Reinventing FEMA

Six months after the Sept. 11 terrorist attacks, all eyes are on the Federal Emergency Management Agency — the small, independent, 2,600-person organization charged by the Bush administration with leading the nation's anti-terrorism effort.

It appears to be a good fit. FEMA's mission to help the country prepare for, prevent, respond to and recover from disasters makes it better suited than most agencies to lead the effort. "We've identified the one agency that we think ought to be a permanent part of the infrastructure, dealing with the first-responder community for all times in the future, and that is going to be FEMA," said Tom Ridge, director of the Office of Homeland Security, at a February meeting of the National Governors Association.

"Many of you, because of [dealing with] natural disasters and difficulties on a fairly regular basis, have a pretty good working relationship with FEMA," Ridge told state officials. "And in that relationship, you deal with the police, you deal with the fire departments, you deal with the emergency medical personnel. So it seems to us there's a core competency and a very important relationship that already exists."

But improving the country's response to terrorism won't be easy. In the days after the September attacks, emergency workers needed up-to-date information to direct rescue efforts. But with telephone service down in some areas, an overwhelming volume of calls clogging the wireless phone system and fire departments transmitting radio messages on different frequencies, rescuers struggled to coordinate activities. Some were reduced to sending runners with handwritten notes. In the end, lives were lost because of the breakdown in communications, government officials say.

Some state and local officials wonder how the agency will handle its expanded role. "They're a small organization, and this is a big task they've been given," said George Foresman, Virginia's deputy assistant to the governor for commonwealth preparedness.

To help get the job done, the administration is asking Congress to more than double the agency's funding for fiscal 2003 to $6.6 billion. The proposal sets aside $175.6 million for information technology — a 6 percent increase over fiscal 2002 funding.

"I was always geared toward realignment," said Ronald Miller, chief information officer and assistant director of the IT Services Directorate at FEMA. "Sept. 11 made it absolutely critical that we do it.... I don't think our role has changed as much in substance as in scope."

By all accounts, the agency has a much bigger responsibility for coordination, forcing it to juggle new external tasks with old internal problems. "Traditionally, FEMA has been viewed as Johnny-on-the-scene, focused on disaster relief," said Gila Bronner, president of Bronner Group LLC, a Chicago-based government consulting firm specializing in e-government. "Now it's taking a leadership role to help enable intergovernmental data sharing. The states [and counties] expect resources and support and, perhaps, some vision and guidance."

Communications: Top Priority

Founded in 1979, FEMA supports the emergency management community with a range of relief, recovery and mitigation programs. The agency responded to 45 major catastrophes last year, including earthquakes, floods and tornadoes.

"We've always been focused on natural disasters," Miller said. "We know the seasons in which those occur. We don't have the luxury of ebb and flow now. Since Sept. 11, we've been going full blow, and we've been told that's not going to change."

Because an attack could strike at any time, the agency is on constant alert. "The pace, I think, is very different," said Dennis Green, FEMA's program manager for e-government. "There is more of a drive to get things done immediately."

Right now, managing communications is the top priority. FEMA Director Joe Allbaugh sees it as the agency's most important IT issue, Miller said.

"The essence of a response is communications," said David Jordan, chief information security officer for Arling.ton County, Va. "Without communications, you can't get anything going."

The budget request earmarks $3.5 billion for new equipment and training to enhance state and local readiness for attacks. As part of the proposal, FEMA would allocate $7 million for grants to states — with at least 75 percent going to local governments — for secure communications systems with video, voice and data capabilities.

"It would allow us to pass on more detail than what we'd be able to do with open channels," Miller said.

The grants could also be used for other upgrades. The goal is to get first responders — firefighters, police officers and emergency medical technicians — to the point where they're not relying on communications networks in damaged areas, which was the case in September.

During the rescue efforts at the Pentagon, "we were still using existing technologies," Jordan said. "This was a wake-up call. We're looking at what we can do without breaking the bank to be better prepared for another terrorist incident."

The budget awaits approval from Congress, and "while there's a will, there may not necessarily be a way at the moment," Bronner noted. Even so, FEMA officials are assuming they have to establish equipment standards by the end of the fiscal year, Miller said. Then the agency's 10 regional offices will offer training for state and local rescuers.

Some groups are already investing in new technology. For example, the American Red Cross, one of FEMA's major partners, successfully implemented its Disaster Services Technology Integration Program in September, several months ahead of schedule. "It went well," said David Craig, disaster services communication technology associate for the Red Cross. "It allowed us to have connectivity we wouldn't have normally had."

In addition, states and localities, including Arlington County, have begun exploring options for wireless systems.

"I don't think the counties are necessarily going to wait for standards to come down," Jordan said. "Folks that were in it felt we weren't prepared. The local and county governments are probably going to be able to move faster."

Creating Linkages

Although FEMA's role is still evolving, the desired outcome is clear: interoperability. "If you're not careful, you have a whole bunch of separate entities [that aren't] linked," said John Cohen, president and chief executive officer of Rockville, Md.-based PSComm LLC, which advises state and local governments on public safety and government operations. "It's an absolute priority to provide resources to states, counties and localities to make information flow."

To do so, FEMA officials have begun managing the creation of a Web portal, tentatively named DisasterHelp.gov. States and localities will set requirements for the site, which is one of 24 cross-agency e-government initiatives highlighted by the Bush administration.

"It's really important to be able to share information because a lot of the time when you come into an area, the local government may have the best information," Craig said. "I think everybody did the best job they could, but interoperability is extremely important, and Sept. 11 pointed that out in a big way."

FEMA officials are collaborating with their counterparts at the Social Security Administration, the Small Business Administration and the departments of Labor, Health and Human Services, and Housing and Urban Development. They also will work with representatives from the Red Cross, state and local chief information officers and emergency managers.

The agency will eventually pull together several systems, simplifying services and eliminating duplication in the process. Pilot programs and demonstrations are already under way. In addition, FEMA officials are looking to the Consequence Management Interoperability Services Web site (www.cmi-services.org) as a possible model for the FEMA portal. The site is part of the Marine Corps' efforts to find ways to counter terrorism and provide military support for domestic preparedness. Although CMI-Services is funded through the Defense Department, the organization reaches out to first responders nationwide.

"The hard part is trying to figure out how to bring all these pieces together into one seamless, integrated whole," Miller said.

Internal Changes

FEMA officials face the same challenge internally as they seek to develop an enterprise architecture and consolidate agency servers.

FEMA's National Emergency Management Information System (NEMIS), originally viewed as its IT core, is now considered one of several applications that will share a common platform. NEMIS, which processes disaster benefits, will also form part of DisasterHelp.gov.

"The concept of NEMIS as the enterprise IT architecture was misguided," Miller said. The budget request includes $26.4 million for the system — a 13 percent increase — despite its history of crashing, according to a federal management review.

Overall, the Bush administration gave FEMA low marks for e-government. Little oversight has been given to the agency's IT spending, and some funds have been reallocated to cover other costs, resulting in ineffective and expensive projects, such as NEMIS, according to administration officials. And FEMA hasn't adequately justified or documented those projects to Congress and the Office of Management and Budget.

In addition, state officials are wary that FEMA may have trouble fulfilling its expanded role and sharing information across jurisdictions. "They've got to do a much better job of harnessing IT resources," Virginia's Foresman said. "FEMA does not have a good track record with that."

Acknowledging the agency's past difficulties, Miller is overseeing the biggest reorganization of FEMA's IT Services Directorate in the division's seven-year history. "Change was always the plan," he said.

He has centralized all IT resources under his department, and the transformation and cybersecurity offices are part of the new mix. Before, security personnel were scattered throughout the agency and did not report to the same person. "It created quite a few problems," said Thomas Ringer, FEMA's homeland security coordination officer. "There wasn't a lot of planning on the front end."

Now, all initiatives must go through a review process and earn director-level approval.

"We have the money, we have the talent, we have the people to do security the right way, but, for whatever reason, we chose not to," Miller said at AFCEA International's Homeland Security Conference in February.

That's no longer the mind-set. Allbaugh "believes IT is on the cusp of being the most important aspect of FEMA," Miller said.

"We're beginning to build a total enterprise capability," said Rose Parkes, FEMA's deputy CIO, speaking this month at the E-Gov Web-Enabled Government conference in Washington, D.C. "This is something new for our folks. They are used to working in a stovepipe environment."

A vulnerability analysis revealed that the agency's network has 500 servers — or about one entry point for every five employees. Miller described the effort to consolidate those servers as a work in progress. "Change is always difficult," he said. "It's obvious we're going to have some folks who don't get what we're trying to do."

The cultural transformation could become more pronounced if FEMA turns to seat management. Miller is considering outsourcing the agency's desktop computers, but awaits a study by Gartner Inc.

Agency officials are also talking with vendors, including Microsoft Corp., about Web portal technology and information sharing, an area in which state and local officials are anxious to see FEMA improve.

"They're responsible for coordinating all agencies of government," Foresman said. "I think they're working on the vision piece of it. All in all, I think they stand the chance of being successful."

FEMA officials see success as the only option.

"We just have to put our heads down and keep going," Miller said, noting that the agency's IT services have life-or-death implications. "And I don't think we have a choice. We have to get it done."