Solved by verified expert:I will upload the questions.Thanks!
discussion_.docx
oig_05_36_sep05emergencypreparedness.pdf
Unformatted Attachment Preview
1- Read
the Emergency Preparedness pdf file under the link below or under
the Content button’s Readings folder.
Answer the following questions under this thread:
•
•
•
What organization is ultimately responisble?
Which organization relies most on IT?
How is the effectiveness of guidance and processes to support IT users during incident management
determined?
2-
Read the article on Law Enforcement Information Sharing:
http://www.ise.gov/law-enforcement-information-sharing
Give a summary of the multitude of sources.
3Please watch this incredible video about The World’s Future MEGAPROJECTS and
write your comments about the followings:
1.
2.
3.
Write critical analysis about at least two topics/projects in this video.
Explain how important transportations will be in future and address any possible concerns.
Comment on one other student’s post.
The World’s Future MEGAPROJECTS (2015-2030’s):
DEPARTMENT OF HOMELAND SECURITY
Office of Inspector General
Emergency Preparedness and
Response Could Better Integrate
Information Technology with Incident
Response and Recovery
Office of Information Technology
OIG-05-36
September 2005
Office of Inspector General
U.S. Department of Homeland Security
Washington, DC 20528
Homeland
Security
Preface
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by
the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General
Act of 1978. This is one of a series of audit, inspection, and special reports prepared by our office as
part of our DHS oversight responsibility to promote economy, effectiveness, and efficiency within
the department.
This report assesses the strengths and weaknesses of the information technology that the Emergency
Preparedness and Response Directorate uses to support incident response and recovery operations. It
is based on interviews with employees and officials of relevant agencies and institutions, direct
observations, and a review of applicable documents.
The recommendations herein have been developed to the best knowledge available to our office, and
have been discussed in draft with those responsible for implementation. It is our hope that this
report will result in more effective, efficient, and economical operations. We express our
appreciation to all of those who contributed to the preparation of this report.
Richard L. Skinner
Inspector General
Contents
Executive Summary ……………………………………………………………………………………………………….. 1
Background …………………………………………………………………………………………………………………… 3
Results of Audit ……………………………………………………………………………………………………………… 6
Challenges Remain in Aligning EP&R’s IT Approach with DHS Mission ……………………. 6
Recommendation ……………………………………………………………………………………………………14
IT User Support Could be Improved ………………………………………………………………………. 14
Recommendation ……………………………………………………………………………………………………18
Systems to Support Response and Recovery Operations Need Improvement ………………. 18
Recommendations…………………………………………………………………………………………………..34
Management Comments and OIG Evaluation… ……………………………………………………………….. 34
Appendices
Appendix A:
Appendix B:
Appendix C:
Appendix D:
Scope and Methodology………………………………………………………………………….
Management Comments………………………………………………………………………….
Major Report Contributors ………………………………………………………………………
Report Distribution…………………………………………………………………………………
Abbreviations
ADD
CIO
DHS
EP&R
FEMA
GAO
IFMIS
IT
LIMS III
NEMIS
OIG
Automated Deployment Database
Chief Information Officer
Department of Homeland Security
Emergency Preparedness and Response Directorate
Federal Emergency Management Agency
Government Accountability Office
Integrated Financial Management Information System
Information Technology
Logistics Information Management System III
National Emergency Management Information System
Office of Inspector General
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
44
46
59
60
Contents
Figures
Figure 1
EP&R/FEMA Organization ………………………………………………………………………….3
Figure 2
FEMA Regional Offices ………………………………………………………………………………4
Figure 3
DHS Mission and Response and Recovery Goals and Metrics ………………………….7
Figure 4
DHS and FEMA Response and Recovery Metrics Not Aligned ………………………..8
Figure 5
DHS Target Response Metrics…………………………………………………………………….10
Figure 6
DHS Target Recovery Measures …………………………………………………………………11
Figure 7
Four Category 3+ Hurricanes in 2004 ………………………………………………………….15
Figure 8
Disaster Field Office in Orlando, Florida ……………………………………………………..16
Figure 9
Travel Trailers Pick Up Supplies for Disaster Victims …………………………………..29
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
OIG
Department of Homeland Security
Office of Inspector General
Executive Summary
Providing disaster recovery assistance and responding to the emergency needs
of victims of four consecutive hurricanes in 2004 was a major challenge for
the U.S. 1 When devastation from such incidents is so great that state
resources cannot handle the response and recovery efforts, states turn to the
federal government for assistance. The Federal Emergency Management
Agency (FEMA), now part of the Emergency Preparedness and Response
(EP&R) Directorate of the Department of Homeland Security (DHS), is
responsible for coordinating disaster relief efforts across federal, state, and
volunteer organizations, such as the American Red Cross. FEMA relies
heavily on a range of information technology (IT) systems and tools to carry
out its response and recovery operations. Strategic management of these
assets is important to ensure that the technology can perform effectively
during times of disaster and tremendous stress.
As part of our ongoing responsibility to assess the efficiency, effectiveness,
and economy of departmental programs and operations, we conducted an
audit of the information and technology that EP&R uses to support incident
management. The objectives of the audit were to (1) review the directorate’s
approach for responding to and recovering from terrorist attacks, major
disasters, and other domestic emergencies, (2) determine the effectiveness of
guidance and processes to support IT users during incident management, and
(3) evaluate existing and proposed systems and other technologies used to
accomplish EP&R’s response and recovery mission. The scope and
methodology of this review are discussed in Appendix A.
Strategic IT management is essential to the successful accomplishment of
EP&R’s response and recovery mission. EP&R’s IT approach has met the
disaster management challenges to date, including the four major hurricanes
of 2004. However, a number of information and technology management
issues limit the directorate’s effectiveness.
1
The 2004 hurricanes that made landfall in Florida and the Gulf Coast included Charley on August 13th, Frances on
September 5th, Ivan on September 16th, and Jeanne on September 26th.
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
Page 1
For example, the EP&R Chief Information Officer (CIO) is making progress
with respect to IT planning, including the development of the agency’s first IT
strategic plan. However, while the IT plan aligns with FEMA’s outdated
strategic plan, it does not reflect FEMA’s integration into DHS and therefore
may not support DHS’ strategic goals. Additionally, to better align EP&R’s
IT with the agency’s strategic direction, integration with evolving DHS-wide
initiatives, such as eMerge2 and MAXHR, will prove challenging.
Further, EP&R CIO support to IT users could be improved. EP&R CIO staff,
including the national IT helpdesk, provided significant service during the
2004 hurricanes. However, additional guidance and training for systems users
is necessary to ensure that they have the knowledge and information needed to
perform their jobs. The EP&R CIO’s office maintains up-to-date—and often
online—systems procedure manuals and guidance, but FEMA field personnel
are often unaware of these materials. In addition, the IT manuals online
describe the procedures necessary to complete actions in the systems, but they
do not contain the business context for when or how the procedures should be
used. Although EP&R’s custom, complex systems require significant
amounts of front-end instruction, users said that they received insufficient
training.
Currently, EP&R systems are not integrated and do not effectively support
information exchange during response and recovery operations. Also, EP&R
has not fully updated its enterprise architecture to govern the IT environment.
As a result, during significant disaster response and recovery operations, such
as the 2004 hurricanes, IT systems cannot effectively handle increased
workloads, are not adaptable to change, and lack needed real-time reporting
capabilities. Such problems usually are due to FEMA’s focus on short-term
IT fixes rather than long-term solutions. Inadequate requirements definition,
alternatives analysis, and testing prior to systems deployment are
characteristics of this reactive IT management approach.
Although EP&R is working to introduce and web-enable systems to resolve
disparity between its current IT environment and DHS expectations,
additional measures are needed. EP&R would benefit from strategically
managing IT by aligning its IT planning with DHS’ direction as well as
ensuring systems users receive more timely training and communication.
Further, once broad-based requirements are fully defined and documented,
and alternatives are analyzed, EP&R will be in a better position to complete
an enterprise architecture, and test and deploy the most appropriate
technology needed to support its response and recovery mission.
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
Page 2
Background
Following the terrorist attacks of September 11, 2001, DHS was established to
prevent and deter terrorism, and to protect against and respond to threats and
hazards to the nation. The Homeland Security Act of 2002 2 assigns
responsibility to the EP&R directorate to lead federal disaster response and
recovery activities. FEMA, transferred in its entirety into the EP&R
directorate, is directly responsible for executing this aspect of DHS’ mission.
The organization chart below illustrates EP&R and FEMA within the context
of the DHS organization. (See Figure 1).
DHS Secretary
Deputy Secretary
Under Secretary for
Management
Under Secretary for Emergency
Preparedness and Response
DHS Chief Information
Officer
Chemical, Biological, Radiological
and Nuclear Response Teams
Nuclear Incident
Response Team
Domestic Emergency
Support
National Domestic
Preparation Office
Federal Emergency Management
Agency
Headquarters Information
Technology Services
Division (CIO office)
Headquarters
Response Division
Headquarters
Recovery Division
Headquarters Mitigation
Division
Headquarters
Preparedness Division
Figure 1: EP&R/FEMA Organization
When devastation exceeds the capability and resources of local and state
governments to respond they turn to the federal government for assistance.
The Stafford Act 3 gives FEMA the authority to lead the disaster response and
2
Public Law 107-296, November 25, 2002.
Robert T. Stafford Disaster Relief and Emergency Assistance Act, as amended by Public Law 106-390, October 30,
2000.
3
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
Page 3
recovery operations of 28 major federal agencies and departments, the
American Red Cross, and other volunteer organizations. FEMA supplies
immediate needs, such as ice, water, food, and temporary housing. FEMA
also provides financial assistance to individuals who have sustained damage to
their personal property, and to state and local governments for damage to
public property.
FEMA has ten regional offices across the country to assist the states in
disaster management. The map below depicts this regional office structure.
(See Figure 2).
Figure 2: FEMA Regional Offices
Emergency and IT Support Capabilities
EP&R provides an array of emergency operations, facilities, and systems to
help manage disasters. FEMA has four National Processing Service Centers
which handle telephone registration and process victims’ claims for disaster
assistance, as well as five geographically-dispersed Mobile Emergency
Response Support operations which provide initial support for on-site disaster
management. This mobile support includes providing voice, data, and video
capabilities for emergency managers, as well as services such as water
purification and power generation. Immediately following this initial
response, FEMA establishes disaster field offices and disaster recovery
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
Page 4
centers to assist victims on a long-term basis. Emergency operations centers
at FEMA headquarters and at the Mount Weather facility near Bluemont,
Virginia, coordinate response and recovery operations nationwide.
In FY 2005, the EP&R directorate’s CIO had a budget of approximately $80
million and a total of about 400 full-time and temporary employees. The
CIO’s office is responsible for designing, developing, testing, implementing,
and maintaining the operation of FEMA’s systems, including the following
four key applications:
•
National Emergency Management Information System (NEMIS) is the
backbone IT system for response and recovery operations. FEMA uses
NEMIS to electronically enter, record, and manage information regarding
registered applicants for disaster assistance, obligations and payments,
mission assignments, and grants.
•
Integrated Financial Management Information System (IFMIS) forwards
financial information to the Department of Treasury for payment of
disaster assistance claims.
•
Logistics Information Management System III (LIMS III) maintains the
inventory of equipment and supplies.
•
Automated Deployment Database (ADD) is used to identify and deploy
personnel to disaster sites.
With the exception of NEMIS, these systems were not developed by and do
not solely belong to IT. However, IT partners with EP&R program areas in
providing support for these systems.
The CIO’s office manages and maintains the IT infrastructure, i.e., networks,
databases, desktops, and telephone systems, to support operations of
permanent facilities at FEMA headquarters and regional locations. The CIO
also is responsible for providing the IT infrastructure to support hundreds of
emergency personnel at temporary disaster field offices and recovery centers,
often in remote locations. This involves running cable, establishing networks,
supplying wireless connectivity, and installing equipment for information
processing and data and voice communications. In addition, a national IT
helpdesk assists users in various ways such as providing and maintaining
system accounts, ensuring remote access, troubleshooting systems problems,
and making referrals to engineers for systems fixes.
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
Page 5
Prior assessments have identified concerns with several aspects of FEMA’s IT
management. Specifically, in an August 2001 report, 4 the GAO identified
issues with NEMIS internal controls, reliability, usability, and training. A
July 2004 GAO report 5 discussed FEMA’s property management controls and
highlighted concerns with asset accountability and the accuracy of data
recorded in the LIMS III system. In that report, GAO recommended that
FEMA’s property system be linked to its acquisition and financial systems so
that certain key information could be available for effective property
management. In December 2003, we issued a report 6 on the NEMIS system
access controls, and identified related issues concerning separation of duties,
audit trails, and training which needed to be monitored. Further, a July 2004
DHS OIG report 7 discussed the need for component CIOs, such as the EP&R
CIO, to report to the department’s CIO on IT issues to help ensure that
strategies are aligned and systems are consolidated for more effective use of
IT assets across the department.
Results of Audit
Challenges Remain in Aligning EP&R’s IT Approach with DHS Mission
Information resource management plans support an agency’s strategic plan for
fulfilling its mission. The 2004 DHS strategic plan contains specific response
and recovery goals and metrics. FEMA’s strategic plan, however, is not
aligned with them. FEMA developed its strategic plan prior to becoming part
of the new department and has not updated it since then. EP&R’s IT plan
aligns with FEMA’s outdated plan, but does not line up fully with goals and
measures defined in the more recent DHS plan. As a result, EP&R’s IT
systems approach may not support progress toward meeting DHS goals.
Updating its strategic and IT plans to reflect evolving DHS-wide direction and
initiatives poses a major challenge for EP&R.
4
Disaster Assistance: Improvement Needed in Disaster Declaration Criteria and Eligibility Assurance Procedures,
GAO-01-837, August 2001.
5
Federal Emergency Management Agency: Lack of Controls and Key Information for Property Leave Assets Vulnerable
to Loss or Misappropriation, GAO-04-819R, July 2004.
6
Audit of the National Emergency Management Information System Access Control System, DHS-OIG-04-02, December
2003.
7
Improvements Needed to DHS’ Information Technology Management Structure, DHS-OIG-04-30, July 2004.
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery
Page 6
Strategic and IT Plans Not Fully Aligned
FEMA’s strategic and IT plans do not align completely with DHS’ strategic
plan, providing little assurance that the agency can monitor and achieve the
emergency management goals established by the department. Pursuant to
requirements of the Government Performance and Results Act of 1993, 8 DHS
developed its strategic and performance plans which, taken together, establish
its mission and outline goals and metrics for its disaster response and recovery
efforts. According to the EP&R CIO, FEMA participated in working groups
to help develop these DHS goals and objectives and owns all the metrics that
support the response and recovery section of the DHS strategic plan. Goals in
the plans include leading, managing, and coordinating …
Purchase answer to see full
attachment
