AN EMERGENCY DISCUSSION WITH RICHARD ANDREWS
Ranked among the world’s leading authorities on crisis and emergency management, Richard Andrews currently serves as the principal consultant on emergency management for the National Center for Crisis and Continuity Coordination (NC4). He is also a member of the President’s Homeland Security Advisory Council.
During a career spanning 20 years, Andrews has directed emergency response and recovery efforts for the California Office of Emergency Services, guided the development of the state’s Standardized Emergency Management System, and developed a counter-terrorism plan for California. Along the way, he managed California’s response to 19 national and 24 state disasters, including the Los Angeles riots, major earthquakes, deadly firestorms and statewide floods.
He has also assembled counter-terrorism plans for Iowa and West Virginia and consulted on terrorism policy and information technology with the National Governors Association.
In March of 2002, President Bush appointed Andrews to the President’s Homeland Security Advisory Council, which advises the President on Homeland security matters concerning state and local governments and the private sector.
At NC4, a division of the Candle Corp., Andrews has embarked on a new challenge: Building Web-based technology capable of coordinating the way government and private business respond to emergencies.
Recently, Andrews spoke with Government Security about this ambitious initiative.
GS: Government and business have collaborated for years about emergency response issues. What has been lacking in these efforts?
Andrews: There has never been a formal or systematic way for government and the private sector to interact day-to-day or even during a crisis. This issue came into focus during preparations for Y2K when there was a lot of interaction between business and government. It became obvious that the lack of formal systems posed potential problems. Many of our clients in the financial services community and other corporations with complex computer systems realized that while they were paying attention to their own systems, they were not sure what the government was doing, particularly the governmental entities in the communities where their businesses resided.
GS: What about the federal government’s Information Sharing and Analysis Centers on the Web. Don’t these centers enable public-private collaboration?
Andrews: These centers were set up to deal with critical infrastructure sectors such as water, power, telecommunications and financial services — which are 80 percent owned by the private sector. They included (Web-based) mechanisms through which these sectors could share information with others and with the government. They proved successful in some cases but not in others. In most instances, the information these centers carried was not timely. If you go to any of these (Web) sites, the information tends to be dated.
Then came Sept. 11. Candle Corp. has many clients in the financial services community in lower Manhattan. Many of these clients were affected directly or through the interruption in infrastructure that caused delays in getting back into operation. In response, Candle Corp. created NC4. Our job is to try to establish formal technology networks and processes for sharing routine, as well as crisis, information between business and government.
GS: By technology networks do you mean Web sites?
Andrews: Yes, application service provider or ASP Web sites. Businesses would subscribe annually to our ASP services, so our revenues will come primarily through subscriptions. The value we provide will be in consolidating and tailoring government information for individual companies that subscribe.
GS: Give me an example. Suppose I am the director of security for a financial services company in New York. I’m responsible for a half dozen facilities throughout the boroughs and perhaps in Newark.
Andrews: Currently you receive information from government, but it is the same information that is blasted out to everyone through e-mail alerts and television news reports. Most of this information is of no value to you in managing security. When you subscribe to our system you would register your assets. What buildings does your company work in? Where are these buildings located? How large a perimeter around the building do you want to protect? Then we would geo-locate your assets.
In your job as a security director, you may not care directly about a bomb threat at a bank in Brooklyn where you have no facilities. But you would care about a bomb threat, fire, hostage situation, gas leak or water-main break that occurs near one of your buildings.
Our goal is to provide you with information relevant to your responsibilities. To do this, we solicit information from government agencies at all levels. They put the information into our ASP system, which then geo-locates events. The system matches the locations of events with client facilities and sends alerts to those who will be affected.
GS: How are the alerts sent?
Andrews: You can specify the system to send alerts to your computer, cell phone, pager or PDA. You can also specify who on your emergency response team will receive the alerts. You may want to notify the business continuity manager, the CEO, human resources and others. The system will cascade those notifications.
GS: So this is a better way to get information from government sources to businesses that may be affected by an event of some sort?
Andrews: Yes. Just as important, it is a way for government and business to coordinate their efforts. Suppose you decide that an event requires you to evacuate your building. By telling the system what you are doing, you will enable public agencies to do their jobs better. For example, if you are putting 7,000 people on the street, the police need to go to work on traffic control. Similarly, you can coordinate your actions with those taken by security directors in neighboring buildings. If you both send 7,000 people home at the same time, you will create a huge problem on the street.
GS: How far along are you in building this ASP system?
Andrews: This is very much a work in process. We’re piloting systems in New York and Los Angeles. In New York, the pilot participants include companies in the financial services community and the city’s law enforcement, fire and emergency management agencies. In Los Angeles, we’re dealing with 10 government agencies including law enforcement, fire, transportation, emergency services, ports and airports. On the business side, 25 companies are participating. These include businesses in the areas of financial services, aerospace, telecommunications and entertainment.
GS: Does this concept have any bearing on the federal government’s Homeland security efforts?
Andrews: Absolutely. Public-private coordination is a national issue. But businesses are located in local communities. So we’ve decided to start and prove the process locally. Eventually, we hope to have NC4 sites in all major metropolitan areas. The fundamental goal will be extending the reach of information to agencies at the federal, state, and local levels and to businesses. This can benefit Homeland security.
We also believe that corporate security people can use this kind of system to provide resources to law enforcement officials dealing with Homeland security issues by sending information back up the chain.
Another point related to Homeland security: We’re building a routine day-to-day system that can be extremely useful during a major event. Because major events occur only rarely, emergency response systems tend to get a little rusty. By using this kind of system all the time, it will be more valuable during a major event.
GS: How does your work at NC4 relate to your role on the President’s Homeland Security Advisory Council?
Andrews: The original mission of the council was to bring advice and guidance from an independent group to the Office of Homeland Security in the White House. In this regard, the Council has been helping to develop a national strategy for Homeland security. With the creation of the Department of Homeland Security, we have become an advisory council to Secretary [Tom] Ridge. Within the council, there are several advisory committees. For example, I chair the Committee on Law Enforcement Emergency Services, Hospitals and Public Health.
In this work, one of our concerns involves the sharing of information between business and government. For example, might intelligence information generated at the national level be shared with state and local authorities? Who will be cleared for this intelligence? What portion of this sensitive law enforcement information might be passed to corporate security people? And how will these people be vetted?
In the end, NC4’s goals, as well as the goals of Homeland security, are all uncharted waters. But I think from the discussions that we have had in the advisory council, there is a general sense that a lot more information can be shared than we originally thought. The next problem will be deciding how to draw the lines.
An expert on crisis and emergency management, the principal consultant for NC4 and a member of the President’s Homeland Security Advisory Council contends that government and private industry must do a better job of coordinating public and private emergency responses
