menu

When the 9/11 Commission recommendations were released in 2004 most of the media focus and national attention were on the proposed reforms to the nation’s intelligence mechanisms.  Practically lost in the coverage of five years ago was the last of the recommendations that focused upon private sector preparedness.

In the words of the Commission:

“Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world. It is ignored at a tremendous potential cost in lives, money, and national security.”

While all of the recommendations (with the exception of consolidation of Congressional oversight) have been acted upon, this final counsel by the Commission has had a bumpy road to travel.  While there have been at least three different pieces of legislation that have dealt with this recommendation, the one that has garnered the most attention is Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007.  Under this law, DHS was directed by Congress to develop and implement a voluntary program of accreditation and certification for the private sector using standards adopted by DHS that promote private sector preparedness.  This program, called PS-Prep was designed to “enhance nationwide resilience in an all-hazards environment by encouraging private sector preparedness.”

The program promises to provide for the first time a widely accepted method to measure an organization’s emergency management and business continuity capability.  Such a measurement will allow companies to gauge their ability to weather the storm of both day-to-day “emergencies” as well as wider disasters such as the next Katrina.  Furthermore, market-based incentives to reward preparedness in such arenas as supply chain management, legal liability mitigation, rating agency acknowledgement and insurance will now be possible – although some of these will take some time to fully develop.  This is what the Commission was seeking – a clear link between preparedness and day-to-day business in a world that includes hurricanes, power outages, floods, fires, cyber-attacks and more.

More than two years since the Title IX provisions were signed into law, DHS announced on October 15th that it identified three standards (NFPA 1600; ASIS International’s SPC.1-2009; and British Standard 25999) for the private sector to consider as part of its voluntary compliance program.  While it may be seen as a marvel of speed and efficiency by some that the US government was able to assemble this program and make three standards choices in just over two years, I am completely bewildered and frustrated by the lethargic pace of this effort and the lack of visible leadership in support of it.

While it is true that DHS Secretary Napolitano and FEMA Administrator Fugate have both made numerous, general statements encouraging private sector preparedness; when it comes to the PS-Prep effort they seem largely absent.  Here is the statutorily sanctioned program that bears for better or for worse, the signature of the 9/11 Commission and both of these leaders seem largely disengaged with little vested in this effort.

Both have more than their fair share of issues in their respective “In-Boxes,” and it is completely understandable that they have delegated the day-to day responsibilities for the PS-Prep program to others but when it comes to matching actions to their talking points, their visible absence and lack of personal pronouncements speaks volumes.

For several in industry this could not be better.  They see the PS-Prep effort as a back-door way of DHS to regulate industry and impose additional rules, regulations and costs upon the private sector. If the Department’s leadership is not out promoting it or putting significant resources into making it happen, maybe it will just fade away.

Others who have been vocal proponents for the PS-Prep effort have been frustrated by the slow, bureaucratic process used to get this far.  For them, they wanted to see DHS strike while the iron was still hot when the legislation had immediately come out but government being government meant that nothing got done with any sense of immediacy.  Furthermore the lack of any type of positive public comment about PS-Prep or the Title IX requirements (let alone appreciation of what they were) by DHS’ and FEMA’s senior leadership has also been a source of frustration.

That’s what brings us to today and begs the question; does anybody care about this program?

To answer that question it is important to remember that the Title IX, PS-Prep effort was an unfunded mandate by Congress imposed upon DHS to make something happen. While FEMA was tapped by then-Sec. Chertoff as the lead for the effort inside DHS, the Infrastructure Protection (IP) Division of DHS, with support from the Private Sector Office and the Science & Technology Directorate’s Standards Office has been at the forefront of making the majority of the program possible.  On top of that, confusion by internal and outside observers of the PS-Prep effort as to who was running the show; what was going to be done; when would announcements about the program be made, etc. has only grown since then.

While DHS may have officially identified three private sector preparedness standards for companies to voluntarily certify to and opened a public comment period about them, a lot of questions remain as to the future of this effort.  The biggest of which, does anybody care?

The initial read right now is that, due in large part to a lack of clarity and initiative by DHS leadership, the PS-Prep program’s detractors seem to outnumber its advocates.  Furthermore, the lack of a senior DHS executive level person (e.g., Napolitano, Fugate, etc.) acting as the program’s vocal champion does nothing to boost the confidence of those that believe in the PS-Prep program’s premise.  Besides the fact it has taken more than two-years to get this far, the lack of a clearly articulated vision for the future of this effort is also frustrating.

By merely issuing the press announcement of the three identified standards; opening up an official comment period via the Federal Register and offering the obligatory comments, “the private sector is important and should be prepared,” the entire effort has the feel of a box-checking, going though the motions exercise.

I never thought any of the recommendations that came out of the 9/11 Commission or this particular issue should be relegated to being just a box-checking exercise.  There have been a lot of people around the country, in DHS and in the private sector who have worked very hard on this issue and believe it deserves more than half-hearted attention and going through the motions efforts.  For right now that’s about all we are getting and that’s a shame.

Rich Cooper blog primarily on emergency preparedness and response, management issues related to the Department of Homeland Security, and the private sector’s role in homeland security. Read More
  • thecigarenthusisast

    I recently read an article concerning PS Prep and Supply Chain. Though PS Prep has value to improve community resilience, it by far is not prepared to support verification, validation, or certification of supply chain risk management or ensure that their supply chain partners are prepared. The BIA activity and the use of the “word–Supply Chain” within (NFPA 1600, ASIS SPC.1, BS 25999 Parts 1 and 2) for Implementation leading to private sector certification doesn’t support supply chain activities.

    Like others (e.g. William G. Raisch is the Director of the International Center for Enterprise Preparedness (InterCEP) at New York University) over states the current capability of the BC/BCM standards and PS Prep program. IT Supply Chain and Products/Services Supply Chain require different standards, validation, and certification. Listing to Mr. Raisch who sells used Volkswagens as though they are BMW’s–he has found The Da Vinci Code for combining the two activities under PS Prep. How preposterous and self serving!!!

    Get it right or don’t talk about it at all.