Tuesday, April 28, 2009

Twitter® for Public Safety & Emergency Management

By Joseph Mazzarella, Chief Legal Counsel
April 28, 2009

In the world of public safety, obtaining and communicating important information in real time can save lives. In this regard, new communications tools are continually be deployed to improve emergency preparedness and response capabilities within a collaborative “all hazards, all disciplines’” paradigm that implicitly requires coordinated planning and response among responders, supporting agencies and other critical assets. These communications improvements range from employing mass alerting and reverse 9-1-1 solutions to advanced multi-agency communications interoperability solutions that link together an array of disparate systems and equipment. While the emergency management sector forges ahead with innovation, the world at large is also blazing new paths and ways of communicating through internet and mobile data driven social networking utilities. Despite the natural temptation to dismiss them as pedestrian at best and frivolous at worst, these social networks may offer something of value to the public safety and emergency management sector. After all, literally millions of users cannot be all that wrong. One of the fastest growing social networking utilities among them, and the focus of this article, is Twitter®, which may offer emergency management and public safety organizations with another potentially powerful and effective communications utility to add to their communications tool chest.

Twitter® is a deceptively simple, yet powerful social networking based communications tool. As described on its web site, “Twitter is a service for friends, family and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?” See, http://www.twitter.com. With Twitter®, people can follow one another and receive messages from their network of friends in real time. What makes Twitter powerful is it that it links people together around a topic, cause or person, and it provides an easy way to quickly disseminate and share messages among “followers” in the listening group. It is proving to be a popular and particularly attractive communications medium because it intersects with the “always on and available” status created by data enabled consumer mobile devices. Availability or presence is not limited to whether a user logs on to his or her computer anymore. You are always within range of your friend’s “tweet” (Twitter parlance for a message) courtesy of your Blackberry®, iPhone®, cell phone or other mobile device strapped to your hip.

Before you dismiss its potential utility, consider that Twitter is already being used in certain public safety contexts in both planned and spontaneous ways. This April, the Garden City, Kansas Police Department started using Twitter as a free public messaging tool to send out information on events, missing persons and other community advisories, as did the Franklin, Massachusetts Police Department some 1,000 miles away a few days later. In fact, a recent search of Twitter® reveals over 200 police related Twitter® micro-blogs, the largest being the Boston Police Department with over 2,100 followers. Additionally a number of local and state Offices of Emergency Management have rolled out their own Twitter alert based sites, such as Oregon OEM and University of Medicine and Dentistry of New Jersey’s (UMDNJ) Office of Emergency Management to name a few. Beyond state and local agencies, even federal agencies have jumped on board. The Department of Homeland Security (DHS) has its own Twitter® micro-blog which is used for news and announcements, and another micro-blog at twitter.com/LLIS for its Lessons Learned Information Sharing web site (www.LLIS.gov) which is a community repository of best practices information for state and local homeland security and emergency response personnel. The Center for Disease Control (CDC) Emergency Preparedness and Response site uses Twitter as a mass communications tool and has over 2,000 followers. Similarly, the FDA has employed its own Twitter feed at twitter.com/FDARecalls to alert over 3,000 people of its recall of salmonella-tainted pistachio products. See, “Twitter to the rescue: Agencies apply high-tech tools in crisis response” by Elise Castelli, Federal Times (April 06, 2009). While overall use as measured by followership remains relatively small, most of these initiatives are new and they will likely gain popularity as Twitter® becomes better known as a community alerting and information dissemination point.

While mass outbound public communication is a natural use for Twitter®, it may also serve potentially other equally useful purposes. Twitter® is not a one way conversation utility. Namely, it is a tool for information gathering and quick interactive information updating. Followers can send messages too. In fact, Twitter® was reportedly used in the aid of a Swiss Alps mountain rescue operation. As the Alpine rescue unfolded, members of a snowboarding party were sending “tweets” to friends who were, in turn, passing on information to aid in finding their location and providing updated status details regarding their condition. See, “Mountain rescue played out on Twitter; 1 dead”, Associated Press (March 3, 2009). In one the earliest celebrated cases of “Twitter to the rescue”, it was widely used during the 2007 Southern California wildfires to track and report fire movements in real time and alert people of potential oncoming danger. See, “California Fire Followers Set Twitter Ablaze” by Michael Calore, Wired Blog Network (Oct. 2007).

In this vein of emerging communications and cooperation, it is worth noting one particular Twitter micro-blog that is very interesting – twitter.com/HoustonFireDept. The Houston Fire Department is sending out incidents generated from its CAD system as “tweets” with hypertext linked mapped location information. It is quite easy to imagine extending this type of alert into an interactive web based information gathering portal through which the public can contribute information, and also follow incident updates at an incident defined level.

The above examples provide a glimpse into the potential utility that Twitter® may offer in the realm of emergency response and public safety. Imagine what thousands of eyes and typing hands can do to provide important information to public safety agencies during a large distributed, evolving crisis such as a natural disaster. Or, perhaps what a handful of people in the right place and at the right time can offer in the case of a manmade disaster or terrorist attack. In the case of Citizen Corps, 2,342 local councils have formed across that United States. These Corps are local citizen based civic emergency preparedness organizations designed to assist local communities with civilian emergency planning and response. Twitter might play a constructive role in providing quick updates to diverse members. Or, consider how Twitter® or a secure private Twitter-like service might be used for NIMS Incident Command System (ICS) communications functions for providing quick updates from branches, divisions, tactical units or groups. Each of these applications presents potentially useful benefits. Like any good communication tool, it has the ability to act as a force multiplier by increasing information flow and raising real time situational awareness.

As is the case with many new communications tools, functional or pseudo-functional overlap with legacy systems is not uncommon. In the area of crisis information management, for example, there are a variety of web-enabled emergency operations center solutions which purport to offer real time information sharing for emergency management personnel. These solutions range from highly sophisticated environments with extensive integrated data views to rudimentary topic driven message boards, many of which purport to comply with Incident Command System (ICS) and Emergency Support Functions (ESF) standards. However, in reality, ICS and ESF are not technology standards or explicit functional requirements inasmuch as they are organizational and process frameworks with rules meant to rationalize and organize command and control, drive coordinated planning, foster continuing training, prompt exercises, assess results, and make improvements, all within a uniformly understandable and scalable way. In this regard, any system claiming or asserting ICS standards compliance (and by implication “completeness or suitability”) misses the mark in that the very essence of the thing they purport to meet contemplates a dynamic and continuing cycle of evolutionary improvement towards an increasingly better state of active preparedness. Improving, replacing and supplementing legacy communications systems and methods to advance efficient, cohesive, real time coordinated communications and information sharing is a core principle of NIMS and ICS. So, the mere fact the there may exist other modalities of communication in use providing “similar” functions should not necessarily preclude an examination as to how the overall environment can be improved by cohesively integrating or introducing new modes of communication such as micro-blogging capabilities.

Of course, integrating Twitter® or a Twitter-like capability into a public safety or emergency management environment raises unique suitability considerations based upon its use context. These considerations include security and privacy, user identity management and authentication, evidence preservation and chain of custody, and practical possession and control matters. In the context of public alerting, for example, maintaining a permanent record of the alert content, its time of dissemination and the party who sent it are all important. These records must be maintained in a secure and controlled environment to ensure their integrity in the event of subsequent litigation or an investigation. Moreover, as with any alerting mechanism, the actual credentials and permissions of the person authorized to send alerts must be carefully managed. While external threats and breaches from hackers may permit unauthorized users to send out fraudulent alerting messages, unauthorized messaging can also occur from within the agency through lax credentials access and control procedures.

Finally, as with any official public communications outlet, an integrated administrative review and approval workflow component is important to ensure that appropriate quality control standards, legal review requirements, and internal policies are followed, obtained and recorded. In the case where Twitter® might be used to collect information from the public, concerns are present that are similar to those that arise in the context of tip lines and other inbound telephone calls. Chiefly among them is being able to process potentially large volumes of information that may be submitted as well as being able to determine its relevancy, verify or assess its likely accuracy and truthfulness, and assess its actionable value in a timely manner. Finally, in the case of internal communications for crisis or emergency management purposes, a broad array of considerations are at play, including the security, authentication and records management issues previously described along with evidentiary and chain of custody matters associated with communications logs. Finally, the use of third party systems where the agency is not in possession and control of its communications data records also leaves the information vulnerable to legal discovery. If information resides in another party’s possession, the agency may have no or limited opportunity to contest or challenge a demand for disclosure, particularly since the party in possession of the data may have no duty to notify the agency, or worse yet, voluntarily chooses to disclose data without due consideration for the agency’s rights or concerns.

Finally, beyond these particular considerations, there are more rudimentary issues that must be addressed when dealing with public safety communications, namely reliability. As this article was being written, Twitter served up a page at 9:39PM EST on April 19, 2009 stating “Twitter is over capacity. Please Wait and try again”. In the public safety, those aren’t welcome words.

Notwithstanding the above, it is reasonable to expect the use of Twitter® to continue to rapidly grow within the public safety and emergency management space primarily as an adjunct to existing mass alerting modalities. It is further likely that Twitter® can and will be used by innovative agencies as a means to enhance information gathering through public participation - in essence enabling “virtual neighborhood watch” capabilities. However, it is very unlikely Twitter® could be adopted for any internal public safety and emergency management communications use because of the additional security, data integrity assurance, information management and control, and most importantly, reliability needs. Instead, it is more likely that private, in-house “Twitter-like” communications utilities will be created that are more suitable for public safety needs that could augment existing internal communications and information management environments, particularly where resources and assets are geographically diverse. But even within a more robust private framework, the public Twitter® environment still can play an important role as a public interface through integration and the application of appropriate information vetting and verification filters to allow relevant two-way information sharing.

Do these things like Twitter® matter? You bet. For someone, somewhere it just might make all the difference in the world. Here is one of my favorite tweets which came from the Oregon Office of Emergency Management (twitter.com/BailyJN):

“Here's the scenario - You are at work, kids at school. Big earthquake. No phone service or power. Roads closed. Tell me your plan.” 3:46 PM Mar 13th

Post Script: As this article was completed and waiting for general publishing, Microsoft announced a beta release of Vine, a new Twitter-like service for emergency communications. As they say “timing is everything” but then again there is a certain obviousness for the reasons described above. See,

The author is not affiliated with Twitter, and the assessments and characterizations made within the article reflect the author’s opinions and do not constitute any endorsement of Twitter or its suitability or reliability for public safety or any other use. Neither the author nor publisher of this article asserts any claim or rights in or to the trade names or marks of Twitter, Inc., all of which are expressly reserved to Twitter.

You can follow the Author’s updates and commentary on Twitter at “@Interoperable”.

Thursday, April 23, 2009

Public Safety Agencies and School Emergency Communications Connected under NIMS

Reprinted from Preparedness Today February 2009

"NIMS Implementation Activities for Schools and Higher Education Institutions’ presents a set of key school and campus emergency management activities that will enhance the relationship between schools and campuses, their respective local governments, and their community partners as they communicate, collaborate, and coordinate on these NIMS activities." - US Dept. of Education Announcement – NIMS Implementation Activities For Schools and Higher Education Institutions

In central Connecticut, steps are being taken to establish comprehensive communications interoperability between schools and local public safety response assets. The Rocky Hill, CT. Police Department, Cromwell, CT. Police and Fire Departments, and Berlin High School and Berlin, CT. Police Department have deployed Mutualink’s communication resource sharing platform, enabling seamless, real-time interoperable communications among all of the network participants. This effort is a major step towards an emergency preparedness and response communications capability that meets the collaborative “all disciplines, all hazards” approach established under the National Response Framework (NRF), and enabling a National Incident Management System (NIMS) compliant environment with an institutionalized and operational understanding of the Incident Command System (ICS).

Schools of all levels are encouraged to be ready to handle emergencies, and the US Department of Education (ED) has issued important guidance to assist educators and administrators in implementing NIMS compliant preparedness and response programs. As part of its effort, ED has established the Readiness and Emergency Management for Schools (REMS) Technical Assistance Center. The REMS resource center can guide schools in emergency preparedness activities and also assist them with funding applications under the ED Readiness and Emergency Management for Schools (REMS) and Emergency Management for Higher Education (EMHE) Discretionary Grant Program.

In addition to the programmatic drive to achieve a higher state of preparedness and response readiness, the practical imperative interoperable communications between public safety agencies and schools as a pragmatic step to improved safety has been further magnified over the past decade by a series of high-profile tragic events such as the ones that occurred at Columbine High School and Virginia Tech University. In the aftermath of the Virginia Tech tragedy, the International Association of Campus Law Enforcement Administrators (IACLEA) published an analysis and blueprint for safer campuses. In this report, the IACLEA reaffirmed the importance of interoperable communications for effective critical incident response.

In preparation for the operational deployment and use of Mutualink between the schools and police and fire departments, personnel at Berlin High School and Berlin Police Department have worked with Mutualink on completing FEMA Incident Command System, ICS-100 certification. In January, all participants will begin taking part in routine check-in exercises. We invite your jurisdiction to take the next step in making community-wide emergency preparedness and response a reality.

Below, we have compiled a guide of key Emergency Management and Response resources for schools and higher education institutions.

NIMS & Emergency Management Related Resources for Schools:

Lesson Learned from the Mumbai Attacks

Reprint from December 2008 Article - Preparedness Today
By: Joe Mazzarella, Chief Legal Counsel, Mutualink, Inc.

While the precise details of the November 30, 2008 terrorist attack on Mumbai, India continue to emerge, there is enough information available to provide a portrait of events that can offer many valuable lessons for public safety and security leaders. We tread lightly to avoid any notion of opportunism, however, as dedicated public safety communications professionals, the Mumbai attacks reveal the fundamental importance that a real time, community-wide incident based emergency communications sharing platform can play in effective emergency preparedness and response.

Without reproducing the event timeline in detail, the operational signature of the Mumbai attacks provides important information that will assist in preparing for and responding to potentially similar events in the future. As history amply demonstrates, terrorist groups tend to copy and emulate methods that they deem to be successful. Law enforcement and security professionals should recognize that the “success” of the Mumbai operation will provide both a strategic and tactical template for others. The Mumbai attacks are the realization of a predicted security threat scenario – coordinated multi-site urban terror assaults.

In this attack, we note that a massive and multi-faceted emergency response effort unfolded. It included local police, anti-terrorism police units, military units, fire rescue, bomb detection units, medical response, port authority, traffic control, and railway and airport transportation authorities. We can only speculate about the level of cohesive and interoperable communications that existed, however, the response efforts as reported appear to have been chaotic and nominally coordinated. This condition reduced and impaired force effectiveness. It also is apparent that poor and/or delayed communication and information sharing limited situational awareness, response assessments and planning.
Based upon publicly available information, we make the following observations for future emergency preparedness and response planning efforts:
  • Multiple Site Coordinated Attack – Coordinated urban attacks occurred at 10 separate locations, with 8 being within an approximately 4 mile area and the others occurring approximately 15 miles away near the Mumbai international airport. The effect and impact of the operation was catastrophic, spanned 3 days and paralyzed a major financial center with over 12 million people. Yet, it was carried out by a relatively small number of actors, consisting of an operational cell of 10 to possibly 18 people. Identifying that the singular attacks were part of an orchestrated whole took several hours.
  • Key Infrastructure and Community Assets Targeted – Key community assets were targeted or played important roles in the attacks. The targets appear to have been consciously chosen in advance of the operation. The assets were: Hospitals, Police Stations, Railways Stations, Airport Facilities, Port Facilities, Hotels, Cinemas, Cafes and Religious Sites.
  • Targeted Sites Served Multiple Reinforcing Objectives - The choice of sites provides valuable information in assessing the nature and type of facilities that may make attractive targets for future coordinated multi-site urban assaults. Specifically, we note the following:
  • Police Stations - Public Safety Command and Control – Attacking this facility type slows down the security response apparatus and provided other actors time to execute their objectives in other locations. It should be noted that the Security Chief and other high ranking counter-terrorism officers were essentially targeted and assassinated. This tactic appears to have been designed to disrupt command and control, and hobble security response effectiveness.
  • Hotels – Hotels are emerging as high risk terrorism targets. Security personnel should be focusing on vulnerability assessments and preparedness and response plans.
    Hotels, which are historically publicly open environments with a transient guest population, are emerging as preferred targets. The Mumbai hotel attacks were patterned off the success of an earlier Marriott Hotel attack in Karachi, Pakistan. However, interest in tourism related sites and hotels extend back much further, including the Bali hotel bombing in 2002.
The Mumbai Hotel attacks reveal a variety of valuable information and insights:
  1. Symbolic Buildings. The multiple hotel buildings that were targeted had a symbolic purpose from a historical and socio-political aspect.
    Staging Points. The hotels themselves were used as planning, staging and storage points for weapons caches in anticipation of the attack. Some the terrorists were guests.
    Bottleneck Control. Once the public access floor was under control, the remaining floors were effectively controlled and a mass hostage opportunity arose.
  2. Identifying Friend from Foe. External security personnel had a difficult time identifying the actual terrorists and clearing the hotels. Only a few video shots of terrorists’ faces were shared through conventional electronic distribution means hours after the event unfolded.
  3. Closed Circuit Video Feeds. Closed circuit video feeds were limited and in most instances unmanned. Real time feeds could not be shared.
    Layout Plans. Hotel layout plans were not available for response teams. This lack of information undoubtedly hindered planning and delayed a tactical response effort.
  4. Mass Communication. Communications to hotel guests stranded and barricaded in their rooms were handled from within the hotel by hotel personnel over the telephone. Mass communication and updates could not be delivered through the system by outside responders.
  5. Inside Intelligence. Despite ongoing firefights, Hotel guests were actively texting and communicating with family members from mobile devices within the hotels. This represented a valuable intelligence information gathering opportunity that could have been leveraged and shared with responders.
  • Hospitals – Attacking these targets helped to further impair public safety response efforts and cause mass casualty response coordination to be more complicated. It also created psychological fear by attacking a facility which is universally accepted as a place of safety and care.
  • Airport Facilities – A taxi was blown up at one of the main roadways leading to the Mumbai International Airport. This tactic had the effect of creating a disproportionate resource response and diversion, because airports have received the lion’s share of security focus due to their status as classic terrorism targets. Assaults on airport related facilities may be used in a diversionary fashion, particularly in urban areas that host nearby airports which rely upon local emergency response assets.
  • Cinemas and Caf├ęs – These targets are attractive mass casualties’ opportunities and create general mayhem. They instill immediate fear in the civilian population. In the United States, malls, cineplexes and similar predictable and routine gathering locations would be prime targets.
  • Ports – The use of water ports as a covert means of entering a targeted environment raises new concerns. Small vessels provide the ability to surreptitiously move material and men with a minimum of risk of detection by the general public. Cities with navigable water bodies that provide quick access to key parts of an urban environment should be aware of this vulnerability.
  • Railway Stations – Railway stations provide large masses of people in transit and make an attractive target for causing mass casualties. It also is an attractive site for early engagement because it creates general transportation chaos, provides a good environment to blend in with other transient people carrying articles and baggage, and makes identification and apprehension difficult.
  • Religious Targets – These targets are attractive for their political and religious value and are usually designed solely to send a message and create terror. The last targets occupied in the Mumbai attacks were religious in nature and it is possible to assume that terrorists seeking a final glorifying act will move to these symbolic targets as their last place of defense and final mayhem. Being able to quickly identify, notify and communicate with these vulnerable targets early in an unfolding attack of this nature may save lives.
Overall, we have no doubt that continued and careful study and examination by security assessment professionals and strategists will yield important and valuable preparedness and response practices. Even absent those forthcoming insights, the Mumbai attacks clearly demonstrate the significant value that cohesive and adaptable community-wide emergency communications and information sharing capabilities can offer in events of this nature.
1 The information used for this article was gathered from generally available public news sources, including reports published by the BBC News, Times of India, New York Times, Washington Post, and Wall Street Journal.