This month, we interviewed Alexa Noruk, Government Relations Director for the National Emergency Management Association (NEMA). NEMA provides a unified voice and a common message on behalf of state emergency management agencies. NEMA also leads the National Homeland Security Consortium; NASCIO is a member.
Please tell us about NEMA’s membership.
NEMA was founded in 1974 and we represent the state emergency management officials from the 50 states, territories, and D.C. About half of our membership also serve as homeland security advisors and that has definitely evolved over the last decade. We saw this trend toward consolidating different departments because we saw so much overlap between natural hazards and man-made hazards and many states had taken the initiative to combine those departments. [In] some states it continues to be separate [and] in some states it’s run through the national guard or state police. So it really just depends on the organization of the state and how that’s best serving the people of that state. [Regarding] the NEMA membership, we are a non-partisan organization, many of our members are appointed by governors of both parties. So we tend to take a hard look at policy and we don’t take positions on elections; [NEMA works on] policy [on a] non-partisan, non-profit basis.
What new and emerging trends/topics are your members talking about?
The biggest issues for us now, as we’ve seen post-San Bernardino and post-Orlando, relate to
countering violent extremism (CVE); [it] continues to be of great interest to our members. No matter if they’re from a rural state or a more urban area, this issue continues to weigh heavily on their minds. Understanding it could happen anywhere, there are no boundaries. Like a natural disaster, domestic terror doesn’t respect political boundaries, it doesn’t always respect the boundaries of a city, county, or a state. Through mutual aid, it becomes even more of a close relationship if you consider that you might be called to support another state as they handle these emerging issues. So CVE is definitely on our folks’ minds especially as DHS and FEMA, in light of last year’s appropriations bill, now have made the move into this area of providing grants [for] coordinated, complex attacks. And for CVE, it’s a new world, it’s a new type of grant program although a lot of these actions could have been done under existing grant programs, I think having a specific grant program just for [CVE] will certainly provide an opportunity for more collaboration, for more regional focus. So that’s definitely on our folks minds.
Emerging public health trends continues to be of interest to us like Zika, dengue fever in Hawaii – different public health issues come to the forefront and although they aren’t solely managed by emergency management, it’s the partnerships that are essential to dealing with these issues. We saw in the state of Michigan responding to the Flint water crisis, operationally it was just the role to get water to people that needed it and emergency managers have built up this skill set over the years and they know logistics, they know how to get into a community and on the ground quickly. That’s a skill set that FEMA is known for and emergency managers are known for – so it’s leveraging these skills that emergency managers have built to respond to non-traditional, non-natural type events and [in] public health we have worked hard over the years to build that partnership. We have a strong partnership with ASTHO (Association of State and Territorial Health Officials) that has done wonders for that cooperation and understanding that nothing stays in its own lane anymore. And while it may primarily be a public health issue, it won’t always stay that way.
Then, emerging issues with extreme weather. Understanding how changes to the vulnerability to infrastructure and physical consequences of a changing climate – it’s very unique and manifests itself differently depending on what part of the country you’re [in]. In some areas it’s rising water levels, in other areas it’s extreme drought and wildfires so it’s not universal throughout the country but this understanding of uncertainty moving forward. [This] is a common theme in everything emergency managers do – there’s always a certain amount of uncertainty that you cannot plan for but yet they have to be ready and they are called up on any time regardless of the issue.
How do NEMA members view cybersecurity? How do your members talk about it?
I think it varies depending on the organization of the emergency management division; if it’s more of a broader, public safety organization or if it’s run through National Guard, it really depends on the leadership of that organization. Often times, the issue of cybersecurity does get technical and a lot of emergency managers rely on the expertise that exist somewhere else in government. They do this to make sure that [cybersecurity] is covered by true professionals in the field [which is] why emergency managers build those partnerships with cybersecurity officials in their state because they know they don’t have all the answers.
The most tangible way that our folks get involved is with planning and preparing for cyber consequences. Regardless of how this happens or who the actors are, we have professionals in each state that will figure that out. They will do the remediation that is required, they will figure out how to close the gaps and open doors but [emergency managers] now need to figure out the consequences for physical infrastructure that [they] can assess, that [they] can support. We saw this in New York with the dam that was hacked. The question became, thank god nothing did happen and that this was out of commission, but if it had been and they had released water, that ends up manifesting itself just like a flood. Our folks would have to understand the consequences of the flood itself and the potential that hackers could still be in the system and release more water putting their officers and more civilians in danger so it’s really this give or take. Emergency managers have a role to play but they cannot do their job without the information, data, and intel from the cybersecurity officials. It’s a symbiotic relationship where neither can do their job fully without the support of the other.
What are NEMA priorities for this year?
For our priorities right now, we are actively involved in the FY17 process. The biggest issue that was raised initially was homeland security grant funding and the potential that this grant funding could see significant cuts in the coming year. Our priority was to support restoring that money but also supporting the evolution of grant funds; the evolution of performance metrics that really support why emergency managers and homeland security officials continue to need the funds. We also continue to support a real understating of what that funding goes towards and what we’re building as a nation instead of just how much funding we get each year. NEMA’s been very vocal about our interest in performance metrics; about streamlining the grant making process to make sure that it’s effective and fiscally responsible.
We proposed our grant structure about six months before the first iteration of the NPGP (National Preparedness Grant Program) was proposed by the Administration; we had major concerns with what FEMA would eventually put out; we saw similarities between them but we still had some work to do. Unfortunately, the NPGP was not received well on the Hill and by many stakeholder organizations so I don’t think there was ever a true comprehensive discussion that could have brought stakeholders together and identified areas of common ground. To take that as a signal that nothing should be done would be a mistake. NEMA continues to be very interested in having that conversation whatever form it takes. We want to involve all stakeholders that have a role to play in grants and performance metrics. It shouldn’t just be FEMA and NEMA. It really should be a comprehensive approach to ensure we are meeting the needs of everyone involved.
Our priorities, especially in an election year, we have a great interest in continuing to support, educate, and inform elected officials and any new administration leaders that may come in during the transition; [a] new presidential administration, DHS, and FEMA leadership, we are very interested in seeing a robust educational process. We’ve been very lucky with the types of professionals that have been in the agencies that we deal with and we look forward to that same level of professionalism in the coming administration. We look forward to supporting the transition at NEMA and through our partnerships within the National Homeland Security Consortium (NHSC). The Consortium put together a white paper that reflects the interest of all of the member organizations. I think that’s really powerful and recognizes that as a unit we have power. Individually, we all have our own influence that’s fantastic but the value really comes in when we work together.
What was the feedback on the NHSC white paper? (NASCIO is a member of the NHSC and contributed to the campaign white paper)
Yes, the conversations we had with the campaigns were really substantive. We invited a number of them to come to the NEMA conference in April. We [spoke with] three [candidates] – the Cruz campaign, the Trump campaign, and the Hillary campaign – we sat down with them for at least an hour each. They came in, they gave us their homeland security priorities and they listened and took questions and really delved into these priority areas. It was [very] encouraging to see. It was great to see that they had taken the time to read the paper and [understand] it. Most of their representatives came from a background where they very much understood the homeland security world. This was not their first time hearing a lot of these [issues] and it was encouraging to see that they had appointed people to these positions that recognize the need that was there.
Did the campaigns talk about cybersecurity?
Of the things they paid attention to, cyber was up there and CVE was up there. But it was really this recognition of – we have threats that 15 years ago we would not have been dealing with. And so any administration is going to come in with a lot of unknowns and they have to fill those gaps with the professionals that have that background. I thought it was very encouraging.
We presented them with the NEMA paper and then the Homeland Security Consortium paper; NEMA’s paper and the consortium paper look very similar and I think it was good for them to see them this consistency. I’ve [also] seen quite a few organizations and associations’ [white papers] – they seem to overlap nicely [with the NHSC paper]. It may focus on one or two things because that’s what they’re focused on but none of us are contradicting each other which is very good.
What do NEMA members think about FirstNet?
FirstNet and broadening out to this idea of a reliable, resilient first responders network has always been an interest and priority for our membership. As it made its way through the Hill and years of differing pieces of legislation to accomplish this goal, NEMA was always supportive of the end goal of getting that network set aside for first responders. Now that’s in gone to this post-Capitol Hill world of implementation, I think we’re starting to see very different approaches in each state reflecting the diverse needs of each community in that state.
[FirstNet] is encouraging conversations that weren’t otherwise happening. It’s putting people in rooms together to make big decisions and really identify what the priorities are in each one of those areas. It’s fostering more communication and building these relationships that not only will be helpful for communications but it’ll be helpful in every aspect of emergency response and preparedness. It differs on how they handle the buildout, it’s going to differ on what private sector entities are represented and that’s ok. Each state is going to be involved and it serves them well to have those conversations. We are very encouraged by it and we continue to support that reliable network because our folks rely on strong and resilient communications in a disaster and that continues to be of great interest. Responding to any type of event, whether natural or man-made, you cannot do your job as an emergency manager without that strong base for communications and this FirstNet and the broader network in general, gets us there. However we get there, is a good thing.
Can you tell us about the homeland security grants NEMA cares about and why?
We primarily focus on preparedness grants that are defined under FEMA’s grant making authority. Our biggest priority is making sure they are flexible enough to address emerging needs. There’s nothing worse than being locked into a structure that can’t be agile, can’t be flexible, [or] can’t respond well. If you have a new issue that comes up and have to wait for an entire grant making cycle before you’re able to address it, it’s really not supporting the level of intensity that we’ve come to expect from the homeland security world, so [grants] really have to be flexible and that’s what we’ve consistently said.
Grant levels and the amounts of grants will go up and down and we understand the political reality of that. If we were to see large cuts or if we continue to see this question every year if cuts are being made, there needs to be the protection in place to ensure they’re flexible enough where states and localities can make the decisions that they need to make. And it can’t be only and solely driven from the federal level. It needs to be a partnership where information on gaps, needs, and challenges from the state and local level get pushed up to the federal government and the federal government pushes down a structure that’s flexible enough to meet everyone’s needs and doesn’t require this piecemeal approach [where] every time we have a new hazard, [create] a new grant program. We saw this after 9/11 there’s been shift back towards more of a bulk grant process and now with CVE, we’re seeing the introduction of another grant program. It’s finding the best balance there and I think we’ve seen the expansion and the slimming down. Whatever we come to as a program, it just needs to be flexible.
[Grants need] flexibility with accountability and [accountability] is where we continue to press for performance metrics. We believe the best way to illustrate that we’re using taxpayer dollars the right way is to show that we’ve made progress and it tends to be this qualitative progress: “Well, I know we’re better prepared since 9/11 because we’ve spent billions of dollars and avoided another 9/11 style attack.” I have no doubt that’s true but to communicate with Capitol Hill, to communicate with the administration, and to communicate eventually to the American people, we do need some sort of quantitative, very data driven approach that shows the relationship between the money we’ve spent, the preparedness level we’ve achieved, the attacks or hazards we’ve avoided, and importantly, the viability of these efforts over time. I don’t think we’ll ever get to a solely numbers driven approach. We do need that qualitative aspect because preparedness is never going to be just based on numbers; it is kind of “soft.” There needs to be that balance that we strike where we’re protecting money [because] we have a fiduciary responsibility to the taxpayer but then on the other side, we also have to be flexible enough if we need to spend money, it can be spent in the right way and it’s spent to reach that goal of preparedness whatever that means on a local, state, and national level.
We struggle to communicate how many disasters are controlled at the state and local level before they reach the federal government level. Each year, NEMA and IAEM put out a report on the emergency management performance grants and we have quantified a good number of different indicators. So we say – this year, we’ve done X number of exercises which is this many higher than last year. Or we’ve handled this many disasters at the local level without ever needing federal dollars. We’ve tried and it’s difficult because we’ve had to identify a line in the sand where we choose a baseline that tells a story and next year we may need to change that approach because you just never know what will come up. We decided we needed to set a baseline at some point. We needed to at least to put a line in the sand and then from there, each year, you can collect data and figure out how to best tell the story but it is very difficult. It’s very difficult to explain preparedness and mitigation because you’re basically saying, I’ve taken an action and spent millions of dollars and nothing happened and that’s a good thing. CVE will encounter the same thing, because they will spend millions of dollars to achieve a goal of avoiding attacks or radicalization and that’s a good thing. It’s a weird narrative, it’s always sexier to talk about how many people you save with a swift water boat. But I bet you if I told you that I elevated 10 homes in a community so that I didn’t even need to use the swift water boat, then you’d say why do you need that swift water boat at all. So it’s this constant push and pull of what do we need, how much do we need and if I reduce my risk, I need less but that’s not as sexy as I need more to save more people. It’s a very tough way of approaching it.
Any other thoughts for NASCIO members?
Over time and just in the time that I’ve been in emergency management, we always talk about the relationships that are built before a disaster, during a disaster, and after a disaster. It always seems really natural to say that you shouldn’t be meeting your police chief for the first time when a disaster strikes. You shouldn’t be just meeting these community organizers or community members when they need your help after a disaster. We are learning more and more [that] these partnerships keep expanding. We keep learning more people that we’re supposed to bring into the fold. This back and forth and the relationship that we’ve built with NASCIO and state CIOs is just another example. You won’t know the value of that relationship until it’s tested but when it is and in that moment, you don’t have to introduce yourself to your state CIO or you’re sitting in a meeting and you recognize that your CIO is not in the room and you bring them in, [it shows the value of relationships]. We see emergency managers that have been brought into the fold on issues that they would not have otherwise been aware but they’re brought in because someone else recognizes that they need to be in the room. It’s this good symbiotic relationship between these two professions that recognize they cannot do their jobs individually without the support [of the other] whether it’s physical support or just knowing that that person is there to back you up if something goes bad.
We won’t overlap on every issue but the issues where we do overlap, it’s encouraging to know that we have organizations and professionals that mirror what we do at NEMA; NASCIO mirrors that on the CIO side. It’s been encouraging. We’ve been in meetings where we’ve said, “Have you guys reached out to NASCIO?” We’ve been on the Hill and people will ask us questions where we know we probably don’t have the best answer or we don’t have the latest and greatest answer. So we continue to push for that recognition that you all are professionals and we’re professionals and we each have our own lanes but we cannot do our jobs without each other. It’s constantly been this idea of figuring out who your partners are and once we figure it out, we take strides to improve that relationship and support it going forward. We did the same thing with public health; it was trial by fire. We learned that we needed public health during avian influenza and H1N1 and we had this realization that we hadn’t done enough to build that partnership and we don’t want to be in that situation again. We don’t want to be sitting in a meeting and realize that the person we need most in the room isn’t there. You want to immediately recognize who needs to be there and why they need to be there and you don’t want to be meeting in that meeting; already have that relationship established.
Resources Mention in this Article
2016 National Homeland Security Consortium Issues Brief
NEMA testimony during House Homeland Security Hearing, “Enhancing Preparedness and Response Capabilities to Address Cyber Threats”
New York Dam Hack (NY Times)