Surviving the Storm

By Ed McKenna

Information technology is speeding the response of federal and state organizations to emergencies and increasing their efficiency in the wake of rising disaster relief costs.

The Federal Emergency Management Agency deployed its custom-built National Emergency Management Information System (NEMIS) last year, while states are adapting off-the-shelf solutions to boost their operations.

In 1998, FEMA responded to 65 incidents that were declared major disasters by President Clinton, including Hurricane Georges and floods in Texas. Last year's disaster relief tally was $3.6 billion, a figure surpassed only by the $7.9 billion spent in 1994 when the Northridge Earthquake battered Los Angeles. Those figures do not include state and local expenditures for less-serious incidents and preparations for things such as fallout from the year 2000 computer problem. In 1997, state spending on emergencies was $2.77 billion, almost double the amount of five years earlier, according to National Emergency Management Association.

The $70 million NEMIS system was launched last November to assist with response to the Texas floods. Developed by Anteon Corp., Fairfax, Va., under a task order off the General Services Administration's Federal Information Systems Support Program contract, it operates on 36 Compaq Prolient 5000 servers running on Windows NT and using an Oracle 8 database.

Tied together by a wide area network, the servers are located in each of FEMA's 10 regions with a consolidated master server at its Mt. Weather Emergency Assistance Center in Berryville, Va., said Dennis DeWalt, deputy associate director in FEMA's information technology services directorate.

The integrated system is a first for the agency. In the past, FEMA relied on a collection of legacy systems, known as the Automated Disaster Assistance Management System, said Jeff Flading, project manager for NEMIS at Anteon.

"We didn't have a standard way to report an incident. Each region could do it a little differently, and you would get different types of information," FEMA's DeWalt said. Regional report data then was re-entered at FEMA headquarters to fit the format for the disaster declaration package that is sent to the president, he said.

Now, the regional reports not only have been standardized, but the data coming from the regions "automatically generates some of the documents that end up going to the White House," said DeWalt. The end result, he said, is more consistent and accurate data with less work in less time.

The system also corrects other shortcomings of the past method, allowing the agency to respond more efficiently to large disasters as well as concurrent events, said DeWalt. "The old systems imposed limits on the number of simultaneous users and the size disaster we could actually take," he said.

The new system plays an integral role in FEMA's disaster management activities, according to Flading. It can be used to monitor developing incidents, such as a hurricane brewing off the Atlantic coast, collect damage information and determine damage estimates, he said. This information is then compiled in the disaster report package.

If the president opts to declare a disaster, the system initiates three response programs: human services, infrastructure support and mitigation, said DeWalt. For the human services program, individual aid requests are taken via a toll-free telephone number and fed directly into the system. Inspectors using laptop computers access the information to conduct inspections and enter their observations into the system.

NEMIS also is used to process federal grants to state governments and localities to fix public infrastructure, such as roads and schools. And for mitigation purposes, DeWalt said, the system brings together reference data and provides states with an automated application process for requests.

DeWalt is looking for the go-ahead for some system enhancements, which he estimated would cost about $5 million. For example, inspectors currently respond to cases as they are phoned in through the tele-registration system rather than doing sweep inspections. "In really large disasters, that can be inefficient because you may have an inspector going out to the same neighborhood two or three times," he said.

With added capability, an inspector could examine all damaged homes in a neighborhood and upload that information into the system. That information would be married with registration information later, he said.

When responding to disasters, FEMA works closely with state emergency organizations. Local agencies can interface with NEMIS to keep abreast of federal actions throughout the state, Flading said. And states can use the system to coordinate their emergency responses in major disasters.

However, some states already have sophisticated systems of their own. "We wouldn't expect a state like California to use NEMIS, because they have a pretty capable system of their own, [but] states that don't have that kind of sophistication ... can actually come in and use NEMIS," said DeWalt.

Richard Andrews, vice president of EQE International Inc., Oakland, Calif., and a special consultant to the National Emergency Management Association, said he is not aware of any state that is using NEMIS.

"The states are waiting to see what NEMIS is going be like," said Andrews, who was director of the Governor's Office of Emergency Services in California from 1990 to 1998. Many states created their own systems while NEMIS was being developed and deployed, according to Andrews. The states used less costly, off-the-shelf software, such as Lotus Notes, and various geographic information systems rather than specially developed applications, he said.

In some cases, emergency requests still are communicated by telephone and fax at state agencies. But Andrews said there are a handful of states that have wide area networks with dedicated T1 lines connecting local jurisdictions to an emergency management center.

That is the case in California, which launched its Response Information Management System (RIMS) in 1995. The system operates in all the state's 58 counties and is being extended to the cities, said John Bowles, chief information officer of the emergency services office.

The office designed a $1 million system that has improved the state's emergency response, he said. For example, when every county declared a disaster because of El Nino storms last year, California was able to update its situation reports in real time, he said. In the past, it took officials six hours to compile the information from faxed or phoned-in reports and another six hours to fax it out to the localities, Bowles said.

RIMS is a set of applications that uses IBM Corp.'s Lotus Notes. It operates over 13 servers strategically deployed in coastal, southern and inland regions of the state and connected by T1 lines, according to Bowles. The dispersion provides backup protection if a disaster takes out one of the sites.

RIMS takes advantage of Notes' core replicating technology to keep these geographic dispersed systems synchronized, said Jeanette Medlin, senior Domino marketing manager at Lotus.

The system also uses geographic information system technology to map incidents or events, said Bowles. Emergency managers can open electronic maps and click on an event to get a status report, he said. The mapping technology also can be used to compile a database of roads that have been closed in the wake of a disaster.

State officials are implementing Domino 5.0 to make RIMS accessible over the Internet to localities that are not using Lotus Notes, said Bowles. This version of RIMS should be done by the end of the summer.

"Next year, the department plans to integrate modeling and simulation capability into the system," said Bowles. This will allow his office to build models, show the expected course of an event, such as a wildfire, and send information to affected localities.

California is one of a dozen states that have built emergency management systems on a Lotus Notes base. Many of the others are using Notes with EM/2000, a program designed by Specialized Disaster Systems Inc., Lake Ozark, Mo.

"It is a very customizable system. No two installations are the same," said Bill Lent, vice president of Specialized Disaster Systems. "It includes a number of applications such as incident reporting, status boards and administration."

The system was developed three years ago with the help of Florida, he said. The Florida system has 125 nodes spread throughout the state and connected by the Internet.

The standard price for the EM/2000 base package, including a server with tools and two other workstations, is $7,000, and each node after that is $800, Lent said. That figure does not include installation and training. By Ed McKenna

Government agencies are using disaster recovery services to fortify their information systems against a growing list of dangers.

Floods, hurricanes, hackers, computer viruses and the year 2000 computer glitch have highlighted the vulnerability of information systems and boosted the bottom lines of companies offering disaster recovery services, or as they are more commonly known today, business continuity services.

The market for such services, pegged at roughly $2.6 billion in 1998, is projected to top $4.3 billion in the United States by 2002, according to Dataquest, San Jose, Calif. The public sector's share of that total is projected to grow from $413 million to $545 million during that time.

Donna Scott, vice president and research director at the Gartner Group in Austin, Texas, said that about 85 percent of the $1.5 billion estimated to be spent on full services belongs to Comdisco Continuity Services, Rosemont, Ill.; SunGard Recovery Services Inc., Wayne, Pa.; and IBM Business Recovery Services, Sterling, N.Y.

For annual subscription fees, these vendors offer services ranging from assisting in contingency planning to providing hot sites at the time of disasters. There are pre-installed computers, raised flooring and the telecommunications and networking equipment needed to continue operations at such sites.

Beginning in September, services from these vendors became more easily available to federal agencies under the latest iteration of the General Services Administration's Federal Systems Integration and Management Center (FEDSIM) disaster recovery contract. Current contractors are Comdisco, IBM and SunGard.

The addition of IBM and SunGard has helped lower service prices and increased the number of task orders, said David Krohmal, FEDSIM program manager. Comdisco previously held a sole source award.

In the first nine months of the contract, 45 separate organizations placed task orders, said Krohmal. By comparison, there were 47 orders during the five years of the previous contract.
"My sense is that is just the tip of the iceberg. Before we are through, we anticipate contract orders from 100 federal organizations," he said.

About 50 percent of the new orders have gone to Comdisco, with IBM and SunGard splitting the rest, he said.

The growing demand reflects a greater awareness of potential threats and the critical nature of the information systems, he said.

Along with lower costs, the new contract also offers a wider variety of services. Customers can get business continuity consulting and hot site recovery services as well as Y2K testing and program assessment assistance, Krohmal said. The previous contract covered only mainframes.

In addition, there is a provision for recovering voice capability, including basic and advanced phone services such as call forwarding and voice mail ? new features that are of interest to many organizations, he said.

Bob Reed, senior vice president of sales at SunGard, said that government organizations as well as private companies are doing more contingency planning.

"Generally speaking, we are providing the traditional hot site services across virtually all platforms to our federal customers," said Reed.

Along with the traditional recovery services, "we offer a kind of a hot-site recovery ... for Web servers for agencies that may be conducting business on the Internet," said Andy Stoy, government segment manager for IBM Business Recovery Services.

One IBM customer is using the company's Emergency Response Services to monitor its Internet network for hackers, he said.