Emergency communications plan eye emerging tech, better cyber

NOTE: This article first appeared on GCN.com.

Cybersecurity and interoperability take the spotlight in the newest update to the National Emergency Communications Plan (NECP) from the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA).

Released Sept. 25, the plan includes six goals and 19 objectives for meeting them. NECP builds on the past two versions, published in 2008 and 2014, and serves as a timeline of emergency communications technology’s evolution. For instance, the 2008 NECP put a focus on land mobile radios because they were the main form of emergency communications at the time. In 2014, it highlighted radios’ sustainability while starting to touch on collaboration and preparation for FirstNet.

“Now as you get into the 2019 NECP, things like increased use of data, heightened need for cybersecurity, the emergence of 5G -- all of these things keep on pressing the system and require the update to the plan,” said Vince Delaurentis, CISA’s acting assistant director for emergency communications.

Although CISA and public-safety organizations nationwide have not ignored cybersecurity in the past five years, the effect of ransomware attacks on government entities, including emergency response organizations, has brought security to the forefront since the last plan, said Eric Runnels, CISA Emergency Communications Division acting associate director for national planning and policy.

For instance, the 2018 SAFECOM Nationwide Survey, which the division and SAFECOM conducted with about 3,500 emergency medical services, fire, law enforcement and public safety answering point personnel, found that 37% of responding entities said they have been negatively affected by a cyber incident, but only half have done any cyber planning.

“We feel like would be remiss to not include a cybersecurity goal going forward,” Runnels said.

Interoperability is another major component of NECP, and closely related to its governance and leadership goal.

“When you look back at 2014 compared to today … you’re looking at the whole ecosystem now of emergency communications, so you’ve expanded it from land mobile radio to broadband to NG911 to alerts and warning to all those different immersive communications devices,"  Delaurentis said. In the current environment, they all "need to be interoperable and certainly interactive.”

But most interoperability issues and challenges are related to people, not technology, he added. That’s why governance bodies within states must connect with 911 administrators and statewide interoperability coordinators to create a structure that makes the most of today’s communications ecosystem.

“In many respects, making sure you have the right leadership and governance structure in place, making sure you have planning and procedures in place and ensuring that training and communications that highlight the critical requirements of emergency communications interoperability is as important as the technology and infrastructure that’s behind it,” DeLaurentis said. “Just by having a good plan, you can resolve a lot of your interoperability issues.”

Part of making a good governance plan, according to one objective, is to expand membership composition to ensure more inclusive guidance. This means not just getting input from emergency personnel and officials in big cities, but also rural towns, tribal areas and territories, for instance.

Another revision between the 2014 and 2019 plans was increasing the scope of research and development to cover information-sharing processes, data exchange standards, policies and procedures.

Additionally, the training and exercises goal was revised this year to add evaluations. “Many times you had these exercises and they’re successful, so you pat yourselves on the back and move on. Without the evaluation component, especially a third-party evaluation and especially without developing and documenting lessons learned and after-action reports and acting upon those, you’re not going to get the full value out of those training exercises goals,” Runnels said.

Planning and procedures, communications coordination, and technology and infrastructure are NECP’s other goals.

According to Title XVII of the Homeland Security Act of 2002 as amended, which called for the plan, CISA must periodically update NECP. Officials have determined revisions every five to six years best capture changes in technology and its use. The updating process begins a couple years out and includes surveys, workshops and one-on-one meetings with public-safety personnel at all government levels.

NECP includes success indicators for each objective to help officials recognize whether they are on track with the plan. CISA also developed the Nationwide Communications Baseline Assessment to evaluate the nation’s ability to communicate during emergency operations. The assessment “is designed to improve understanding across all levels of government on the capabilities needed and in use by today’s emergency response providers in order to establish and sustain communications operability, interoperability, and continuity,” according to CISA.