The Presidential Policy Directive on National Preparedness issued on March 30, also known as PPD-8, is at first glance a document with little that is radically new. But a closer look reveals several telling inclusions – and a couple of glaring omissions – that may indicate a shift in the power dynamics of homeland security in Washington.
The intended purpose of PPD-8 was to replace the 2003 Homeland Security Presidential Directive on National Preparedness (HSPD-8), while reaffirming its general policy direction and that of the 2006 Post-Katrina Emergency Management Reform Act (PKEMRA), and 2009 National Infrastructure Protection Plan (NIPP).
PPD-8 does in fact reaffirm the all-hazards risk-based approach to national preparedness. Intriguingly, though, it describes four categories of hazards: terrorism, “catastrophic” natural disasters, cyber attacks and pandemics. Several aspects of this grouping are eyebrow-raising:
- Cyber attacks and pandemics are called out separately; previously the former was subsumed under terrorism and the latter under natural hazards. The change provides, in our opinion, a very helpful distinction, as cyber and pandemic hazards have characteristics that make them qualitatively different from the other two categories.
- Only catastrophic natural disasters are called out as a worthy of preparedness focus. While the term “catastrophic” is not explicitly defined in the PPD, the focus is clearly on “threats that pose the greatest risk to the security of the Nation.” In that spirit, even the most expansive reasonable definition of the term “catastrophic” would seem to limit the types and intensity levels of disasters sometimes encountered in risk assessment work.
- Industrial accidents aren’t mentioned by name anywhere in the document. One definition mentions “manmade or natural disasters,” but “manmade” here could be interpreted as encompassing cyber attacks and pandemics exclusively. It is unclear whether this exclusion from consideration in the set of threats that pose the greatest risk to the nation was intentional or not.
The much-maligned Target Capabilities List (TCL) from the old national preparedness guidelines is neither affirmed nor rejected by PPD-8. Some of the specific capabilities called out do map directly to individual target capabilities of the TCL, but the TCL itself is not mentioned by name.
Moreover, the four familiar mission areas of the TCL – Prevention, Protection, Response and Recovery (PPRR) – are mentioned, with the addition of a fifth term: “Mitigation.” The PPRR mission areas each map conveniently to the basic R = T x V x C risk equation (i.e., prevention aims to reduce threat likelihood and protection aims to reduce vulnerability, while response and recovery respectively aim to reduce short-term consequences and limit the duration of adverse consequences). What’s not clear is how mitigation fits in. Based on examples in PPD-8, it appears that mitigation is more of a system-wide activity, potentially shifting the emphasis away from individual critical assets or key resources (CIKR) and instead prioritizing systems that provide functions.
Besides the PPRR framework (let’s call it PPRR+M now), the new directive explicitly mentions another commonly used emergency-management construct, often abbreviated POETE: Plan, Organize, Equip, Train and Exercise. In one superbly crafted sentence in PPD-8, the White House ties together the concepts of risk, capabilities and preparedness with the frameworks of PPRR+M and POETE: “The term ‘national preparedness’ refers to the actions taken to plan, organize, equip, train, and exercise to build and sustain the capabilities necessary to prevent, protect against, mitigate the effects of, respond to, and recover from those threats that pose the greatest risk to the security of the Nation.” In our estimation, this is the foundational statement of PPD-8 – although of course this is not a new concept in the world of preparedness and homeland security.
The term “resilience,” after being used extensively by DHS and FEMA officials, also makes its official debut in PPD-8, defined as “the ability to adapt to changing conditions and withstand and rapidly recover from disruption due to emergencies.” Importantly, however, the term does not appear to be placed on the same level as prevention, protection, mitigation, response or recovery. While this observation may be based on a too-fine parsing of PPD-8’s phrasing, we don’t think so. (In one phrase concerning mitigation capabilities, for example, resilience seems to be a component of, or at least an example of, mitigation.) In the homeland security and emergency management fields, the term “resilience” is commonly applied to systems and to communities of people; what it encompasses in the case of PPD-8 remains somewhat unclear.
The most glaring omission in this document is the Federal Emergency Management Agency (FEMA) which, as the federal agency with principal responsibility for disaster response, would be the obvious choice to lead the efforts described in PPD-8. While PPD-8 does not prohibit the DHS secretary from delegating some of his or her responsibilities to FEMA, neither is the agency designated by name. (In fact FEMA is mentioned only once in the entire six-page document, and then almost as an afterthought in regards to its statutory responsibilities under PKEMRA.) Is this omission of an explicit FEMA role an intentional slight by the White House?
Another obvious shift in defined roles is the relationship between the Assistant to the President for Homeland Security and Counterterrorism (aka the Homeland Security Advisor, or HSA) and the DHS secretary. While cabinet-level positions normally answer directly to the president, PPD-8 effectively demotes the secretary by having him/her deliver all products to the president through the HSA. Three times the PPD uses the construct:
“...the Secretary of Homeland Security shall [perform a task and] submit [the resulting product] to me, through the Assistant to the President for Homeland Security and Counterterrorism. The Secretary shall coordinate this effort with other executive departments and agencies and consult with State, local, tribal, and territorial governments, the private and nonprofit sectors, and the public.”
While it sounds like the president is merely calling for reasonable coordination among all stakeholders, if this were the only aim then the reiteration of this formula three times seems like overkill. It appears instead that whereas both the responsibility for improving the nation’s security and the authority to do so have formerly both resided with DHS, PPD-8 leaves DHS with most of the responsibility while removing much of its authority. DHS is now beholden to other federal agencies, state and local governments, private sector organizations and the public, and just to make sure the message is not lost, all products must also be vetted through the White House’s HSA.
This separation of responsibility from authority is a potential sign of a power struggle between the White House and DHS – or potentially between DHS and other agencies like the Department of Justice, and it clearly represents a diminished role for DHS. (As one department source put it to us when referring to PPD-8: “We lost.”)
It also creates an environment that makes it very difficult for DHS to be productive. The general rule of thumb for sound organizational structure is that authority and responsibility must always be aligned, or the function is doomed.
Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises, for optimizing risk-based strategic, policy, and budgetary decisions.Join The Conversation »