Improving Disaster Management: The Role of IT in Mitigation, Preparedness, Response, and Recovery (2007)

This volume is the final report from the National Research Council’s Committee on Using Information Technology to Enhance Disaster Management, which was established in response to a congressional request for a study to examine the use of information technology “to enhance crisis preparedness, response, and consequence management of natural and manmade disasters” (see Box P.1 in the Preface).

Drawing on a June 2005 workshop (see the agenda in Appendix C) and a series of briefings and site visits (listed in Appendix D), as well as the experience and expertise represented on the committee itself (outlined in Appendix E), the committee sought to identify promising applications of information and communication technology (hereafter referred to as IT) to disaster management, promising areas of research for improving the effectiveness of IT, and mechanisms that would enhance research, development, and deployment efforts. The resulting report is intended to inform federal, state, and local policy makers and public safety and emergency management professionals about future opportunities for the application of IT to disaster management. It is not intended as a comprehensive look at the complex, highly multidisciplinary topic of disaster management. Nor do the committee’s findings and recommendations explicitly address tradeoffs between investments in information technology and other capabilities for disaster management or offer advice about levels of funding for IT or other disaster management activities.

This chapter provides a brief overview of challenges confronted in disaster management, focusing particularly on the use and role of IT;

presents several different ways of thinking about information and communication needs in disasters, which together provide a framework for understanding the various roles that IT plays in disaster management; and places the issue of IT use into the broader social context of disasters and disaster management.

Disasters are events that disrupt the normal functioning of the economy and society on a large scale (for more on terminology, see Box 1.1). Natural, technological, and willful (terrorist initiated) sources of disasters all cause dramatic losses of life and property.

One of the essential characteristics of disasters is their complexity. Although disasters may have relatively discrete origins, their effects propagate and interact in ways that intensify the complexities and uncertainties of dealing with them effectively. One major result is that disasters must be responded to in an environment that can be overwhelming, unfamiliar, and disorienting. These challenges are quite familiar to experienced emergency managers and first responders, as manifest in a homespun sign found in many U.S. emergency operations centers (Figure 1.1a). This sign stands in marked contrast to a sign described by a reviewer of this report in draft form that lists what emergency managers aspire to— and often achieve despite the many obstacles—in a disaster (Figure 1.1b).

Disaster management is a multifaceted process aimed at minimizing the social and physical impact of these large-scale events. The difficult nature of disaster management is well illustrated by the Catastrophic Incident Annex to the National Response Plan, which lists some of the potential problems faced in the aftermath of a disaster (Box 1.2). Disaster

FIGURE 1.1 Wording on two signs displayed in emergency operations centers illustrating (a) challenges to decision making and (b) basic goals. SOURCES: (a) Art Botterell, Office of the Sheriff, Contra Costa County, California, personal communication; (b) W. Craig Fugate, State of Florida Office of Emergency Management, personal communication.

management is typically thought of as encompassing four phases: mitigation, preparedness, response, and recovery.¹

Reducing the exposure to an event prior to its occurrence may be

achieved by mitigation efforts aimed at preventing or reducing the threat and by preparedness measures meant to increase the capability or capacity of response and recovery efforts from anticipated problems in advance of an actual disaster event. Examples of mitigation include constructing buildings to accommodate impacts, identifying and measuring hazards to avoid putting social or physical assets in harm’s way, and designing computer networks to degrade gracefully and recover from cyberattacks. Examples of preparation include detailed response planning, positioning resources prior to the onset of an event, setting up operations centers, training responders, and creating emergency management plans. Immediate response seeks to contain the event and minimize loss of life and injuries (rescue), health impacts, and property loss. Examples of immediate response include search and rescue operations. Sustained response seeks to restore critical systems to functionality and meet basic social needs. Examples of sustained response include restoration of sewers, water, and communications. Recovery seeks to minimize cascading impacts and facilitate long-term restoration to the pre-event situation.

Widespread efforts at managing disasters in a comprehensive fashion are a relatively modern phenomenon. Disaster management in the United States has historically been and remains a highly localized task that depends largely on local resources. Still, regional, state, and national efforts have grown out of the need to meet the increasing scale of disasters and the associated costs of managing them. (Box 1.3 identifies major milestones in the evolution of federal disaster management.)

Much progress has been made over the years in reducing the loss of life. Even loss of property from disasters is less than it might otherwise have been where various mitigation and preparedness strategies have been adopted and aggressive response and recovery efforts undertaken.² Yet, losses continue to increase.³ Many factors have contributed to growing losses despite considerable progress in our understanding of them and in the practice of disaster management.

IT has been a major contributor to the progress that has been made.⁴ Indeed, some of these applications have become so commonplace that it is easy to forget the improvements made over recent decades. One familiar

example is application of IT to weather forecasting that has resulted in more accurate and timely warnings of hurricanes and floods.⁵ IT has the potential for even greater impact on enhancing disaster management practice across all of its phases—mitigation, preparedness, response, and recovery—provided it is used consistent with the knowledge of hazards, disasters, and disaster management practices that has been gained from the diverse range of disciplines that contribute to that knowledge base.⁶ Box 1.4 provides a sampling of uses and examples of particular technologies that illustrate the myriad ways in which IT is an integral part of disaster management today.

Responding to disasters involves such information- and communication-intensive activities as marshaling available resources and materiel, mobilizing and organizing sufficient skilled personnel, deploying them with those resources to where they are needed, and finally coordinating their actions. Specific tasks include establishing connectivity with potential resource providers, authorizing the use of resources and coordinating their use into something akin to a supply chain, integrating information from diverse (including ad hoc) sources, reducing the volume of data to relevant information for recipients, directing ongoing operations based on an overall awareness of the situation, adjusting and altering prior plans and commitments based on the evolving situation, and supporting collaboration and distributed decision making. The mitigation process is similarly complex and can involve many situation- and location-specific details, and it relies heavily on tools such as predictive models of the impacts of particular disasters. It is thus not surprising that IT has become a critical tool for facilitating the communications and information-processing activities in managing disasters.

The larger human and organizational context of disaster management was the subject of a recent National Research Council study. Facing Hazards and Disasters: Understanding Human Dimensions describes research undertaken during the past three decades by social scientists on hazards and disasters and recommends a continuing research agenda.⁷ The report observes that the management of disaster mitigation, preparedness, response, and recovery has been aided by improvements in information

technology but cautions that events such as Hurricane Katrina provide a vivid demonstration that technology alone does not guarantee an effective organizational and public response to disasters.⁸

Indeed, an important lesson from past disasters is that applying IT in a vacuum (i.e., without considering the broader organizational and social context) may not only be ineffective but detrimental by, among other things, creating the perception that technology will solve all problems.⁹ Put another way, there is no IT “Band-Aid” that will by itself overcome underlying organizational problems or problems rooted in systemic process, procedural, and policy issues that have never been reconciled.¹⁰ Nor can IT alone address societal decisions such as settlement and land use patterns, construction standards and practices, and issues of social justice and equity. All of these factors and many others may increase vulnerability to hazards of large segments of the population and property. IT does, however, provide useful capabilities for tackling many of these challenges.

This experience is consistent with what is understood about the role that IT has played in productivity and quality advances in other sectors, ranging from defense to banking and finance. The empirical evidence shows, for example, that IT is not simply a tool for automating existing processes and that its real impact is as an enabler of organizational changes.¹¹ It is the complementary investment in decentralized decision-making systems, training, and business processes along with technology that allows organizational efficiency improvements.

There are a number of barriers to the adoption and use of IT in disaster management, growing out of the unique character of the institutions responsible, the organizational structure of the community as a whole, their need to focus on day-to-day operational missions, and their need to actively cooperate only under the most trying circumstances. Limited budgets, lack of expertise and other resources, demographic differences

(e.g., urban versus rural), and the press of routine responsibilities also represent major constraints.

However, as was illustrated in testimony to the committee and in after-action reports of disaster responses, inventiveness, improvisation, and ingenuity have partially compensated for some of these shortcomings. Indeed, the often tacit knowledge of practitioners of disaster management about the realities of what works must also be incorporated if strategies for improving the use of IT in disaster management are to have maximum effect. The committee was mindful of this “can-do” spirit as it examined the needs and opportunities for using IT and ways of overcoming obstacles to its successful deployment and use.

Information and communications needs for disaster management are highly diverse in nature, reflecting the multiple purposes for information and communication and the different activities and information and communications requirements that occur at different times and locations with respect to a disaster.¹² Communications and information processing requirements in a disaster are very heterogeneous, varying according to context, use, time, latency, distance, and bandwidth. There are also many

types of information that can be communicated from many information sources. Indeed, the types of information available continue to grow with ongoing advances in IT. There is also a broad range of information actors and organizations involved in managing disasters; their ability to make appropriate decisions and function effectively can be greatly enhanced by IT and may depend on it for dealing with increasingly complex situations.

Given the heterogeneity of the information, the dynamics of the situation, and the diversity of actors, it is not surprising that there are a number of tensions that arise between more centralized, top-down, and planned disaster management activities and more decentralized, bottom-up, and ad hoc activities. For example, consider the following:

• The needs of “official” first responders versus those of emergent groups of people,

• Command-and-control decision making versus distributed decision making,

• The needs of first responders in the field versus the needs of higher-level decision makers, and

• The need for security and privacy protection versus the benefits of broadened access to information.

There are also inherent tensions between local governments and among federal, state, and local levels of government.

In each of these cases, the design and deployment of an IT system can make the tensions more acute and more visible. Moreover, IT cannot be used to paper over organizational problems—but its appropriate use may enable disaster managers to successfully accommodate a wider spectrum of disaster management activities, and do so more effectively and efficiently.

The first applications of IT to disasters were in the form of voice communications. Advances since then have led to many additional forms of information that have been included in disaster management practices to varying degrees, including text, geospatial data, video, sensor data, and collections of these and other types of data in databases or other electronic forms.

The number of available information sources has expanded considerably in recent years to include surveillance cameras; ground, air, and satellite sensors; telemetry from assets and personnel; unmanned vehicles; and eye witnesses with more technology. Some of these data sources have

been well integrated into disaster planning. Other sources could improve situation awareness with efforts at better integration. The National Research Council study Reducing Disaster Losses Through Better Information catalogs a number of potential information sources (base data, scientific data, engineering data, economic data, environmental data, response data) and major types of information held and being gathered by federal agencies (e.g., base cartographic, land-use, seismic, hazardous site, demographic, aircraft route, river flow, and meteorological information).¹³ Although some of these data sources are currently being used by disaster researchers for vulnerability assessment,¹⁴ they are often inaccessible, unused, out of date, unusable, or inadequate for disaster managers, especially during response.¹⁵

Further advances in sensor technology (both pre-positioned and post-incident deployable) are likely to lead to opportunities for further improvements in both the volume and quality of data available. A number of factors affect data quality—completeness, timeliness, accuracy, and consistency—and advances should target all of them.

In thinking about the use of IT in a disaster it is useful to think of an incident time line consisting of three segments: pre-incident, trans-incident, and post-incident. In fact, the value of considering disasters and disaster management chronologically is unquestionable and taken for granted.¹⁶ Disaster management can be viewed as roughly divided into three parts: (1) reducing exposure to and preparations for a hazard under routine, pre-incident circumstance; (2) preparations and actions immediately prior to and during an event; and (3) dealing with the consequences once it has occurred. Thinking in terms of time is also essential for understanding the different requirements for disaster management depending on the type of disaster. IT plays important roles in each time segment, and the committee considered the potential for increasing effectiveness in each one.

One important kind of data communicated in a disaster is directives and authorizations for inter- and intraagency coordination. These are largely synchronous exchanges about where to go, where to meet, and reporting status. They can generally be accomplished through low-band-width mechanisms such as voice and text (e.g., e-mail, text messaging) and can be transmitted using both real-time media (voice or chat) and near-real-time media (such as e-mail). Coordination tasks result in interdependencies where Agency A cannot proceed with a task without authorization from or the arrival of Agency B—waits that can introduce significant delays in response activities if robust communications are not available.

Another important kind of data is requests for distributed decision making, especially logistics and planning. The content of these exchanges is akin to those that arise in dynamically creating a supply chain or a business enterprise where requests are tracked and processed. The exchanges may be more asynchronous where text and other files are sent and the time for a response is less immediate. Bandwidth requirements may generally be modest and traffic levels relatively low, but large files may need to be shared and databases kept synchronized. Data are also needed to inform decision making at all levels and to help form a common operational picture. Relevant data include the following:

• Human observations from direct response activities. These are the reports from observers in the field, such as from local emergency operations centers, country transportation workers, pre-positioned trained observers, or other responders. The exchanges are largely one-directional, from the observer to a commander. Voice (e.g., cell and satellite phones) and text are both useful.

• Geographic information system (GIS)-oriented data. GIS information flows both to and from the field, with maps and projections such as flooding pushed to responders or tracking of personnel and assets collected by commanders. GIS information is typically in the form of high-resolution maps. If appropriate map sets have not been pre-positioned, large amounts of data may need to be transmitted; otherwise communications will generally take the form of updates and overlays to base maps.

• Visual-oriented data. Overhead imagery, satellite photos (before and after), and pictures and video of the disaster from other sources such as the public or other responding agencies can be extremely valuable. These data are inherently high-bandwidth and often need to be shared among

agencies, even if a common operating picture (a shared understanding of a situation by a group of people who need to act together to achieve common goals) is not established. Consider, for example, that a high-resolution overhead image of a coastline would help urban search-and-rescue units prioritize searches and allow transportation and law enforcement officials to determine avenues of access for supplies, controlling access, and so on.

• Logistical information. Information about the location and status of resources provides an important part of the common operational picture. Relevant data include databases and schedules describing where resources are, what and who has been dispatched to which affected areas, and so on; and what resources are needed by whom, where, and when, and the specific capabilities and limitations of those resources.¹⁷

• Sensor data. Information about the status of built infrastructure and environmental factors provided from pre-deployed instrumentation and devices deployed post-incident.¹⁸

The source of data may have implications for their use as well as whether and how they are transmitted. Improving the effectiveness of data sources may include improving the usefulness of and access to the data. Valuable data sources exist for all phases of disaster management. Some sources of data for response include the following:

• Data being “pushed” from the field. During response, some sources of valuable data include data mapping damage, locations of responders and other resources, information on the status of response activities, and sensor data. High-fidelity (and thus high-bandwidth) data are required for some applications. For example, pictures or video of damage to a bridge could be transmitted to off-site experts for structural assessment.

• Data being “pulled” from and “pushed” into the field. A few examples of data responders’ requests or data sent to them include field reports,

imagery and map updates, and status information on resource deployments.

• Discovery services. The Internet offers the prospect of identifying and creating information resources dynamically from a wide variety of official and non-official sources.

Tactical operations focus on the response operations in the affected area. They may involve stabilizing the situation sufficiently to carry out those operations. (In the case of a terrorist incident, this could involve capture or neutralization of the threat as well as responding to it.) Decisions are often immediate, based on direct observation and a priori knowledge. Any available information useful for gaining a broader understanding of the situation to aid in the decision-making process may help answer questions critical to tactical operations such as, What resources are nearby that I can use? How extensive is this problem? Can neighboring resources/units be directed my way? When can I expect help to get here? A secondary role of tactical operations is as general information gatherers for the strategic operations.

Strategic operations, by contrast, are essentially “enterprise” decisions and may span weeks to months. Information flow for strategic operations is highly computer-centric and more akin to the flow of information in a supply chain management system.

A particular challenge—and one where IT can play an important role—in disasters is connecting tactical operations and strategic operations. The physical distance between the tactical and strategic decision makers, as well as the differing time spans for decisions, poses additional challenges for cooperative work and information sharing. Another area requiring further research is in understanding what the roles should be for strategic and tactical operations and how IT should be structured in order to properly support those roles.

As suggested above, both successes and failures in disaster management depend on the effectiveness and resilience of human as well as technological systems. As a result, broad statements about IT failures during disaster, although often true, can be a major source of confusion about the complex sources of disaster management failures. A four-layer “stack” model developed by the committee illustrates the range of issues

that are sometimes lumped under the rubric of “communication,” “interoperability,” and “information technology” issues. The model includes the following elements:

1. Organizational and social context comprises the goals, metrics, priorities, and beliefs of each organization involved, as well as those of “meta-organizations” such as an incident command structure or an emergency operations center that involves multiple organizations. It is concerned with the purpose, content, and partners in communication. The social side goes beyond the logical layer that facilitates transmitting content. It includes the cultural and organizational constraints and workarounds to organizational barriers, such as informal social networks between trusted friends in different organizations. One source of “communication” problems at this level can be simple misalignment between the goals and priorities of different organizational elements; for example, at a potential terrorism site there might be a “disconnect” between organizations focused on criminal investigation and others concerned chiefly with rescue or restoration of services.

2. Human behavioral context includes the many variables of individual human performance, including skill sets, training, experience, health, personal stress, and other personal factors. Despite efforts at standardization, human beings inevitably bring a degree of variability into the execution of procedure and the pursuit of organizational goals and values. This is not necessarily a bad thing; indeed human originality and adaptability are often critical to meeting unforeseen challenges. But they can insert an only partly controlled variable into the performance of carefully planned processes and can give rise to problems that are sometimes mischaracterized as technology-related communications problems, especially under conditions of high stress or uncertainty typical in disasters.

3. Procedural and policy framework refers to predictable patterns of behavior. Sometimes these are formalized and documented, but often they are unwritten and even unconscious artifacts of an organizational or disciplinary culture. Procedures are often event-driven, that is, expressed in the form “when X happens, do Y.” A great deal of implicit knowledge about the immediate system and its environment is encoded in such procedures. As a result, they can be confounded by the profound changes in context that may accompany a disaster. For example, an emergency communications plan can be disrupted by loss of, or interference with, expected technical channels. Without an effective way to devise and transition to an alternate plan, such disruptions can lead to perceived major failures of communication, even when significant technical capability remains.

1. Technology includes the bulk of what is frequently understood in the terms “communications,” “interoperability,” and “information technology.” Technology is the medium through which communications and infrastructure needs are met, and can be thought of as the physical layer of communications. It includes all of the capital infrastructure investment for communications and information technology. Although technical failures are by no means uncommon, they can frequently be circumvented using alternate technologies, provided the procedures, skills, and organizational will remain to implement such expedients.

This conceptual model presents a number of useful insights. First, problems (and the perceptions of problems) tend to propagate downward (from 1 to 4) through the stack, so that various non-technical issues can end up being framed as technology failures. For example, police and firefighters at a traffic accident might have subtly different organizational priorities. The firefighters might be focused on the well-being of victims at the scene, while the police might be tasked with reestablishing unhampered traffic flow for the larger community. This organizational difference might lead to personal and procedural conflicts that ultimately might be (mistakenly) characterized as a “communication problem” and then (also mistakenly) interpreted as a failure of “interoperability,” which is frequently assumed to be a technical issue.

Second, change tends to propagate upward (from 4 to 1) through the stack. Effective use of new technologies requires and enables new procedures, which in turn require new skills and create new challenges, to which organizations ultimately must adapt. For example, in many large organizations, computer-based word-processing software was first introduced in a “word-processing pool” office, by analogy to previous typing and dictation pools. Over time the opportunities that provided for faster and more flexible service moved the new technology out to secretarial desks in the operating departments, and eventually onto the desktops of commanders and executives. The word-processing pool, and in some cases the secretary as well, faded into organizational history.

Third, many interoperability and data-sharing challenges are not fully or even mostly technical in nature. Indeed, as noted in the report summarizing a workshop convened as part of this project, better “human organization, willingness to cooperate, and a willingness of government at higher levels to listen to those at local levels who really do the work and who are the actual responders are all critical factors in making better use of information technology for disaster management.”¹⁹ As a result, many inter-

operability and data-sharing challenges may not be amenable to technical solutions alone—or at all.

Chapter 2 builds on the discussion in this chapter to outline a vision of the potential for IT to improve the effectiveness of disaster management in all its phases. The vision encompasses six areas of IT-enabled capabilities identified by the committee as having particularly significant potential. Chapter 3 examines mechanisms for focusing IT research and development on disasters and disaster management in a way that reflects disaster research and the experience of practitioners. It also explores mechanisms for improving the transfer and adoption of IT into practice. Chapter 4 sketches a potential IT research agenda based on the vision elaborated in Chapter 2 and driven by the mechanisms described in Chapter 3.