The key is to be ready for all aspects of detection and response before disaster strikes.
The key is to be ready for all aspects of detection and response before disaster strikes.
U.S. national security emergency plans are well documented with a disciplined approach, but their lack of coordination across agencies puts the United States in peril, say a group of government and industry experts. The country must begin to view national emergencies in a countrywide context instead of a narrow local or topical view, or else it will fall prey to whatever major crisis strikes next. The best way to do that is to build a comprehensive national security emergency preparedness (NSEP) capability that draws from lessons out of the Cold War and expertise from public/private partnerships. This also would be accompanied by a grading system that holds agencies accountable to Congress.
These findings were summarized in a White Paper issued by the AFCEA Cyber Committee. The document, titled "COVID-19 Compels Better NSEP Planning," results from weeks of interviews with government officials at several levels during the COVID-19 pandemic combined with findings from academia and industry officials. The ongoing pandemic has laid bare the lack of a national NSEP policy, and the paper serves as a blueprint for NSEP for the foreseeable future, its writers say.
One of the biggest shortfalls lies in not having the necessary infrastructure in place when disaster strikes, the report charges. For the pandemic, it meant not having personal protective equipment (PPE) or ventilators ready to be deployed. For other crises, it might mean not having vital recovery equipment able to help a large region rise from catastrophic damage. These crises could include contaminated water supply, damage to the power grid, electromagnetic pulse and crippling cyber attacks. And, the expertise needed to recover from various disasters must be applied to help local governments and officials respond in a coordinated manner.
James P. Craft, director, Mission Support Department in the Operations Integration Directorate of the Defense Threat Reduction Agency and head of the white paper project team, says the United States needs a comprehensive “whole of society approach” to planning for a full range of potential major national disasters. “It’s not just pandemic; it’s not just killer hurricanes; it’s a whole comprehensive approach that actually fosters resilience at the lowest level,” he declares.
Craft continues that agencies have excellent plans for disasters. But the country has not prepared the infrastructure needed to carry out these plans. Issues include establishing supply chains, establishing command and control, designating roles and responsibilities for the private sector as well as state and local authorities, including specific individuals. “The plans are there, but the plans have not been supported by infrastructure, training, exercises and detailed planning at lower levels,” he says.
He continues that the pandemic provided an example of these shortcomings by not addressing supply chain issues. Ventilators and PPE were not stockpiled sufficiently for when the coronavirus erupted. Craft notes that Arnold Schwarzenegger, when governor of California, put into place both a robust plan and supporting infrastructure that included PPE, ventilators and trained personnel. The subsequent administration effectively dismantled the infrastructure and sold off the equipment, leaving California with only a plan and no way to implement it when COVID-19 struck. The potential for this failure holds true for every type of disaster, he adds.
James F.X. Payne, vice president for special projects at pExchange, emphasizes that another failure is to view all existing plans as cyber-related. While many cyber-attack vulnerabilities do exist, they are not the sole determinant of potential catastrophic effects. The health sector, for example, has extensive plans for dealing with theft or blackmailing of medical data, but it was not ready for the pandemic. The entire critical infrastructure is vulnerable to a broad range of threats that have little to do with cyber. A wide-ranging approach is needed in terms of both threat and response.
Payne also notes that COVID-19 pointed out the lack of proper definition of authority for the crisis. There are more than 18,000 state, local and tribal governments, and each of them needs to have clear-cut authority to take immediate action in a similar event.
“We need to invest in more planning,” Payne says in describing white paper recommendations. The government is good at planning, exercises, interdependencies and logistics, as evident in military deployments, he adds.
Craft cites the paper’s top recommendation as developing an NSEP readiness evaluation program similar to what came out of the Federal Information Security Management Act (FISMA). This grading system would apply to federal agencies across the board, and it would put leaders on record as to how well they’re doing. “People don’t like to get ‘Fs’,” he observes.
Another key recommendation is to redo the national NSEP strategy around a public/private partnership across classification levels on a national scale. This would help ensure resilience so that every element would be sustainable for at least 90 days. A related recommendation would have all NSEP plans standardized with consistent structure, review and methodology.
Craft’s own organization, the Defense Threat Reduction Agency, is working diligently on aspects that contribute to this approach, he says. Its counter-weapons-of-mass-destruction division is the type of group that would feed many of these plans, as it was able to apply its resources to analysis modeling of the pandemic.
Craft emphasizes that the paper is not just a call to government but actually a call to the country as a whole. “Right now, we have a lot of people who are dealing with fear and uncertainty—a lot of pain through our current national emergency,” he says. “It’s most important that we revive a can-do spirit of the American people at every level. We have overcome far worse disasters than we are currently going through, and in many ways the nation rose up stronger.
“Facing our fears with proactive action is going to bring out some of the great elements of American society,” he declares.
A copy of the AFCEA Cyber Committee's White Paper, "COVID-19 Compels Better NSEP Planning," can be obtained at https://www.afcea.org/signal/resources/linkreq.cfm?id=270
No comments:
Post a Comment