IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

On Emergency Preparedness: What Have We Learned After Harvey and Irma?

Two historic hurricanes affected two of our most populated states in America in the past month. It’s still early, but what can we say about city, state and federal government emergency management lessons learned so far?

A van drives on flooded streets in the aftermath of Hurricane Harvey on Wednesday, Sept. 6, 2017, in Houston. AP/Matt Rourke
After two monster hurricanes hit the USA within a few weeks, what have we learned about preparing for, responding to and recovering from major disasters? What are governments across America doing now, and what more can be done? 

As the power started coming back on for most homes in Florida and southern Georgia over the past week, the scale of the massive Hurricane Irma damage was estimated at over $100 billion by some estimates. And yet, about 1 million customers still did not have power almost a week after Irma made U.S. landfall.

No doubt, the path of Hurricane Irma could have been much worse, but the massive evacuation and flooding and loss of life were still significant.

As mentioned two weeks ago in a blog after Hurricane Harvey, the infrastructure recovery work in just beginning in numerous places. There are many heroes and countless heartwarming stories that will be told for generations, and we can certainly feel good that many lessons learned from Hurricane Katrina have been implemented prior to these 2017 storms. 

For example, the NY Times gave details of seven hard lessons that federal responders to Hurricane Harvey learned from Katrina. Here are four of those items (with more details under each in the referenced article):

  • Responders have better plans and more training
  • Federal and locals responders now work off the same playbook
  • Emergency supplies were already in position
  • It’s OK to enlist the help of the public
I also like the perspective offered by the Urban Institute regarding disaster policy. Here’s an excerpt:

“We’re learning about managing expectations at all scales and on all fronts, starting with how quickly recovery will happen after the storm. In Houston, Texas learned from repeated experiences over the last decade about how to disburse funds and maximize resources. The state government had experience after Katrina, Ike, and during the wildfires and floods of the past several seasons. They have better processes, and the federal government has gotten much more effective in assistance from relief through recovery.

But recovery takes time — especially if we want it done well. Homes aren’t rebuilt overnight or even after several months as folks wait for insurance claims to be processed and assistance programs are managed. It’s painful to hear because so many residents need the reassurance, and so many officials want to promise immediate rebuilding.”

The Brooking Institute offered these lessons learned after hurricanes in a blog this week:

  • The FCC could improve public safety by implementing mobile phone delivery alerts
  • Finding housing solutions for those displaced by disasters takes a long time
  • The effect of hurricanes on children’s physical health, mental health, and schooling
And I also urge those who want to dive into deeper discussions regarding emergency alerts and notifications, disaster preparation and response, incident management and managing in crisis situations to visit the Emergency Management magazine blogs. These blogs can be accessed at:, and they include:

Initial Strategic Analysis on What We Have Learned After Harvey and Irma

Despite these excellent points offered by various sources, there is no doubt that it is early to be offering comprehensive lessons learned. There will certainly be many diverse organizations that will offer white papers, expert reports and even books on these topics in the coming months and years.

Nevertheless, there are benefits to taking a step back at this point to try to gain both strategic and tactical perspectives on these historic disaster preparation and recovery events.

During my 17 years with Michigan government in a wide variety of agency-specific and enterprisewide technology leadership roles, we always turned to Andris Ozols, who was (and still is) an expert researcher, policy analyst and — I would even add — historian who puts these situations into their needed context. Andris has offered exceptional strategic thinking and was a primary author on dozens of Michigan government white papers, strategic plans and business projects, and his efforts helped Michigan win dozens of NASCIO technology awards over two decades.

Andris is currently a senior research associate and strategic adviser at Public Technology Institute. Even though he has retired from Michigan government service, I turned to Andris because of his extensive background in analyzing these major national events that impact public policy.


Here is the exclusive interview:

Dan Lohrmann (DL): When you look at the events surrounding Hurricane Harvey and Hurricane Irma, what strategic steps do you see for state and local governments nationwide? 

Andris Ozols (AO): Disasters and disruptions are inherently cross-boundary, cross jurisdictional events and benefits are maximized in a disruption management framework, working with the appropriate partners. The broadening of the risk and solutions, extension and overlap of recovery essentially makes disruption assessment, planning and management an ongoing activity. The Federal Emergency Management Agency (FEMA), Multi-State Information Sharing & Analysis Center (MS-ISAC) and many other entities have recognized this, and the National Association of State Chief Information Officers (NASCIO), PTI, the National Association of Counties (NACo), the National League of Cities (NLC) and Deltek have taken steps in this direction, but could benefit from closer collaboration among themselves and entities such as the Center for Digital Government (CDG) and the Center for Technology in Government (CTG).

A first step should include identifying the partners needed and frameworks that can be used for unified approaches.  Examples can be found in disruption plans such as Michigan’s and NASCIO's 2016 Disruption Planning Guide, which include counties, cities, utilities, education, public protection, health, financial services and others.

Shared state, county and city action priorities include security, legacy modernization/disaster recovery/business continuity. See NASCIO, PTI, Deltek and CDG for further detail and opportunities.

A follow-up to the 2016 NASCIO Cyber Disruption Response Planning Guide, incorporating lessons learned from Harvey, Irma, potentially Jose, natural events such as drought and fires, earthquakes, Equifax and other adversarial, human-caused disruptions could be an early shared deliverable.

Participation in the federal level infrastructure modernization funding discourse with other government entities from a disaster and disruption perspective, modernizing the infrastructure definition could be an early shared federal action item.

DL: What have been the major success and failures of our emergency management efforts in Texas and Florida in your opinion?  

AO: While Irma, particularly when combined with Harvey, was among the most damaging hurricanes on record, there are signs that the aid response has improved. The terrorist attacks in New York and Philadelphia revolutionized the way government coordinates disaster responses: Predictions were better; the storms hit land in the Caribbean and reduced strength; the tops of the storms were partially cut off by higher winds; surges were reduced; evacuation orders were followed more closely; there were a number of new solutions applied. Last but not least, there was coincidence and luck involved.

Cities and urban areas bore the brunt of the damage. Baltimore, Boston, Seattle and other cities — regardless of their particular risks or disruptions — have been following Houston for the last two or so weeks to see how to better respond to crisis. Some of this is being done from a design or redesign perspective, including smart cities and models.

Selected Successes

  • Building code improvements since previous hurricanes and floods
  • Civility, neighborliness, established traditions and agreements on collaboration — e.g., 30,000 utility workers, National Guard
  • Governors visibility, leadership
  • Better plans, more training, responders work off same playbook, hospitals better equipped to evacuate
  • Ongoing use of location data, expanded use of social media, information and analytics, and drones become integral part of assessment and management process.
  • IT industry support and participation
  • Promptness, firmness and multiple channels for warnings and instructions
  • Enlisting the public and building upon cultural, community strengths and traditions — e.g., Cajun Navy
  • News media shift to hurricane and real-time data
  • Better, coordinated and integrated use of IT and technology
Selected Issues

  • Health: Toxic waste site flooding; nursing home deaths; chemical plant information unavailability
  • Power failures, high rate but also relatively early recovery for parts of states
  • Friction between economic development incentives and disruption planning, management, e.g., land use, flood plain development
  • Conflicts among regional and partisan groups on support for recovery, potential carryover from Sandy
DL: Given that these were historic hurricanes, in that they cause record-breaking damages and outages, what preliminary "lessons learned" can we point to?

AO: I would say:

Avoid "climate stationarity." Recognize that frequency and magnitude of weather patterns may not remain similar in the future. New factors may be leading to more extreme temperatures, rising sea levels, changing precipitation patterns, and changing frequency and severity of storms.

Risk and damage can be sustained for week or months after each event, overlap with previous events, and recovery may take years and may never be complete for some areas. Both planning and operations are ongoing activities.

The Scientific American has given several policy and strategic “lessons learned”:

  • Proactive maintenance is the most responsive approach
  • Reinvest in and redesign institutions, not just infrastructure
  • Manage infrastructure as interconnected and interdependent. This is consistent with the disruption framework approach.
  • Create a flexible infrastructure and make it equitable, for everyone.
DL: What else do we need to keep in mind? What should government technology leaders be watching and doing now?

AO: Here are some final thoughts:

Update existing government, association and private sector resources on disruptions and share with each other. Take action while there is a momentum and fuller government and public attention.

Consider establishing shared work calendars among the state and local governments, associations and related private sector entities. This should include disruption issues, processes/solutions, technologies as well as priorities.

Start with a shared lessons learned assessment from the 2017 hurricanes and selected other Natural, Technological/Accidental and Adversarial/Human events.

The October NASCIO/PTI shared conference in Austin, Texas, offers opportunities as do the development of 2017 — 2018 work plans, assessment and survey updates, planned and potentially shared operational deliverables. The annual “Technology Forecast: What State and Local Government Technology Officials Can Expect” sets a precedent for a combined association and other partner annual profile on Cyber Disruption Issues, Opportunities and Actions.

Also, here are some potential actions steps to consider and/or items to be aware of in the context of state, county and city sustained interest and priority for security, legacy upgrades; data and analytics; and higher shared and growing disaster recovery/continuity of operations priorities:

  • The private sector, including ICT, increasingly integrates plans, resources and initiatives with public-sector disruption plans, disaster management and recovery needs
  • Greater connectivity and availability and readiness to use alternate forms of communication for responders and the public, more individual responders are now connected
  • Upgrade in mobile device capabilities, range of applications, social media and location aware service diversity
  • Continuing and rapid maturation of GIS in conjunction with data, analytics, mapping, with real time data and information visualization, video capabilities for the public, governments and bridge organizations
  • Greater pre-preparation, confidence and reduction in ‘fog of war’, disaster fatigue among leaders and responders
  • Although the issue is better understood, our technology is still largely dependent on the utilities, with limited alternate power sources
Dan Lohrmann: I’d like to thank Andris for offering these outstanding insights into our current situation. I believe that Andris offers unique perspectives in insightful ways, and I urge readers to contact him if you need assistance in your strategic planning efforts and/or documentation of projects into case studies that translate to other government jurisdictions.  

Wrap-up: Embrace Resilience & Being in the Arena

In conclusion, I’d like to go back to the final recommendation from the Brookings blog about embracing resilience, which is also a hot theme in cybersecurity efforts around the world. The authors Nawal Atallah and Brennan Hoban write:

“Resilience — which refers to how cities “plan, design, build, and manage their communities” — requires not only local strategies but the support and coordination of the federal, state, and local governments.

Also, listen to Amy Liu’s podcast on the 10th anniversary of Hurricane Katrina, in which she discussed resilience and New Orleans’ recovery from that storm.”

I was encouraged to see so many different people, businesses and even professional athletes step up and offer support. The Tampa Bay news media highlighted Tim Tebow showing up at the Florida State Emergency Operations Center (SEOC) during initial Irma response.  

I will close this blog with these wise words of encouragement from more than 100 years ago:

“It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.” — President Theodore Roosevelt — April 23, 1910


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.