The recently released Implementation Plan for Presidential Policy Directive 8 (PPD-8) on National Preparedness makes some minor tweaks in emphasis as compared to the original PPD-8 Directive and introduces a few novel pieces of doctrine.
PPD-8, issued by the White House on March 30, replaces the 2003 Homeland Security Presidential Directive ( HSPD-8) on National Preparedness. The six-page Directive mandates the development of “a national preparedness goal that identifies the core capabilities necessary for preparedness and a national preparedness system to guide activities that will enable the Nation to achieve the goal. The system will allow the Nation to track the progress of our ability to build and improve the capabilities necessary to prevent, protect against, mitigate the effects of, respond to, and recover from those threats that pose the greatest risk to the security of the Nation.” The first edition of the National Preparedness Goal (NPG) must be completed by September 25 and a description of the National Preparedness System (NPS) is due by November 24.
Public reactions to the original Directive ran the gamut from supportive to highly critical. Our own analysis noted among other things a more detailed and nuanced treatment of hazards (subdivided into terrorism, “catastrophic” natural disasters, cyber attacks and pandemics); the addition to the Target Capabilities List of a fifth mission area – Mitigation – to augment the more familiar Prevention, Protection, Response and Recovery; and the first (if not entirely clear) formal use of the term “resilience.”
The 13-page PPD-8 Implementation Plan, issued as scheduled 60 days after the Directive, seems to elevate the role of regional, state and local jurisdictions in regards to risk when compared to the Directive, while at the same time somewhat de-emphasizing risk or at least decoupling it from the core capabilities necessary to prevent, protect against, mitigate the effects of, respond to and recover from the above-mentioned hazards. (This post will examine the emphasis on state/local jurisdictions while a subsequent post will look at the risk-capabilities question.)
There are several references in the Implementation Plan that point to a greater role for state and local governments as compared to the Directive. It is possible some of these are due to subjective word choices, but we don’t think so. For example, on several occasions the Directive mandates that the Department of Homeland Security (DHS) will “consult with State, local, tribal, and territorial governments, the private and nonprofit sectors, and the public,” and it also calls for “an all-of-Nation approach for building and sustaining a cycle of preparedness activities over time.”
The Directive also states that the NPS “shall be designed to help guide the domestic efforts of all levels of government” and “shall include recommendations and guidance to support preparedness planning for businesses, communities, families, and individuals,” so clearly all levels of government are involved. However, the Implementation Plan goes a step further when it says that the NPG “will respect and leverage the Nation’s Federal, State, local, tribal, and territorial governmental structures, maximizing preparedness through adaptability and decentralization.” The implications of the latter statement are unclear. Did the writers simply mean “recognize” when they said “leverage”? (Some people may point to the potentially politically-touchy states-rights issue here, but the tone of the plan does not support such an interpretation.) Moreover, stating that preparedness will be maximized through adaptability and (especially) decentralization represents novel policy, since the Directive does not mention any such strategy. Optimists could see this as a strong statement of support for state and local government; pessimists could perceive the seeds of shifting responsibility.
Another statement in the Implementation Plan that seems to elevate the perspective of regional and local governments regarding risk is as follows: “The core capabilities that make up the [NPG] will represent preparedness priorities that reflect Federal, State, local, tribal, territorial, and private and nonprofit sector perspectives on risk.” While this sounds admirably inclusive, we would note that the groups listed represent stakeholders whose perspectives and incentives are not always co-aligned. While the Directive calls on DHS to consult with these stakeholders (perhaps to understand their perspectives on issues such as risk and preparedness), promising to represent their priorities in the NPG may be tricky.
The third notable statement in the Implementation Plan is this: “The national risk assessment should build on and integrate current models and best practices to enable the national assessment to be applied regionally and on a local level, as appropriate and practicable.” While extending DHS’ risk assessment methods to the regional and local levels would provide tremendous benefit to government planners at those levels, such a goal may be unrealistic in the short term and an attempt to do so may limit the methods DHS might choose to employ at the national level. It may be telling that the Directive itself does not compel DHS to extend its risk approach to anything lower than the national level.
Although DHS has made several attempts to develop comprehensive risk methodologies, none to date has successfully provided comprehensive national coverage and local granularity. FEMA’s flood map project identifies flood zones for select communities in the U.S., but does not provide universal geographic coverage and in any event is only available for flood hazards. MSRAM, TRAM, MAST, and RAMCAP provide granular risk assessments but none has been implemented across the entire U.S. in all sectors. Likewise, the national-level risk approaches used within DHS, such as RAPID and the HSGP grant formulas, are insufficient to provide a local-level assessment of risks. And while the THIRA process mentioned in the Implementation Plan can be performed at any level of jurisdictional hierarchy, it is difficult to compare different THIRAs to one another.
Anyone who has developed both national- and local-level risk methodologies will be able to personally attest to the difficulty of trying to create a single methodology to be used at both levels. One requires deep knowledge, the other, broad knowledge. Given that in this area, at least, it is exceedingly difficult to be simultaneously deep and broad, DHS might have been better off sticking with the national level for a comprehensive risk assessment in this instance.
Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises for optimizing risk-based strategic, policy and budgetary decisions.