06/23/10 EIIP Virtual Forum Transcript: CIKR Protection and Resilience

EIIP Virtual Forum Presentation — June 23, 2010

Critical Infrastructure and Key Resources
Protection and Resilience

Darrell L. Darnell
Associate Vice President for Safety and Security
George Washington University

Amy Sebring
EIIP Moderator

The following has been prepared from a transcription of the recording. The complete slide set (Adobe PDF) may be downloaded from http://www.emforum.org/vforum/CIKR/CIKRProtectionAndResilience.pdf for ease of printing.

[Welcome / Introduction]

Amy Sebring: Good morning/afternoon everyone. Welcome to EMforum.org. I am Amy Sebring and will serve as Moderator today. We are very glad you could join us.

Today’s topic is "Critical Infrastructure and Key Resources: Protection AND Resilience." Since we have never addressed this topic in the Forum before, we thought it would be a good time to learn more about current trends and how this might possibly relate to emergency management.

Now it is my pleasure to introduce today’s guest:

[Slide 1]

During this past year, Darrell Darnell served as Director for Critical Infrastructure Protection and Resilience Policy with the White House National Security staff. He previously served as Director of the District of Columbia Homeland Security and Emergency Management Agency and has recently assumed the position of Associate Vice President for Safety and Security at George Washington University.

It should be noted that Darrell is not representing any of these organizations today, rather his own personal experience and thoughts on this topic.

Darrell was a 2006 senior fellow at the George Washington University Homeland Security Policy Institute and a Founders Award recipient from the Naval Postgraduate School's Center for Homeland Defense and Security for his role in the development of the first Master of Arts degree program in Homeland Security and Defense, offered by the Naval Postgraduate School on behalf of DHS.

Please see today’s Background Page for further biographical information and related links. Welcome Darrell, and thank you very much for being with us today. I now turn the floor over to you to start us off please.

[Presentation]

Darrell Darnell: Thank you, Amy. Just to jump right into it—why critical infrastructure, key resources protection and resilience? As many of you who are participating in this web forum know, a lot of our critical infrastructure and key resources (I’ll probably use the acronym CIKR or CI as we go along, because that’s a mouthful there), really the focus of our CIKR protection and resilience, really the focus was on protection.

A lot of this was in response, obviously, to 9/11 and other terrorist events, where the thought was that we need to protect our assets from deliberate attacks and violence and a lot of the guiding documents—Homeland Security policy Directive 7, the CIKR strategic plans for cyber security, infrastructure protection guidance, and so on—really spoke to, for the most part, protecting assets and not a whole lot about resilience.

As we’ve moved along, the thought has been that now we have to have a combination of both. There are some assets that require a pure protection focus, others that require resilience, and probably more often than not, a combination of both.

I think what you’ll see in the community, and certainly at the federal level, if you take a look at the 2009 National Infrastructure Protection Plan, which emphasizes protection and resilience, far more than what it did in the initial document which was published in 2006. Also, if you take a look at DHS’s most recent publication of Quadrennial Homeland Security Review, or the QHSR, which also emphasized a need for resilience as well as protection.

[Slide 2]

With that backdrop—why protection and resilience—and to just to expand on that point a little bit more—we live in a day and time when we have network-centric organizations and interdependencies (some would call them lifelines), but the point is, we have supply networks—transportation, electrical power, oil and gas, water distribution networks and so on, that are highly network-centric organizations, interdependent, and really don’t lend themselves to purely protection architecture.

These systems are very, very interlinked, very interdependent, and the fact of the matter is, they are going to experience some type of degradation, whether it is intentional, whether it is accidental, and so on. The point is they have to be protected but they also have to have resiliency built into those systems in order for them to be maintained, to operate and be sustained over time.

Cyber networks, tele-control systems, SCADA networks, and in particular banking and finance—obviously we live in a global economy now where all types of transactions are made electronically, from grassroots transactions, the simple matter of someone going to an ATM machine and requesting funding out of their own checking or savings account, or millions of dollars worth of transactions that take place every day between our financial institutions.

Along those lines, I think we would be remiss if we didn’t recognize where the human element comes into play. Obviously, we have these supply networks, these cyber networks and these types of things, but they are operated and managed by people who can make mistakes. Problems can ensue.

The one that recently comes to mind was several weeks ago when the stock market precipitously not crashed, but it dropped precipitously because of an error that a trader made on the floor. It quickly bounced back, but there have been mechanisms built into place to recognize those types of things, and again, protect the system and make it more resilient.

I think we have to be cognizant of the fact that there is a human dimension, which leads me to my next point, not from a management or supervision standpoint, but more so from the fact of how it effects communities. Our critical infrastructure and key resources are here to support communities and individuals and not the other way around, but in order for the systems to remain resilient and be protected, a lot of this depends on income, economic growth, politics, the level of awareness of people in the community about what is going on.

To talk about this a little more, I think a good example of this is what is happening in the Gulf Coast, with Deep Water Horizon and the spill there, and how vulnerable that particular part of the country was to a calamitous event, and calling into question how well the community was prepared, as well as BP, to handle something like that.

Already, BP—I think the latest figure I heard that they had paid out is close to 80 million dollars in claims, and counting. That speaks to the vulnerability in the human dimension that entails when you talk about CIKR protection.

[Slide 3]

I think another issue to look at is we can’t protect everything because of a lack of resources and need to prioritize and those different kinds of things to maintain resilience, but the world is moving to a more urban environment. According the United Nations, by 2030, 60% of the world’s populations will live in cities. We’ll actually in real numbers go from somewhere near 1.9 billion people to 3 billion people by 2030.

Most of these will be concentrated in our major urban areas and cities. Will these become natural targets for deliberate violence? We know that while we do a pretty good job of thwarting most acts of deliberate violence, there are going to be instances where this happens. These urban areas of population clearly will be natural targets.

Our global transportation networks and population density make them ideal centers for disease as people travel easily from one part of the country or world, potentially taking with them diseases. H1N1 is a good example of that last year, and the rapid spread of that from Mexico to the United States and other parts of the world.

Also, the concentration of economic assets and people makes them highly susceptible to damage from national disasters. Again, by using the Gulf Coast as an example, if this were a far worse disaster than it was, it could potentially affect not only the 4 primary gulf states—Louisiana, Mississippi, Alabama, and Florida—but it really has the potential to affect 26 other states within our borders in terms of supply, production, goods and services and so on.

[Slide 4]

The third point to really focus on in protection and resilience is really the ambiguity of defining risk and costs of investing in protection and resilience. Most of the people who are participating in this seminar today would know that we have had a difficult time over the years in really defining what risk is—what are our priorities, and those kinds of things.

I would argue that as we go through this process, because of the ambiguity of it, because risk and vulnerabilities and what are our priorities varies from state to state, city to city, region to region. On a national level, our investments should seek to minimize risk across society as a whole versus individual events. I have in parentheses "all hazards" and a question mark, because I think it is taking a look at CIKR protection and resilience, not only from trying to protect or build in resilience from deliberate acts, but also from natural disasters as well.

I have kind of commented on that a little bit. Also, not just for an individual event—using again the Gulf Coast as an example, looking at some of the secondary and tertiary problems that have been associated with the spill—it is not just the oil and loss of jobs for people who work on those rigs, we’re talking about the environment, tourism, all these different types of things that come into play here.

We need to make investments that both, again, expanding on that point, enhance resilience against attack or disaster. If we take a look at what has happened recently in Nashville and Arkansas with flooding, tornados in Minnesota, North Dakota, and some of the other Midwest states and the Gulf Coast, it is clear that we can’t just focus on terrorism, we can’t just focus on natural disasters—we have to focus on them both.

We have to make investments that invest in our long term security and involve some innovated techniques. A strong, resilient society benefits us all. It helps us in our counter-terrorism techniques. It helps us build new technologies and so on. I think we have to be cognizant of the fact that fragile communities are more susceptible to disasters or attack and they are more likely to experience subsequent weakness and failure in the aftermath of an attack or disaster.

I have Chile and Haiti as examples of that—two countries that experienced earthquake—Haiti, having a very poor economic base, having substandard standards for dealing with the earthquake. Compare that to Chile—has a fairly robust economy, has the resources to withstand a similar type earthquake, and then they have standards in place to protect their CIKR.

[Slide 5]

It leads to how we define protection and resilience. There has been a lot of discussion over the last year or 18 months about what resilience is. Is it a concept? Is it a philosophy? Is it something concrete, so to speak, as protection? There are many different definitions of it. There are a couple here that I would like to highlight that fit what we’re talking about when we speak about resilience.

The first is from Allenby and Fink. There is a reference page at the end of this presentation for information on this. According to Allenby and Fink, it is the capability of a system to maintain its functions and structure in the face of internal and external change and to degrade gracefully when it must.

I think the point here is that there is always going to be some type of internal changes to our system that we have to protect, that we have to make resilient, whether it is from the example I used about the stock trader making a mistake on the New York Stock Exchange, or some type of accident, or something like, or external change, which is the least thing we can predict, whether it is internal or deliberate or some natural disaster, accident, or something like that.

What is interesting about this is, which I’ve not seen in a lot of literature, is to "degrade gracefully when it must". I think what is interesting is we’re going to have some systems that won’t come back, that will have to degrade, and will have to adapt to some new system.

There is a tendency to think we can always bring things back to the way they were. In some cases, there may be a case where we have to let something degrade gracefully so we can build better. That’s something we don’t always take into account when we talk about protecting our CIKR and making it more resilient.

We have to have resilience for both physical and social systems. Some of the literature thinks it can be conceptualized as having 4 qualities of robustness, redundancy, resourcefulness, and rapidity. Robustness is the strength or resistance to withstand external demands without degradation or loss of functionality.

Redundant systems so we have choices and options and substitutions when we have stress on our systems, and those different types of things. Resources—to mobilize resources in times of resources, and the speed to which we can overcome a disruption and get back to full functionality.

[Slide 6]

Protection—this is taken from the NIPP—actions to mitigate the overall risks to critical infrastructure, key resources assets, systems, networks, functions or their interconnecting links. You can see the rest of that on the slide. What is interesting about this in the subset is that in the definition of protection within the NIPP, it also links resilience.

As far as I can tell in my read of the NIPP, there is not a separate definition for protection, and not a separate definition for resilience, but really linking resilience, not necessarily as a subset of protection, but clearly as a part of it.

As you can see in that last sentence, "building resiliency and redundancy, and incorporating hazard resistance into facility design", and it goes on and on within the NIPP. That is a public document that I’m sure many of you have taken a look at, or you have the ability to take a look at. Again, I think it’s interesting that the NIPP does not define them as two separate functions, if you will, but protection and resiliency as one definition.

[Slide 7]

If we buy into the premise that we have to have both, how do we implement protection and resilience? Some of the literature I found that I thought to be very useful as leaders think about these things, is first of all, awareness.

I think to protect what is critical to us, to build in resilience, to make sure that it can adapt, it can bounce back, it can take a punch and get back up standing, is that the public needs to be concerned about disasters and the operation of critical infrastructure, and the support that is required to do it, and the investments that are required in order to protect and make resilient our assets.

That’s one thing we don’t particularly do a very good job in terms of risk communication in making the public aware, not only when there is a crisis or a disaster or an attack or something like that, or prior to that, so we can take those steps to do it. Also, making the public aware that they have a role to play in this process—it is not just something that government or private industry, but it is also communities making themselves prepared individually, as a community, as a city, a state, and so on.

The second area in order to do this requires leadership. This is the probably the least predictable, because this requires our public officials, elected, senior appointed officials, and private industry leaders to really promote and implement protection and resilience, and develop the policies and tools that support and encourage this.

You can make the case again that we tend to do a better job of this when something goes wrong, but we don’t do a very good job of this in getting people ready before. Those of you who are participating in this seminar as emergency managers, I think you probably know that more so than others—that it is very difficult to get people engaged and to become prepared prior to an emergency.

Generally people are more engaged when they feel there is a reason to do so, or they’ve had some kind of crisis in the past that has caused them some type of hardship or burden. In order for it not to happen again, they become more prepared as an individual, as a community, or as a society. The point is, somehow we have to figure out a way to reverse the paradigm of human nature—to worry about things before they become a problem, versus worrying about them once the problem occurs.

Thirdly, I think, planning—creating plans that reduce or mitigate the threat, generate a warning time to implement or adjust plans, or reduce potential costs if we know about a potential threat. If we know about an impending disaster, obviously we’re in hurricane season right now, where something like this will come in to play—mitigating events as they occur, and planning short-term responses in recovery and long-term recovery capabilities.

I think this is very important—long-term recovery capabilities. We know we’re going to have natural disasters, for example. We don’t know what the extents of those natural disasters are going to be, but we know we are going to have them. We can’t prevent them. It behooves us to not only worry about short-term how to deal with that, but what are the long-term consequences.

What do we want our communities, our cities, our towns, our states to look like if, for example, we were to experience a category 4 hurricane in Miami, and it wiped out a major part of Miami? Do we want to rebuild the city to what it looks like today? Do we want to make it better? Or, do we want to let it degrade gracefully, similar to Allenby and Fink’s point?

I think those are things we have to think about now, and really engage the community, the private sector, and government, and really take a look at those plans and doing those what-if scenarios to really figure out what are our resources and how are we going to allocate them, what are our priorities, and really have a good sense of what we want our community to look like if, God forbid, we were to have something like that that caused us to make those kinds of decisions.

Really trying to make those decisions or have some sense of parameters of what those decisions would be ahead of time so that it makes that recovery that much more possible, and you have the buy in from the community on what that needs to be like. Drills and exercises to reveal weaknesses that hopefully will lead to improvement in operations—clearly, if we can do some of these things, I think good planning allows operators to improvise, and skilled improvisation enables operators to adapt to field conditions.

Those of us who have been involved in planning know that no matter how well you plan and put together a plan, there are going to be some things we didn’t foresee. To the extent you have good planning, you have drills and exercises, I believe that when people are in the middle of responding to an event, because of that, they will be able to improvise and make good decisions as the incident unfolds.

Finally, resource allocation—this is not inexpensive, it’s not cheap, and if we really want to sustain our critical infrastructure it requires adequate financial resources and long-term commitment. If we take a look at, for example, our electric grid and water distribution systems, as just 2 examples, the systems that are in place, not only in our local communities, but across this country, are very old, in some cases, very antiquated.

We’ve sort of been doing, not necessarily as a policy, but just kind of been doing, at least from my experience, is rather than having an overall strategic plan of allocating resources over time as to how we’re going to bring some of these systems up to 21^st century standards to make them better protected and more resilient, we kind of do it in an ad hoc way as things break down, versus making a long-term commitment.

Again, those of you who are in the emergency management arena, I’m sure this is something you deal with on an everyday basis. You take a look at some of the flooding in Nashville, you take a look at some of the major power outages that we have on a regular basis during the summertime, when electrical use is at its peak, with all the different technological advances that we have and people have devices that are running 24 hours a day put an incredible strains and demands on our systems.

In my experience, we haven’t kept pace with that. These require long-term commitments in time and money, quite frankly. In order to achieve the level of protection and resilience we’d all be comfortable with, at some point, we’re going to have to make those investments.

[Slide 8]

That’s my presentation. This is a reference page of some of the good work that has been going on in this that I used in reference for this presentation.

I think the larger point I would like to make is that it is not an either-or proposition. It’s not CIKR resilience, or CIKR protection; it’s a combination of both. I think to the extent that we can recognize that and build policies and programs and provide the tools for private industry, the private sector, government officials, and for the community to understand that, the better off we’ll be in achieving the level of protection and resilience that we can reasonably say meets the needs of our local, state, and national priorities.

I welcome any questions at this point.

Amy Sebring: Thanks very much, Darrell. Now, to proceed to our Q&A.

[Audience Questions & Answers]

Question:
Amy Sebring: Most of the infrastructure is in the hands of the private sector. I have two questions in terms of what the government can do when the infrastructure is owned privately. What is the role of government, and in your experience, are the private sector organizations embracing that concept beyond security issues?

Darrell Darnell: I’ll answer the second part first. I think private industry is embracing this concept. I think many of them are already, to a certain level, building resilient programs and tools into their systems because it is in their best interest.

If you take, for example, the energy sector, electric and gas, and so on, just because of their business model and those different types of things, they experience failure on almost a daily basis. They have to have resilient systems in order to get back up quickly and running, and to not have complete failures and those different types of things. From what I’ve seen, they welcome an emphasis on both resilience and protection. They also welcome a focus on an all hazards approach and not only just from emphasizing security and deliberate attacks, because that is what they deal with on a daily basis.

I think emergency managers and public safety officials in cities and states would pretty much say the same thing. As much as we have to guard against terrorism, and no one will take their eye off the ball when it comes to terrorism, the fact of the matter is we experience disasters on a much more regular basis, and the consequences of those are just as devastating, if not more so, than a deliberate attack.

The first part of your question—what can officials do since a lot of it is owned by the private sector—I think what public officials can do is really put policies in place that encourage the private sector to invest in those types of things, and do a good job of educating the public of why this is necessary. Quite frankly, in most cases, there is a cost concern. There is a cost to this.

I think the best example that I know of was several years ago when Shirley Franklin was elected mayor of Atlanta, she realized that in the water distribution and sewage system in Atlanta—they had a real problem. In order to really fix it, she was going to have to raise taxes. I thought she did a very good job of educating the public on why this needed to be done, why if they didn’t do it, what would be the consequences of it.

She was able to pass through a tax increase to pay for that specific thing, and in effect, to start rebuilding the water distribution system in Atlanta.

Comment:
Pete G: I recall a mention of "ad hoc" adaptation of existing infrastructure in the presentation. In my role building resilience in infrastructure, ad hoc and incremental change is the norm and maintains the system integrity. Usually government regulation slows adaption.

Darrell Darnell: I understand. His argument is, if I understand his question and his argument correctly, that ad hoc (and I did mention ad hoc) in some cases, for example, if a water main breaks, then the water company decides they are going to replace a water main that was 75 years old. We experienced that in the Washington, D.C. area 2 year ago, I think it was, where a water main broke and that pipe was 60 years old.

The question is—is it more cost effective to do that on an ad hoc basis, or is it more cost effective to develop some overarching plan that really does that on a more systemic basis? I don’t have all the answers to that. You can argue it both ways. That was really the point I was trying to make. It seems he is saying that government regulation makes it difficult for private businesses to do that from any time of systemic way.

He may or may not be right—I don’t know. I think that goes back to my point about leadership—really putting in the tools and policies in place to make those things happen.

Question:
Richard Vandame: Has there been any discussion on how to measure or determine how well prepared they are?

Darrell Darnell: I think that is the question that people are grappling with right now. There is a recognition that we have to measure it. I think what you will be seeing, at least at that national level, as a part of the next iterations of NIPP as they go along, is the development of metrics on how prepared we are, how protected we are, and so on.

I think that is an ongoing process and an iterative process, quite frankly, and it’s hard. I don’t think anyone will say that it’s not. It’s hard to do that because we have so many definitions of what is an adequate level of protection and resilience on the one hand, and I think also it is really hard to define how prepared is prepared. In other words, what is the standard we want to get to.

I know there is a recognition that we have to have metrics, but the devil is in the details.

Question:
Paul Hogue: Should long-term recovery planning for CI be considered a separate planning concept from response planning, or should it be considered part of the planning process, as jurisdictions create/update their plans?

Darrell Darnell: My own person view is that they should be integrated. What is the purpose of response planning? The purpose of response planning is to protect your critical infrastructure. The purpose of response planning is to mitigate loss of life, loss of resources and so on.

In my view, I think they should be integrated. I think you could do them separately, but you could do them better. I think you would have better planning if you integrate those two and you understand why it is you are responding, what it is you are responding to, what is that goal you are seeking to seek in a response situation, in the short-term, in the long-term, and also in terms of short-term and long-term recovery. In my view, they should be integrated.

Question:
Robin Stauffer: Are you familiar with the evolving PS-Prep Program [Private Sector Preparedness Program] and if so, how do you see that program impacting our strategic CIKR programs and strategies - specifically, how do you see the public-private relationships changing?

Darrell Darnell: I am familiar with PS-Prep, and if I’m not mistaken I believe DHS recently released it, or is about to. I think it is a good first step of really engaging the private sector. As you know, that was something that was required, if I’m not mistaken, in the Post Katrina PKEMRA Act. At any rate, I think it is a good first step. I think it is a good way of getting the private sector engaged.

Again, I think the BP offers a good example of where you had the private sector that was operating as they should, as a business entity, required to have some kind of emergency planning and so on. But it was clear that the level of planning and response to a disaster was not fully integrated with the level of planning with those Gulf Coast states. To the extent that was can put together some kind of program where we can have that kind of integration with the private sector behooves us all.

I think PS-Prep is a good start. I think, like any program, it’s probably like any program that is new. It will probably have some difficulties as people work out exactly how the public-private partnership is going to work and there will be some iterations of it to make it better. But it’s a great first step.

This is where the leadership piece comes in, where having a program like PS-Prep and having policies in place where we can encourage the private sector to be a part of this, and hopefully that will translate to the public as well.

Amy Sebring: If I’m not mistaken, I believe the PS-Prep really started back with the 9/11 Commission Recommendation.

Darrell Darnell: It may have been. I’m not exactly sure when it was. I think the good thing now is the DHS finally has a formal program that is good for us all.

Question:
Bill Johnson: My question applies to your perception/experience in public sector (government): Would you say that the most common justification for agencies who fail to build infrastructure planning, or EM planning at all is "It ain't happened to us," or "We don't have the resources (finance and/or skills) to put forward to build or exercise such planning? How have you seen this successfully countered, if at all?

Darrell Darnell: From my experience, it’s a matter of having the resources and the people who have the skill sets to do it. It’s very difficult to do that kind of planning and determine what your critical infrastructure is. Those resources and the skill set—and the third piece of that, I think it boils down to priorities.

In today’s economic environment where resources are really scarce, I think that makes it even more difficult. It boils down to this—I don’t think it’s that people don’t want to do it, I think it boils down to in today’s economic climate—resources and skills like I said—but also the economic climate, it really is a trade off, and it comes down to what are your priorities.

Are you going to spend money long-term into what the public wants now—safe streets or reduction in crime, the trash picked up every day, good schools, those different types of things, good health care, or are you going to invest that money into retrofitting some buildings to make sure they can withstand a potential blast level?

Those are difficult decisions for local leaders to make. Again, it becomes a matter of political will, what the community views as priorities, and those different types of things. That’s my experience in it. Again, resource allocation, skill set to conduct, risk assessments and those different types of things, and once you identify that, there are plenty of cases where people know what needs to be done, but there may be other priorities. I think it’s possible to work through that, but unfortunately, it appears that you work through it with people who have experienced it already. New York City is a good example.

Because New York City has experienced terrorism first hand, for example, because they had an airliner that went in the Hudson River last year, because they just had the most recent incident in Times Square, there is a level of resource allocation in terms of funding, people, equipment, and those types of things, that New York City is able to do, because the local leadership think it is important, and in my opinion, most importantly, the citizens think it is important.

Question:
Christopher Tantlinger: Compliance drives the economic prioritization of most private sector facilities with which I am engaged. The major compliance initiatives do not appear to enhance or parallel CI/KR relationships yet. What is being done to dovetail compliance and the protection / resilience initiatives?

Darrell Darnell: That’s the difficulty of it. I get his question, that compliance drives it. But what level of compliance do you want to get? What is it that we are willing to tolerate, if you will? There are many agencies that have, from a federal level, and even at a state and local level, that are trying to work through how much compliance and regulatory processes to we put in place that align with a CIKR priorities, but at the same time, don’t stifle innovation and entrepreneurship.

That’s the difficulty in trying to figure that out. Going back to the earlier question with the gentlemen about ad hoc processes and government regulations getting in the way—I hate to sound redundant, but the Gulf Coast is a good example in that now there is a lot of criticism, rightly or wrongly, with the federal government and the Mine and Mineral Safety Office in particular—did they exercise enough oversight and compliance over BP or the oil industry in particular?

Or, was it too lackluster in the name of making sure we didn’t stifle innovation and entrepreneurship and those types of things? That is always going to be an ongoing issue.

Question:
Amy Sebring: Has our lack of resilience, or vulnerability, across the CIKR been measured in any systematic way, other than how many facilities do you have—that seems to be for the grants. This goes to your point on public awareness. Until we have a failure of a system, like a massive blackout, I wonder how aware people are that we’re very close to the edge on some of these systems. They are not redundant—there is always a "just in time" approach to delivery of services. My question is, do you think it would be helpful to have a comprehensive look at the vulnerability of our systems?

Darrell Darnell: I think that is an ongoing thing. DHS publishes an annual CIKR protection study that tries to capture on a national level how vulnerable we are, and how protected we are. I think we are a resilient nation in a lot of different ways—our systems, our communities, and those different types of things. If you look at the history of it, we have become more resilient after something happens.

What we have to ask ourselves is that a model we can continue to keep going forward on, from a purely financial standpoint? We have disasters. We say we’re not going to let this go again, and then we spend a lot of money trying to prevent it. Is it more cost beneficial to respond that way, or is it more cost beneficial to build that into the system ahead of it?

In other words, is it more cost efficient to put sprinkler systems into your home as your building your house, or do you want to put the sprinkler system in there after you have a fire? Then it becomes more expensive because now you have to rebuild after the fire, and you have to retrofit your house for the sprinkler systems and so on. That’s the question we have to ask ourselves.

Question:
Paul John: Can you provide suggestions or experiences on communicating to the public the concept of "degrading gracefully" the infrastructures like water and sewers?

Darrell Darnell: That’s where it really comes in that you have to have the community buy in. Some of the things you will see coming shortly in terms of the federal government with regards to long-term recovery, is having a government structure that includes community members, professionals, local leaders, appointed leaders, non-governmental organizations, and so on, to really take a look at those different types of things, so that the public really understands what the issues are and they have some buy in and ownership into the process.

If you take Hurricane Katrina, for example, I think (and this is my own personal opinion) one of the reasons why New Orleans is still having a difficult time 5 years after Katrina coming back is that no one really understood, no one really sat down as a body, as a full community, and said, "What do we want New Orleans to look like if X happens?"

What you have is, you have some communities that are doing very well down in the New Orleans area, and you have other parts that aren’t doing anything—that are very slowly coming back, or quite frankly, might not come back at all. There’s a split of is it really worth our investment to try to bring back X community, whereas the people who live in that community say, "Yes, this is all of our homes. We want it to come back."

There wasn’t really a governing structure in place ahead of time to really talk about those things. Even if they had talked about them, there wasn’t a governing structure in place so now that this happened, now what do we do? If you really want the public to get involved and make decisions about those things that we want to bring back, or things we want to let degrade or degrade naturally over time, that’s a discussion in a governing structure that has to be put in place where all the stakeholders who have a stake in it are involved and help make those decisions and have ownership of it.

Question:
Avagene Moore: Darrell, if you were king for a day, how would you push and implement holistic planning across the country that includes the private and public sectors as well as citizens? It seems to me that we are stove-piping too many efforts when we know better.

Darrell Darnell: Thanks, Avagene, for that easy question. What I would do from a federal perspective and a grant process perspective, I would have more integrated grants. That’s based in money, and funding drives a lot of this. To the extent that I could, rather than having separate grants coming out of FEMA, separate grants coming out of the Education Department, separate grants coming out of EPA, separate grants coming out of Health and Human Services, I would have grants that had all of those wrapped into one.

If you weren’t addressing all of those particular things at one time, you couldn’t get any funding. As it stands now, FEMA gives out planning grants for hazard mitigation, for example. The Education Department gives out education disaster planning grants. Health and Human Services gives out public health disaster planning grants.

Theoretically, all of these entities are supposed to be working together. The bottom line is, each of those agencies makes the decision as to who gets those grants. It is very difficult not to be stove-piped, and there is a very limited amount of influence, for example, the FEMA can have enforcing their grant recipients to say, "You need to include public health planning into your hazard mitigation planning," even though we know that they are tied together, that you can’t separate them.

If I were king for a day, I would have some type of process where those would be block type grants, and you would have to show how there is integration among all of those, versus having separate grants coming out of separate agencies.

[Closing]

Amy Sebring: Time to wrap for today. Thank you very much Darrell. We appreciate your taking the time to share your thoughts with us. We hope you enjoy the challenges of your new position in the future.

Again, the recording should be available later this afternoon. If you are not on our mailing list and would like to get notices of future sessions and availability of transcripts, just go to our home page to Subscribe.

Our next program will be on July 14^th when our topic will be the Safe America Foundation’s preparedness initiative called 9/11 Drill Down for Safety. Please plan to join us then.

In the meantime, thanks to everyone for participating today and we hope you have a safe and happy 4^th of July holiday! Have a good afternoon everyone.