Summary and Recommendations
Section 214 of the E-Government Act of 2002 called on the Office of Management and Budget, in consultation with the Federal Emergency Management Agency (FEMA), to “ensure that a study is conducted on using information technology to enhance crisis preparedness, response, and consequence management of natural and manmade disasters.” This, the final report from the National Research Council’s Committee on Using Information Technology to Enhance Disaster Management, addresses the issues listed in Section 214 and provides recommendations for enhancing disaster management through the use of IT.1 In this study, disasters are defined as natural, technological, and human-initiated events that disrupt the normal functioning of the economy and society on a large scale; information technology (IT) is broadly defined as including computing and communications technology; and disaster management is defined as encompassing mitigation, preparedness, response, and recovery efforts undertaken to reduce the impact of disasters.
The purpose of this report is to inform federal, state, and local policy makers and public safety and emergency management professionals about future opportunities for the application of IT to disaster manage-
ment. Many of the report’s recommendations are aimed at the diverse set of federal, state, and local agencies and other organizations (referred to here as disaster management organizations) with responsibility for disaster management activities. Several recommendations indicate what might be done at the federal level to foster IT innovation that would enhance disaster management efforts, but it was beyond the scope of this study to recommend exactly where responsibility for implementing these recommendations should be placed within the federal government. This report is not intended as a comprehensive look at the complex, highly multidisciplinary topic of disaster management, nor does it explicitly address tradeoffs between investments in IT and other capabilities for disaster management or make recommendations about levels of funding for IT (or indeed other) disaster management activities.
USING INFORMATION TECHNOLOGY AS A POINT OF LEVERAGE TO ENHANCE DISASTER MANAGEMENT
The challenge of disaster management is reducing the harm disasters cause to society, the economy, and the lives of individuals and communities. That task requires disaster managers to reduce uncertainty, to calculate and compare costs and benefits, and to manage resources, often on a much larger scale and at a much faster pace than are supported by methods and means for solving ordinary problems. IT provides capabilities that can help people grasp the dynamic realities of a disaster more clearly and help them formulate better decisions more quickly. And IT can help keep better track of the myriad details involved in all phases of disaster management.
The committee concluded that IT has as-yet-unrealized potential to improve how communities, the nation, and the global community handle disasters. Briefings to the committee suggested that some progress is being made in using IT to enhance disaster management. Presentations made at its June 2005 workshop, additional briefings to the committee, and reports on responses to recent disasters indicated, however, that disaster management organizations have not fully exploited many of today’s technology opportunities. This situation stands in contrast to the considerable success enjoyed by some sectors such as financial services and transportation in adopting new IT technologies routinely and aggressively.
This report describes both short- and long-term opportunities to enhance responsiveness and increase resilience by applying IT to disaster management. As in other sectors, successful use of IT involves multiple factors—making smarter use of existing technologies, creating opportunities to develop and adopt new technologies, and evolving organiza-
tional practices to best employ those technologies. Accordingly, this report also examines mechanisms to facilitate the development and effective use of IT.
Short-Term Opportunities to Use IT
Although the committee believes that investment in IT research and development (R&D) for disaster management should be guided in the long run by a comprehensive, stakeholder-driven roadmap (see below), it also sees opportunities for short-term investment in a number of specific areas that would yield significant benefits. The committee heard of many instances in which responders were able to make use of readily available technology—either provided by their organizations or acquired personally—that proved valuable during a disaster. The network effects associated with many of these technologies can create a critical mass of users that provides a potential point of interoperability and cooperation across agencies. For example, ad hoc use of 802.11x wireless capabilities in laptops carried by some first responders, peer-to-peer use of Land Mobile Radio System (LMRS) radios, and use of Family Radio Service/General Mobile Radio Service “walkie-talkies” all can help to provide communications even when the communications infrastructure is damaged. Such technology options may already be in the hands of users but may not be deployed in disasters because policies and procedures for their use are not in place.
Other examples of “low-hanging fruit” include the following:
Use of sensors, wikis (editable Web sites), blogs, and data-mining tools to capture, analyze, and share lessons learned from operational experiences;
Use of database, Web, and call center technologies to establish a service to provide information about available equipment, materiel, volunteers, and volunteer organizations;
Use of planning, scheduling, task allocation, and resource management tools to help in formulating disaster management plans and tracking execution of the plans and to ensure timely recognition of problems and associated follow-up decision making; and
Use of deployable cell phone technology to rapidly establish stand-alone communications capabilities for use in disasters where local infrastructure is damaged.
To exploit such short-term opportunities involves identifying them, establishing policies and procedures for their use, and providing training to users.
Recommendation 1: Disaster management organizations should take advantage of opportunities for adoption of existing technology or adjustment of policies and procedures that would allow significant short-term enhancement of disaster management.
Key IT-Enabled Capabilities and R&D to Achieve Them
Making good decisions and taking appropriate action during extreme events require having access to communications, data, and computational resources that can be used to effectively coordinate a large number of geographically dispersed participants and assets, to exchange a wide variety of types of information, and to evaluate many scenarios and responses—all of which are changing dynamically.
The committee identified six key areas of IT-enabled capability (described in Box S.1 and discussed in more detail in Chapter 2) in which shorter-term development and longer-term research offer the potential for significant benefits:
More robust, interoperable, and priority-sensitive communications;
Better situational awareness and a common operating picture;
Improved decision support and resource tracking and allocation;
Greater organizational agility for disaster management;
Better engagement of the public; and
Enhanced infrastructure survivability and continuity of societal functions.
Some of these capabilities address rather specialized problems that do not have a large commercial market, although commercial technologies will provide many of the building blocks needed to realize the capabilities. Disasters are low-frequency events outside the normal planning horizons of most organizations, whose structure, operations, and IT systems are designed to ensure day-to-day efficiency rather than the resilience and scalability that disasters demand. As a result, current research and development efforts may not necessarily focus on developing IT capabilities in a manner optimized for disaster management.
As detailed in Chapter 4, IT R&D needs and opportunities are evident across a spectrum from adoption (off-the-shelf technology is available today) to adaptation (the technology is on the horizon and ready for transfer to disaster management) to development (the technology is on the horizon and requires development for use in disaster management) to applied research (disaster-management-specific research is required) to basic research (fundamental research is needed to develop new capabilities).
In government mission areas such as defense and energy, a research infrastructure has been built over decades to ensure long-term, mission-driven scientific and engineering advances—an effort that has included a long history of investments in IT. The Department of Defense, for example, funds a mix of shorter- and longer-term R&D carried out through the Defense Advanced Research Projects Agency (DARPA) and the service laboratories as in-house, university-based, and contract research. These investments are aimed at building a variety of capabilities, such as the military’s transition to a capability for network-centric warfare, that are also relevant to disaster management. To make the sort of IT-enabled progress in disaster management that is envisioned in this report, the disaster management community should also devote significant attention and investment to a long-term research program.
A number of agencies could play a role in developing and implementing such a program. The directly relevant mission of the Department of Homeland Security’s (DHS’s) Science and Technology Directorate is “to protect the homeland by providing Federal and local officials with state-of-the-art technology and other resources.”2 Other agencies have relevant capabilities in terms of IT and disaster-related research programs, modalities, constituencies, and existing connections with particular research communities, including the National Science Foundation (NSF), the National Institute of Standards and Technology (NIST), DARPA, the National Oceanic and Atmospheric Administration (NOAA), and the research laboratories of the armed services.
In a number of federal programs, multiple agencies work jointly to tackle broad problems. One possible model for such an interagency program is the Earthquake Hazard Reduction Program, in which NIST has a lead role and the U.S. Geological Survey (USGS), FEMA, and NSF are participants. Similarly, for disaster management, a lead agency (logically DHS) could provide a clear single point of responsibility, coordinate activities, report on progress, and so forth; the lead agency would not be responsible for all aspects of execution, which would fall to all of the participating agencies and their contractors and grantees.
R&D activities also need to be well coupled to the parts of DHS that are responsible for mitigation, preparedness, response, and recovery activities to ensure that requirements are grounded in operational needs and to ensure that solutions can be transferred into federal operations and the parts of DHS responsible for developing policy to ensure that technological and organizational questions are considered together.
Key IT-Enabled Capabilities
Recommendation 2: The federal government should leverage the capabilities of its agencies to carry out multidisciplinary research in pursuit of six key IT-enabled capabilities—more robust, interoperable, and priority-sensitive communications; better situational awareness and a common operating picture; improved decision support and resource tracking and allocation; greater organizational agility for disaster management; better engagement of the public; and enhanced infrastructure survivability and continuity of societal functions—and establish a coordinating mechanism for those research activities.
Roadmapping as a Tool to Engage Stakeholders and Inform R&D Investments
Until fairly recently, the technology choices facing most disaster management organizations were few, with much of the investment focused on building specialized communications systems in close partnership with
a small set of vendors. Today, the set of technologies to choose from is much wider, and many more choices are possible in any particular area. But because disaster management is a system-level problem, there are no IT “silver bullets.” Dramatic improvements in one area of technology or process may have relatively little overall impact unless other interconnected pieces are modified to make use of such advances. Too much invested in radios and not enough in logistics might mean, for instance, that one can call for help but cannot get it.
A clear vision of end-user goals, a detailed understanding of the individual pieces of the problem and their interrelationships, a detailed understanding of the required technologies, and defined paths for progress would help greatly to inform investment decisions. These are among the elements of a roadmap—an agreed-on, coordinated vision that can help organizations to plan development and investment strategies that can bring technologies together at the right time. Roadmaps are used in a number of sectors to accomplish this sort of alignment and cooperation.
A number of stakeholders, including first responders, public safety
and emergency management agencies, government officials, medical providers, volunteer organizations, infrastructure and transportation system owners, vendors, IT researchers, and disaster researchers, have important perspectives on how to build on existing organizations and technology where possible and how to drive the creation of new, cost-effective technologies and organizational structures where needed. However, an institutional home is needed to launch and sustain such activity.
Recommendation 3: The federal government should develop and regularly update an IT R&D roadmap for disaster management with the involvement of a full range of stakeholders.
IMPROVING ACQUISITION AND ADOPTION OF INFORMATION TECHNOLOGY
Adoption of IT for disaster management is challenging for a number of reasons, including the following (which are discussed in more detail in Chapter 3):
Disaster management organizations often lack the resources to acquire valuable capabilities.
The development and deployment of many promising technologies are risky and costly given the limited opportunities presented by commercial markets for these technologies.
In most agencies with disaster management responsibilities, there is no person or unit specifically charged with tracking IT, identifying promising technologies, integrating them into operations, and interacting with IT vendors to make sure needs are addressed.
Decisions regarding IT tend to be made independently by local organizations that must work together in disasters.
Disaster management is concerned with environments that are intrinsically uncertain and unstable.
Important sources of funds are typically only available once a disaster has been declared and also must be spent in a short time window.
Diversified Acquisition Strategy and Attention to Design Issues
Disaster management has traditionally relied heavily on specially built technology and on a traditional “waterfall” acquisition model in which a full set of specifications is developed and a vendor is selected to build a system in compliance with the specifications. In the commercial world and in sectors such as defense, there is growing acceptance of a richer, more diversified acquisition strategy that employs a mix of tradi-
tional (purpose-built) systems, adoption and adaptation of commercial off-the-shelf (COTS) technology and services, and use of open source software, open standards, and community-driven development approaches. Such a strategy for disaster management should draw on the strengths of the traditional vendor community yet also foster bottom-up development as a complement to traditional acquisition practices and more formal top-down development; tap the nation’s technology base; and also encourage the “can-do” spirit of commercial developers, professionals, and volunteers involved in disaster management.
As mentioned above, COTS technology alone is unlikely to deliver all of the desired capabilities. But it is important in two ways—(1) adoption and adaptation of readily available technologies offer a path for building up disaster management capabilities in the short term, and (2) the interoperability often characteristic of COTS technologies makes them useful as building blocks for disaster management systems.
Recommendation 4: Federal, state, and local agencies should embrace a diversified acquisition strategy that includes increased use of commercial information technology and greater use of open source software and open standards development as a complement to more traditional acquisition approaches.
Reliance on turn-key systems has meant that disaster management organizations have paid less attention to the underlying design issues that ultimately affect the functionality of their IT systems. Often technologies have been acquired as stand-alone products with little consideration for how they integrate with other technologies already in use, even within the same agency. However, with networking becoming increasingly pervasive, careful attention should be given to how each particular IT system fits into the broader context of interconnected systems. Off-the-shelf technology such as desktop computers or network routers can provide basic building blocks, and some elements of design are also well established such as the Internet Protocol standard for packet networks, but a domain-specific architecture understood and owned by the organization is also needed. To accomplish this, organizations have to develop the necessary technical and technology management capabilities.
Recommendation 5: Disaster management organizations should work closely with technology providers to define, shape, and integrate new technologies as a coherent part of their overall IT system.
The committee believes that more can be done to embrace proven approaches for IT acquisition. Best practices for acquisition include an
emphasis on iterative development, increased opportunities to test and evaluate technology in practice together with realistic concepts of operations, and design and evaluation processes that allow for strong coupling among practitioners, researchers, and industry.
The committee also identified four design principles (discussed in more detail in Chapter 3) that have particular importance for disaster management systems:
Build emergency management systems for effective scaling from routine to disaster operation;
Exploit redundancy and diversity to achieve resilience;
Design systems with flexibility, composability, and interoperability as core guiding principles; and
Distinguish between the user interface and the underlying technologies used to deliver a capability.
Training and Practice Through Routine Use of IT
Unless experience is gained through routine use or regular training, the full benefits of investment in IT systems are unlikely to be realized. Training, drills, and exercises all play an important role in the introduction of new technologies into organizational practice. Moreover, it is through routine use that the competence and confidence required to successfully use a technological capability, especially in the high-stress situation of disasters, are best developed. However, training large numbers of people to deal with infrequent events poses logistical challenges and is also costly.
Recommendation 6: In the design, acquisition, and operation of IT systems, disaster management organizations should emphasize the incorporation of disaster response capabilities into the systems that support routine operations.
Measurement and Assessment to Enhance Effectiveness
As the saying goes, one can only manage what one can measure. Because the resources available for disaster management are limited, decision making always involves tradeoffs. Weighing the benefits from particular IT investments against the returns on other sorts of investment is challenging. Although having measures of effectiveness is necessary to making such assessments, few applicable metrics are currently available.
Above all, acquisition of IT and associated organizational changes
should be driven by a focus on improving the effectiveness of those whose actions are integral to effective disaster management. The emphasis should be on measuring the resulting net effectiveness of disaster management activities, not the performance of the IT per se. For example, rather than focusing on the performance of particular systems (e.g., a firefighter radio system has 90 percent coverage), it is important to try to gauge net effectiveness (e.g., better communications coverage allows firefighters to better coordinate their response, improving capabilities for fighting forest fires by 20 percent). The development of such metrics is an area for further research.
Recommendation 7: Disaster management organizations should employ metrics to inform cost-benefit decisions for investment in IT for disaster management and should make enhanced end-user performance a primary objective of disaster management acquisition programs.
Independent mechanisms for assessment, such as the Transportation Safety Board, the U.S. Chemical Safety and Hazard Investigation Board, and the NASA Aviation Safety Reporting System, have proven useful in their respective domains. A critical requirement of these organizations is their independence from the agencies that have operational responsibilities. It may be advantageous to employ several organizations rather than a single national one, with each one focusing on a particular type of disaster or the range of disasters typical in a particular region. It is also important for assessments to be founded on multiple areas of expertise, including technical, social, and organizational dimensions. Obviously, the effectiveness of IT use is just one facet of an assessment of the overall effectiveness of disaster management activities for any particular incident, albeit an important one.
Recommendation 8: Disaster management organizations should make use of independent mechanisms for assessing the effectiveness of disaster management operations, including the use of IT, and for disseminating lessons learned and best practices.
Systematic Collection of Data
It is well understood as a result of endeavors in many areas (e.g., aircraft accident investigations) that making significant improvements depends on putting in place processes that allow learning from experience. IT can play a critical role in enhancing the science of disaster man-
agement by helping to support continuous improvement. Collecting adequate and trustworthy data is essential for the feedback necessary to drive improvements in disaster management.
Doing so requires better documentation of disasters and the responses to them, including the role of supporting technology. The widespread introduction of IT into disaster management provides opportunities for large-scale, automated, comprehensive collection of data about operations, decision making, and situational knowledge throughout a disaster. This information can be processed after the fact to improve understanding of the process of disaster management. IT can also help to make these lessons learned available in real time, putting them into the hands of decision makers when they are most needed.
Accomplishing this goal requires enhanced technical capabilities to capture data during the course of a disaster. In some cases, it may be necessary to find ways to anonymize data so that accurate statistics can be gathered without the difficulty of dealing with potential liability issues. Policy changes (analogous to the adoption of Good Samaritan laws3 ) may also be needed to ensure that individuals involved in a disaster response can be protected from liability (e.g., amendments to the Health Insurance Portability and Accountability Act [HIPAA] may be needed). Legislation may also be needed to ensure that intellectual property, privacy, liability, and other concerns of information providers are addressed if they are required to share such data for research purposes.
COUPLING RESEARCH AND PRACTICE
Effective development, use, and deployment of IT depend on a solid understanding of context and user needs. Moreover, the introduction of new IT often presents opportunities for new organizational approaches, and these opportunities should be considered in reorganization efforts. Similarly, successful technology development requires consideration of organizational context.
This issue of co-development of technology and organizational practice seems especially important at present. In the wake of Hurricane Katrina, a number of organizational structures, policies, and procedures are being examined. Also, a number of relevant technologies have reached a sufficient level of maturity to allow innovative organizational approaches to disaster management.
The interdependence of technology and practice suggests that developing a cadre of people with expertise in both disaster management and
IT is likely to yield significant payoffs. Such a cadre of people is likely to be more astute at translating user requirements to technical needs. One basic need, of course, is to train a group of first responders and others responsible for disaster management in IT skills that go beyond those of a general user and to train a group of IT workers (e.g., database and system administrators and application builders) to have domain expertise in disaster management. Deeper expertise spanning both domains could be fostered through a number of mechanisms, including the following:
A combination of fellowships, shorter-term visits to research centers, and other training and educational activities that help technology experts and other practitioners to stay abreast of the latest developments in both practice and technology;
Field tests and field work conducted by IT researchers working with disaster management practitioners; and
Combined disaster management-IT expert teams that jointly analyze the performance of processes and systems after a disaster.
Recommendation 9: Disaster management organizations should support the development of a cadre of people with expertise in both disaster management and IT.
Especially in light of the significant non-technical factors affecting adoption of IT for disaster management, it is critical to establish mechanisms that ensure that researchers are exposed to real problems and that practitioners are exposed to new technology opportunities. Because most practitioners are distributed across local agencies, forging such ties is likely to be harder in disaster management than in sectors like defense, but it is no less important.
Collaborative research centers could bring together experts from diverse domains in a neutral environment conducive to collaboration. Such centers could (1) develop a shared understanding of the challenges in all phases of disaster management from both a technological and an organizational perspective, (2) evaluate the application of technology advances to disaster management practice, (3) develop a culture and processes for transitioning knowledge and technology to the operational communities on a sustained basis, (4) build human capital at the intersection of IT and disaster management, (5) serve as repositories for data and for lessons learned from past disasters and disaster management efforts, and (6) provide forward-looking analysis to inform the development of technology capabilities, associated organizational processes, and roadmap development. A number of academic centers exist that offer a capacity for at least some of these efforts.
Practitioners in multiple disciplines could contribute to such centers, including scientists, engineers, and hazard and disaster researchers, and centers should include partnerships with federal, state, and local disaster management agencies. Indeed, it is critical that experienced and capable officials and operational elements of disaster management organizations be deeply involved in the work of these centers. One approach for engaging these groups would be to provide incremental funds to agencies specifically for working with researchers and developing next-generation technologies. Having multiple centers (rather than a single entity) also helps to ensure healthy intellectual competition, cross-fertilization of ideas, specialization in specific types of disasters and specific technology capabilities, and attention to the comprehensive needs of particular geographical areas.
Research centers could also act as a resource for agencies seeking to implement a diversified acquisition strategy and incorporate the latest best practices and a mechanism for disaster managers and responders to share experiences and communicate requirements to guide further technology developments.
Recommendation 10: The federal government should sustain (and develop as needed) a network of research centers where IT researchers, hazard and disaster researchers, and disaster management practitioners can collaborate to study and evaluate the use of IT for disaster management from both a technological and an organizational perspective, to transition knowledge and technology to those who practice disaster management, to build human capital at the intersection of IT and disaster management, and to develop future IT capabilities.