leadership has not embarked on a campaign to fully engage the private sector in this voluntary program. The success of PS-Prep will depend upon the active participation of the business community.

The impact of future disasters on vulnerable cities and towns across the country would be significantly mitigated if businesses were armed with preparedness and recovery programs. Proper preparation leads to resilience and recovery. PS-Prep would serve as a helpful tool in preparing the private sector for all types of disasters. This valuable program should be quickly implemented.

We implore you to act promptly to implement this program and vigorously promote it within the private sector. We ask that, within the next 15 days, DHS provide a timeline for adopting standards for the program. Additionally, please provide your plan to conduct a campaign to promote the program, as well as a plan to implement the Act’s requirements for separate classifications and methods of certification for small business concerns. We look forward to continuing to partner with you on this important program. Thank you for your attention to this important issue.

Sincerely,

JOSEPH I. LIEBERMAN
Senate Committee on Homeland Security & Governmental Affairs

BENNIE G. THOMPSON
House Committee on Homeland Security

cc: The Honorable Craig Fugate, Administrator, Federal Emergency Management Agency

Please pass this important development along to the business continuity and risk management team members in your organization, and share your comments with our BC community of readers.

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Homeland Security Dpt, PS-Prep Program | Leave a Comment

Contingency Plan and Crisis Management Efforts by BP under Fire from DHS

May 19, 2010

As we have mentioned before in postings on this website, there are many lessons to be learned from this unfortunate oil spill in the Gulf of Mexico.

It is important for our readers and your organizational crisis management team members to find meaningful lessons from this tragic incident, and, to observe both the strengths and weaknesses in the emergency response plan now being implemented by BP. We do not believe that this means that your organization has to be part of the oil industry in order to find those meaningful lessons – nor does the learning process limit itself to only environmental compliance issues.

In this posting, we would like to focus on what we believe to be one of those lessons to be learned– i.e. be aware of the potential outcomes from writing a less than complete or realistic crisis management and emergency response plan for your organization, and, open your scope of considerations for potential company specific and relevant risk events that will affect both the business continuity plans for your organization, as well as, the potential relevant impact such an event will have on the community and environment surrounding that organization.

To that point we would like to point your attention to a recent article in USA Today, where Rick Jervis wrote that the 582-page document submittal from British Petroleum, (BP), titled “Regional Oil Spill Response Plan — Gulf of Mexico,” was approved in July by the federal Minerals Management Service (MMS). The report offers technical details on how to use chemical dispersants and provides instructions on what to say to the news media, but it does not mention how to react if a deep-water well spews oil uncontrollably. Read Richard Jervis’s article in full…..and remember to utilize some of the useful links in that article leading you to more timely information on this event.

Additionally, this emergency response plan prepared by BP mentions almost none of the techniques recently attempted by BP to contain the spewing well in that plan.

A statement that seems to sum the lack of readiness in BP’s emergency response plan comes from Representative Nick Rahall (D-West Virginia), chairman of the House Natural Resources Committee, which is investigating federal oversight of oil spills, where he said, “These oil spill response plans suffer from what I would consider a ‘failure of imagination”. It seems to me that there should be a Plan B, C and D in place before the accident occurs, not created in haste while millions of gallons of oil are spewing into the Gulf.”

Another aspect of BP’s plan that we would never want to be part of any of our reader’s organizational risk management plans has to do with a simple “cut and paste” methodology leading to a “boilerplate” approach to writing such plans for our own companies. Clearly there is risk in this approach, and while, there are some applications where you can justify similarities to the point that repeating certain language does make sense, it is much more obvious that you can become complacent with this “cut and paste” approach to the point of missing critical issues and response methodologies necessary to mitigate unforeseen events. BP’s emergency response plan seems to be a strong example of taking that risk.

Rick Steiner, a former University of Alaska marine scientist and an oil spill response consultant who has reviewed the plan, observes a similar “boilerplate” pattern in BP’s plan, where Mr. Steiner states, “Parts of the document read like boilerplate used by BP from region to region and underscores the energy company’s inability to adequately prepare for a major spill in deep water …”

And to further prove his point, and in a recent posting on the Homeland Security Newswire website, Mr. Steiner points out that in a section titled “Sensitive Biological & Human-Use Resources,”…. the plan lists “seals, sea otters and walruses” as animals that could be impacted by a Gulf of Mexico spill — even though no such animals live in the Gulf. Read more ….

In further response to BP’s disaster recovery and control efforts, the White House has already signaled an end is needed to the “cozy relationship” that federal regulatory agencies have seemingly created with BP. Perhaps another important lesson to be learned here as well – e.g. you never want your organization to be in such a situation where such negative attention is paid to your company. Read more….

Please pass this posting along to your enterprise risk management team members.

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Homeland Security Dpt, Regulatory Compliance | 5 Comments

International Disaster Preparation and Prevention Guide Provided by ASIS

March 2, 2010

As a response to some of our reader’s inquiries, and to offer assistance to the managers and members of business continuity and disaster preparation and prevention teams, we suggest that you become familiar with a disaster recovery preparation and planning guide that was released several years ago by the security specialists’ organization called ASIS. Even if you have to update some of its materials to a 2010 level, this guide is full of valuable BC, DR and security related information.

The guidelines, self-assessment questionnaires and general security and disaster recovery directed information can also be a great addition to an organization’s business continuity plan as well as a valuable reference resource for that organization’s BC and DR related reading library.

Some of the related information in this guide has been edited from materials provided by the American Red Cross and the Department of Homeland Security.

As stated in this guide, “With a little planning and a lot of common sense, we can all be better prepared to face the unknown”.

CLICK HERE to read the entire report.

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Homeland Security Dpt, Physical Security | 1 Comment

International Center for Enterprise Preparedness Offers PS-Prep Working Group Report Drafts

February 15, 2010

This website receives many inquiries asking for more information regarding the ongoing developments in the Department of Homeland Security’s PS-Prep program. And we would like to respond to that request.

To that point, one of the resources that we have overlooked in the past, and would like to make available to our business continuity, crisis and risk management team members and readership is the International Center for Enterprise Preparedness (InterCEP).

InterCEP is the world’s first major academic center (New York University) dedicated to private sector crisis management and business continuity.

At InterCEP, businesses and other private sector organizations set the initial mission of the Center and remain engaged on an ongoing basis in its evolution. The U.S. Department of Homeland Security (DHS) provided the core funding for this initiative to create a truly international resource for education and research in this vital area.

Post September 11th, businesses and other private sector organizations have increasingly acknowledged the need for organization-wide emergency management and business continuity programs. In the United States alone, this need has been validated well beyond the terrorist threat by recent events including devastating hurricanes in America’s southeast, the blackout of the Northeast, tornadoes throughout the Midwest and wildfires in the Southwest. Corporate preparedness can mitigate the impact of emergencies on both people and property.

All of these potential and real disasters support the need for an “all hazards” approach to emergency management and business continuity. Clearly, corporate preparedness can mitigate the impact of emergencies on both people and property, and, ultimately, preparedness, or the lack of it, can determine the ongoing viability of a firm.

Building on and incorporating InterCEP’s ongoing research on the business case for both resilience and enterprise risk management, five Working Groups of stakeholders were convened to each focus on a particular area of business benefit that could potentially be enhanced by the PS-Prep Certification Program.

The purpose of the proceedings conducted by these Working Groups, was to inform stakeholders in general, and, in particular, inform both the parties in the U.S. Department of Homeland Security (DHS), and, the designated accreditation body, ANAB, who have responsibilities for the design, development and implementation of the PS-Prep Program.

At this point in time, both DHS and ANAB have participated as observers in these Working Groups so that the insights from the Working Groups could inform actions on an ongoing basis.

The Working Groups focused their efforts on the following areas: Supply Chain Resilience, Legal Liability Mitigation, rationalized Business Reporting of Preparedness, Insurance acknowledgement and Rating Agency acknowledgement.

CLICK HERE to read the full report and findings from the Working Group for Supply Chain Resilience.

CLICK HERE to read the full report and findings from the Working Group for Legal Liability Mitigation and Resilience.

CLICK HERE to read the full report and findings from the Working Group for rationalized Business Reporting of Preparedness and Resilience.

CLICK HERE to read the full report and findings from the Working Group on Corporate Ratings and Resilience.

CLICK HERE to read the full report and findings from the Working Group on Insurance and Resilience

We recommend that both the InterCEP website, and, any or all chosen report(s), found to be most applicable to your business and organizational goals, be added to your list of educational resources on the topic of PS-Prep.

Please direct any comments regarding these reports to http://www.nyu.edu/intercep/about/

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Homeland Security Dpt, PS-Prep Program | Leave a Comment

Preparedness and Situational Awareness New Culture of Corporate Security Plans

February 10, 2010

In a recent article written by Leischen Stelter, and posted on the Security Director News website, a strong case was made whereby detecting terrorism activity is everyone’s responsibility. This is a message that our business continuity and preparedness teams need to stress and convey within the business continuity plans of their organizations, but, more importantly, to train employees and associates on how to look for and recognize suspicious persons and behaviors.

In this article, Larry Barrett, member of the DHS Office of Bombing Prevention, estimated that “…85% of the U.S. nation’s critical infrastructure is controlled by private corporations.”

Much of the message of this article also comes from the information provided in a recent workshop titled “The Private Sector Counterterrorism Awareness”, sponsored by the Department of Homeland Security (DHS) and hosted by the Maine Emergency Management Agency (MEMA).

Since it has been found that most private companies do not include the potential for terrorist attacks, secondary hazards, and entrapment devices into their business continuity and security risk management plans, we recommend reading this article to better understand if and how your organization must consider these risks before completing their plans.

CLICK HERE to read this article.

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Homeland Security Dpt, PS-Prep Program, Physical Security | Leave a Comment

DHS National Emergency Communications Goals Progress Report

February 4, 2010

One of our regular readers, Katie Stefanich, recently submitted an article and press release that she thought would be of interest to the Continuity Compliance community — we agree with her and would add that the report referenced below should become part of your organization’s library of information relating to your business continuity and crisis management activities.

“[After the] Con Agra building explosion, many agencies requested to respond, but not all agencies knew how to find or obtain a patch to the used radio channels.”

“First responders unable to coordinate with each other delayed services.”

These are just two of the emergency communications challenges faced by first responders captured in CDW Government, Inc.’s 2009 Emergency Communications Report.

Emergency communications improvement is imperative: Nearly 30 percent of public-safety communications professionals said they experienced a communications challenge in the last year that hampered a response effort, according to CDW-G’s survey of more than 200 state and local public-safety communications professionals.

In the report, CDW-G, a leading provider of technology solutions to governments, examines emergency communications progress and remaining gaps, and benchmarks progress toward meeting the goals of the Department of Homeland Security National Emergency Communications Plan (NECP), which set goals for demonstrating response-level emergency communications during routine and significant events involving multiple jurisdictions and agencies.

More than a year after publication of the NECP in July 2008, just half of U.S. public-safety communications professionals are familiar with the plan. Yet despite low awareness, CDW-G found that once public-safety communicators were briefed on the NECP goals, an overwhelming majority – 93 percent – said the NECP has the potential to address their communications issues – and that a majority will meet or expect to meet the NECP’s goals on time.

Please find the press release about CDW-G’s Emergency Communications Report below. For a copy of the full report or to discuss the findings with a CDW-G public-safety communications expert, please do not hesitate to contact Katie at kstefanich@okco.com .

CDW-G Report: Awareness of the DHS National Emergency Communications Plan (NECP) is Low,

but Its Promise is High

“Just half of public-safety communications professionals were familiar with the NECP, yet when briefed, almost all believe it could address their communications challenges.”

Vernon Hills, ILL – CDW Government, Inc. (CDW-G), a leading source of Information Technology (IT) solutions to governments and educators, today released its 2009 Emergency Communications Report: Awareness and Progress Toward the National Communication Plan.

The report benchmarks progress toward meeting the goals outlined in the Department of Homeland Security National Communications Plan (NECP) and identifies key challenges and highlights lessons learned.

While only half of public-safety communications professionals were familiar with the NECP prior to CDW-G’s survey, once briefed on its goals, an overwhelming majority – 93 percent – said the NECP has the potential to address their communications issues. Emergency communications improvement is imperative: 28 percent said they experienced a communications challenge in the last year that hampered a response effort, and 61 percent said the ability to achieve and sustain seamless communications across jurisdictions and agencies is their No. 1 challenge to providing timely and effective emergency services.

The NECP, which was published in 2008, recommends a multi-faceted approach to strengthening emergency communications capabilities nationwide, focusing on technology, coordination, governance, planning and training at all levels of government. It sets the following goals:

By 2010, 90 percent of all high-risk urban areas designated within the Urban Areas Security Initiative (UASI) are able to demonstrate response-level emergency communications within one hour for routine events involving multiple jurisdictions and agencies
By 2011, 75 percent of non-UASI jurisdictions are able to demonstrate response-level emergency communications within one hour for routine events involving multiple jurisdictions and agencies
By 2013, 75 percent of all jurisdictions are able to demonstrate response-level emergency communications within three hours, in the event of a significant incident as outlined in national planning scenarios

Despite low initial awareness of the NECP, public-safety communications professionals indicate the goals are achievable. Seventy-four percent said they will meet the 2013 target timeline for demonstrating response level emergency communications for significant incidents. Still, many agencies and jurisdictions do not have formal plans to meet the NECP goals. Just 46 percent of respondents familiar with the NECP said they have a written plan in place to meet the NECP goals.

“The NECP has the potential to address public-safety communications problems, but to be successful, all jurisdictions and agencies must embrace the NECP goals and work to achieve them,” said CDW-G Vice President Bob Kirby. “Every day, communities across the United States are affected by communications challenges – inability to communicate across agencies, across jurisdictions, during routine events and during significant incidents. Formal plans to meet the NECP goals, backed by training, cross-agency and cross-jurisdiction collaboration, and technology infrastructure, can speed emergency response and save lives.”

CDW-G’s national online survey, conducted during August 2009, collected responses from 210 state and local emergency communications professionals in 41 states. The margin of error for the total sample is ±6.76 percent at a 95 percent confidence level.

For a copy of the complete CDW-G Emergency Communications Report, please visit http://newsroom.cdwg.com/features/feature-10-26-09.html.

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Business Continuity Info, Homeland Security Dpt | Leave a Comment

First -Ever Quadrennial Homeland Security Review Report Now Available

February 2, 2010

The Department of Homeland Security (DHS) delivered the Quadrennial Homeland Security Review (QHSR) Report: A Strategic Framework for a Secure Homeland to Congress on February 1, 2010. The QHSR outlines the strategic framework to guide the activities of participants in homeland security toward a common end.

The QHSR is the beginning of a multi-step process. It offers a vision for a secure homeland, specifies key mission priorities, outlines goals for each of those mission areas, and lays the necessary groundwork for the subsequent steps. The next step, which is currently underway, is a bottom-up review of the Department which will align the programmatic activities and organizational structure of the Department with the strategic framework set out in the QHSR. The third and final step of this process will culminate in the Department’s fiscal year 2012 budget submission.

Many of our readers and the companies they work for, have been following this website’s coverage of the Department of Homeland Security’s PS-Prep program. This DHS report should be added to the reading list of your internal readiness and preparedness planning teams to assist their PS-Prep program activities.

Click here to see the entire report.

Click here to read an executive summary of the report.

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Homeland Security Dpt, PS-Prep Program | Leave a Comment

CyberSecurity Preparedness Resource in ChicagoFIRST

January 29, 2010

ChicagoFIRST is a non-profit association of private firms in the Chicagoland area that collaborates with one another and with government at all levels to promote the resilience of its members and the Chicago business community.

The ChicagoFIRST mission is to –

Increase the resilience of the Chicago land private sector in the event of an emergency, natural disaster, or terrorist event, in collaboration with the City of Chicago; the State of Illinois; and federal agencies, including the U.S. Departments of Treasury and Homeland Security, FEMA, FBI and Secret Service.
Improve the overall preparedness of employers and employees in the Chicago land area
Address the interdependencies among critical infrastructure within the Chicago land area, such as finance, insurance, banking, telecommunications, power, commercial facilities and water systems.

ChicagoFIRST has been addressing cyber security issues locally and nationally with recently completed exercises exploring these threats, as well as the private sector’s potential response to an attack.

As private sector business continuity and security programs continue to expand their focus on preparedness for and response to a cyber attack, ChicagoFIRST has been working with local and federal government officials to link the public and private sectors’ activities.

If your organization is in the Chicago land area, we recommend that your business continuity, disaster recovery and risk managers make note of this available resource for their crisis management and general preparedness requirements.

Click here to go to the ChicagoFIRST website.

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Cybersecurity, Homeland Security Dpt | Leave a Comment

Critical Infrastructure Resiliency Webinar Offering from DHS

December 21, 2009

One of the Critical Infrastructure and Key Resources (CIKR) Learning Series webinars, offered by the Department of Homeland Security (DHS), is available today, free of charge, and is recommended for all DHS private sector and government partners with responsibility risk, security, and emergency management functions.

The title of this free webinar is “Critical Infrastructure Resiliency: The Next Frontier in Homeland Security” and is being presented by Rand Beers, Under Secretary for National Protection and Programs Directorate at 4:15 – 5:15 PM (EST).

Under Secretary Beers will discuss the Infrastructure Protection mission and the important role of resiliency. He will address the complex interdependencies and important steps the Department of Homeland Security and its partners are taking to protect our nation’s critical infrastructure.

To register for this event please go to:

https://connect.hsin.gov/e33382319/event/registration.html

Share and Enjoy:

Posted by Continuity_Compliance | Filed Under Homeland Security Dpt | Leave a Comment

New DHS Resource Announced for Business Continuity Planning Groups

November 24, 2009

The Department of Homeland Security (DHS) recently launched a website that should be listed as a go-to source for all business continuity and disaster recovery planning groups.

This new site allows the public easy accessible information in securing the nation’s critical infrastructures and key resources (CIKR), plus links to tools and best practices for digital and physical infrastructure protection.

CIKR is comprised of eighteen (18) sectors including at least the following areas: food, water, manufacturing, energy, communications and transportation systems and emergency services.

Truly this information should be available to, and included as part of all, BC and DR organizational plans. This federal government unified approach that is coordinated by DHS will ensure protection and resiliency of CIKR through partnerships with thousands of public and private members.

Click here to go this new site and establish this link within your own company’s process compliance methodology make this a part of the input requirement for compliance controls of their BC and DR plans.

Share and Enjoy: