IPAWS: What Now? IPAWS: What Now. IPAWS: What Now. Integrated Public Alert and Warning System. How do I get assistance?

Transcription

1 Emergency Management Training Center IPAWS: What Now? and Warning System John Dooley IPAWS Program Manager IPAWS: What Now Where we re at now? What training is required to send IPAWS alerts? What type of training is available? What value regular testing my notification system is to my organization? IPAWS: What Now How do I get assistance? Public Information and Warning into my exercises? Update on upcoming changes. 1

2 Where we re at now? Who in public safety has used IPAWS? Martin County McLeod Grant Wilkin Wireless Emergency Alerts WEA 2

3 Wireless Emergency Alert Who uses it? NWS Public Safety Wireless Emergency Alert What are they used for? Codes Used by Year TOR FFW SVR WSW BZW CDW SPW CEM Wireless Emergency Alert WEA by Forecast Office WEA sent by WFO La Crosse Chanhassen Duluth Grand Forks Souix Falls Aberdeen

4 TRAINING Why do we train? Training your employees can increase their efficiency and productivity in completing their daily work tasks. Reasons not to Train Lack of familiarity with the software. Not knowing: When to use it, What s the trigger point that we need to warn everyone we can. How it works, compared to the Opt In alerts that users are accustom to sending currently. Fear of inappropriately sending off an alert. 4

5 Emergency Management Training Center The only dumb question is? The one you don t ask! Emergency Management Training Center What could go wrong! Murphy's law: "whatever can go wrong, will go wrong." Sorry that tee shirt is out of stock! 5

6 Why do we train? Training can also help your organization achieve greater consistency in process adherence, making it easier to project outcomes and meet organizational goals and targets. Required Training Q: What training is required to send alerts through IPAWS? A: FEMA independent study course IS 247a. What type of training is available? 6

7 Online Training FEMA Independent Study Courses IS 247a IPAWS Alerting Authority IS 248 Online Course for the American People IS 251 IPAWS for Alerting Authorities Best Practices. Onsite Training Public Alerting Authority Best Practices Workshop Facilitator led workshop 2 hours on best practices 1 hour on scenarios for when to warn 1 hour practical exercise More Online Training The Minnesota Public Alerting Authority Best Practices Guide is now online. About 2 hours to complete To get access to Alexandria Technical and Community College customized training courses contact: Linda Muchow or lindac@alextech.edu 7

8 Alexandria Tech Testing What value regular testing my notification system is to my organization? Testing Value of regular testing Familiarity Knowing the web address to the software. Knowing your password! Knowing any other codes. 8

9 Testing Value of regular testing Proficiency Doing a test weekly makes you go through the process. Say a month has gone by and you missed that there was a software update.. Testing Consistent Outcome You have confidence You have done it over and over Practice, Practice, Practice. Testing Who s testing regularly Anoka Douglas Hennepin HSEM McLeod Nobles Rochester (Olmsted) Scott 9

10 Training is like bathing Its not permanent Emergency Management Training Center Training and Exercise Support How do I get assistance? Joint Interoperability Test Command Off Site Testing (via webinar): Alerting Authority contacts the JITC POC Alerting Authority provides 2 3 test dates and times (typically 1 hour sessions). JITC schedules a webinar with the Alerting Authority. Alerting Authority ensures test security certificate are uploaded to alert origination tool. 10

11 Joint Interoperability Test Command Independent Testing: No need to notify JITC POC Alerting Authority ensures test security certificate is uploaded to alert origination tool. Alerting Authority verifies test alerts via the IPAWS Message Viewer. Independent Testing with the JITC Emergency Management Training Center Validate that plan! Public Information and Warning into my exercises? 11

12 Validate that plan! Hold on do we have a plan? Validate that plan! Include Public Information and Warning in every exercise you can! Exercise your public information plans. Look at the alerting process all the way up to sending the alert. In your plan you should look at: Who decides to send an alert; Incident Commander, Sheriff, Emergency Manager, Shift Supervisor, ect. Approval process, is there one in place? Are the training records complete? Sustainment training for those involved? 12

13 Emergency Management Training Center IPAWS Program Update on upcoming changes FCC time line for improvements to WEA 1 November 2017 Phone numbers and URL s allowed as part of message. 1 November 2018 Spanish Language alerts to consumers 1 May 2019 Character count increases to 360 Establishment of a Public Safety Message 1 November 2019 Enhanced Geo coding of WEA polygons down to 1/10 th of a mile. Message retention for at least 24 hours BLU Alert and EAS changes BLU Alert EAS Jan 2019 WEA August 2019 EAS Changes Announcement coming from FCC Spring

14 Pending Legislation Emergency Management Training Center The only dumb question is? The one you don t ask! Thank You John Dooley IPAWS Program Manager Division of Emergency Communication Networks john.dooley@state.mn.us 14

15 [Year] [Your Organization] Alerting System POLICY MANUAL

16 Table of Contents 1. Purpose Background Training Acceptable Use a. Alert Activation b. Community Alerting c. IPAWS Activation... 3 CDW - Civil Danger Warning:... 3 CEM - Civil Emergency Message:... 3 EVI - Evacuate Immediate:... 3 SPW - Shelter in Place Warning:... 4 RWT - Required Weekly Test: Alert Authorization Alert Decision Making System Use Not Permitted Effective Messaging Cross-Border / Neighboring Jurisdiction Notification [YOUR ORGANIZATION] System Management a. System Security b. System Certificates... 8 GLOSSARY... 9 i

17 1. Purpose This policy does not supersede the existing [Your notification system] policy for Community Notification Alerts and [Your notification system] users should adhere to the most current [Your notification system] operation policy for all non-lpaws community notifications. This policy is designed to make the connection between community notification alerts and alerts that are of great danger to everyone in the area. The [your organization] is an alerting authority authorized to use the Federal Emergency Management Agency (FEMA) and Warning System (IPAWS) Open Platform for Emergency Networks (OPEN). [Your organization] gains access to FEMA IPAWS OPEN through vendor software provided by [Your vendor NAME] product known as [Your notification system]. The purpose of this IPAWS Policy is to manage the access and usage of IPAWS by [your organization]. The web address to log into [Your Notification System] is: 2. Background [Your notification system] is for sending out Public Information and Warnings to our communities, this includes non-emergency and well as emergency messages. This policy will help you determine the most appropriate use of [Your notification system]. Community notifications can be sent out using [Your notification system] to preloaded land line telephone and fax numbers, or to persons who have signed up for notifications by text, or social media. These persons we would notify for non-emergency events as well as life threatening events. We have the capability to expand our warning coverage through the and Warning System (IPAWS) which is a system for sending local emergency alerts, maintained by the Federal Emergency Management Agency. It is a key element of the [your organization] plan for public warnings. It is accessed using [Your notification system]. IPAWS is a system of systems that can allow us use the following additional alerting dissemination channels: Note: [your organization] is assigned one FIPS code, for Non-Weather Emergency Messages (NWEM) and Emergency Alert System (EAS) activations, the alert will be disseminated to the entire county. You as an alerting authority should keep this in mind when utilizing IPAWS. Due to the large geographic area of [your organization], over warning is very easy. Emergency Alert System (EAS), alerting through broadcast radio and television stations in the area. The alerts may or may not be automatically broadcasted from a local alerting authority depending on the alerting preferences set by the broadcaster. Wireless Emergency Alerts (WEA) which broadcasts a text alert to all WEA capable cell phones with in the designated alerting are weather they are signed up to receive [Your notification system] messages or not. WEAs are very brief messages, limited to 90 characters, these messages are broadcast from cellular towers in the area that you have designated. WEA s are not text messages nor an imessage (Apple 1

18 product) it is a broadcast message, one-way communication from the tower to phones affiliated with that tower. The targeted area may not completely match a polygon or selected area through the [Your notification system] mapping interface. NOAA All-Hazard Weather Radio (NWEM) which activates tone alert weather radios in our area. NWEMs are alerts that are broadcast through the National Weather Service using the NOAA All-Hazards Radio Network services. Internet Services such as smart phone apps and social media sites that will relay alerts to those who subscribe. COG to COG: COGs are a local alerting authorities. Messages from COG to COG are currently only delivered to the COG's software and not sent to or a mobile device such as a text or call. COGs need to be signed in and monitoring their software to receive a COG to COG alert. If [your organization] sends a COG to COG message, the operator must make a phone call to the other COG alerting them of the COG to COG message. Along with our other Local Alerting Systems such as (ETN, Siren, Digital Signage), an IPAWS alert can also be combined with a notification to staff contact lists, the media distribution list, and an emergency telephone notification recording using the same message launch process from the mass notification system. 3. Training Any member of the [your organization] who is assigned to be capable of disseminating an IPAWS alert must complete FEMA Independent Studies course IS-0247.a (or the most current IPAWS class). This includes any user who has access to IPAWS through the [Your notification system] interface. 4. Acceptable Use 4a. Alert Activation Primary Method:. Alternative Method:. Mutual Aid: In the event these methods do not work, we have a mutual aid agreement with to be our backup. This is accomplished by contacting at The county also has a mutual aid agreement with to be their backup IPAWS alerting authority. 2

19 Such a request would come from. 4b. Community Alerting Specify what uses there would be, no parking notifications, road closures other community information. See the chart below to assist with making the determination level Community Notifications Severe Weather Notifications Parking Restrictions Snow Removal Social Media Need to notify people of up coming events, exercises and other items of intrest. Wireless Emergency Alert Small area to alert, localized incidents Need to reach people in the immediate area Emergency Alert System Large area to alert Need to reach as many as possible in a wide area 4c. IPAWS Activation The effectiveness of IPAWS relies heavily on the appropriate use of the system by local alerting authorities. Over use of the system diminishes the effectiveness of IPAWS as citizens are more likely to ignore or opt-out of receiving notifications if they receive too many alerts. Misuse of the system when there is not an immediate threat reduces the credibility of IPAWS alerts. The State of Minnesota has an IPAWS administrator and committee who establishes what alerting codes alerting authorities are permitted to use. The [your organization] is authorized to use four IPAWS alert codes and one testing code. Acceptable use of IPAWS alerts are identified below: CDW - Civil Danger Warning: Armed personnel with intent to harm the public who are either mobile or whereabouts unknown. The alert should include critical information including area being warned and what the threat is. CEM - Civil Emergency Message: Notifications where the public is in immediate danger or a dangerous environment is imminent or occurring. EVI - Evacuate Immediate: When a large area needs to be evacuated due to a hazard. This can be hazardous materials releases, widespread wildfire threats or HAZMAT emergencies. IPAWS should not be used for small scale evacuations such as a neighborhood or concentrated area and are intended to be used for evacuation orders of a city or large area. Clear instructions must be provided. 3

20 SPW - Shelter in Place Warning: When dangerous situations exist where the public would be safest sheltering in place. Examples could be hazardous materials releases, HAZMAT emergencies or law enforcement emergencies where widespread public safety concerns persist. RWT - Required Weekly Test: The "required" weekly test is not a required for Public Safety organizations as it is for our broadcast and cable partners. Required weekly tests are used to verify EAS activation in the same manner silent testing (air) tests are performed on the outdoor warning sirens. The local alerting authority should contact broadcasters in their area to determine effectiveness of the test. The required weekly test should be coordinated by the agency point of contact. Who is responsible for sending the RWT? When is to be sent? (Predetermined time (or random) one week day shift, the next test night shift) Verification of receipt at EAS participant s location. An unofficial internet site to go to see if the RWT or any other non-weather emergency alert sent has made it past the IPAWS-OPEN server: or the stations to contact in the area are: at (nnn) nnn-nnnn at (nnn) nnn-nnnn 5. Alert Authorization The [your organization] has identified the following personnel to have the authority to issue an IPAWS alert: - Sheriff, - Chief Deputy, - PSAP Supervisor - Emergency Management Director. Prior to a user issuing an IPAWS alert, the user must have explicit authorization from one of the afore-mentioned personnel. If reasonable efforts to gain authorization are unsuccessful, a user may issue an IPAWS alert only if it meets the criteria identified under the acceptable use portion of this policy and with the request from an Incident Commander. 6. Alert Decision Making Making a decision to issue an IPAWS alert can be difficult. The impressive reach and intrusive nature of IPAWS make this a very effective alerting tool but also has the capability of disrupting 4

21 thousands of people. When an alert is issued it should be anticipated that incomplete or inaccurate alerts will cause confusion and adversely affect the public's response as well as generate additional overwhelming inquiries and traffic to the [your organization] PSAP. The following should be considered when making a decision to issue an IPAWS alert: - Does the hazardous situation require the public to take immediate action? - Does the hazardous situation pose a serious threat to life or property? - Is there a high degree of probability the hazard situation will occur? o o Magnitude: A description of the expected impact. How bad is it likely to get? Likelihood: The probability of occurrence of the impacts. If you answered yes to all the questions above then the decision is made to issue an alert, the following should be included in the message: (don t worry about the order but try to cover all five elements) Source: - Who is issuing the warning, is the warning credible? Guidance: - Protective Actions: What protective measures should people take and when? - If evacuation is called for, where should people go and what should they take with them. Hazard: - What is/are the hazards that are threatening? - What are the potential risks? Location: - Where will the impacts occur? - Is the location described so those without local knowledge will understand their risk? Time (duration / termination): - When should people take action? - How long will the impacts last? 5

22 7. System Use Not Permitted FEMA IPAWS cannot be used for the follow: - AMBER Alerts - are only allowed to be disseminated by the Bureau of Criminal Apprehension. - Weather Alerts - are only to be distributed by the National Weather Service*. (*Local alerting authorities can still utilize their Community Notification Systems to relay warning information from the National Weather Service.) 8. Effective Messaging Currently IPAWS is only available in English. Whenever possible, avoid abbreviations, slang or jargon. Text to speech resources (in EAS) may misinterpret what your message is trying to convey. When using text to speech, play the message prior to launching and correct any errors when possible. Once the threat subsides or is no longer a hazard, cancel the alert through IPAWS. WEAs are limited to 90 characters and abbreviations should be simple and easy to understand. For more information the State of Minnesota Public Alerting Authority Best Practices Guide is available at: {hyperlink} 9. Cross-Border / Neighboring Jurisdiction Notification Verify that the message was received by the IPAWS Gateway and is being disseminated as expected based on the options that were selected for the message. It is recommended to notify the following that an IPAWS alert has gone out in case it generates phone calls from citizens. The PSAP if not the one making the notification. Neighboring agencies if close to a border whether county or large city PSAP. [Your organization] IPAWS access was developed to be able to alert for a neighboring jurisdiction permission must be granted ahead of time and an MOU must be in place. Add questions here COG to COG Notifications 10. [YOUR ORGANIZATION] System Management The [your organization] has a Memorandum of Agreement with FEMA and is an approved Collaborative Operating Group and assigned COG ID # [your ID # here] and the Federal 6

23 Information Processing Standard (FIPS) code is [your FIPS code Here]. There are two keys for IPAWS, the first being a training key and the other the live key. The training key will allow a user to sign-in to IPAWS through [Your notification system] but will not send an IPAWS alert. The live key is used when conducting tests of IPAWS or for an actual IPAWS alert. The live key should never be used for training other than the RWT. Upon the separation of an employee who has had access to the training key or live key, or when the password is suspected or known to be compromised, both passwords must be changed immediately by contacting [Your Notification system Vendor]. The [your organization] Point of Contact identified by FEMA is the Primary Contact (see the table below). External or internal inquiries on FEMA IPAWS should be directed to the Primary Contact or [designee]. The [designee] is responsible for maintaining the training and live key credentials. Documentation related to FEMA IPAWS is on file with the [designee]. User accounts are approved by the [ ] and created by system administrator Technical support on [your notification system] can be obtained by contacting: Position IPAWS Primary Contact IPAWS Alternate Contact IPAWS Technical Contact [Your Organization Notification system] System Administrator Your Organization IT Support Contact 10a. System Security IPAWS-OPEN is a Federal application to be used only in the performance of the user's official duties in support of public safety. Every system user is responsible for remote access security as it relates to their use of IPAWS-OPEN and shall abide by these Rules of Behavior: All users must have a discrete user account ID which cannot be the user's social security number. To protect against unauthorized access, passwords linked to the user ID are used to identify and authenticate authorized users. Accounts and passwords shall not be transferred or shared. The sharing of both a user ID and associated password with anyone (including administrators) is prohibited. Accounts and passwords shall be protected from disclosure and writing passwords down or electronically storing them on a medium that is accessible by others is prohibited. The selection of passwords must be complex and include: 7

24 o At least eight characters in length o At least two upper case and two lower case letters o At least two numbers and one special character. Passwords must not contain names, repetitive patterns, dictionary words, product names, personal identifying information (e.g., birthdates, SSN, phone number), and must not be the same as the user ID. Users are required to change their passwords at least once every 90 days. Passwords must be promptly changed whenever a compromise of a password is known or suspected. Users accessing IPAWS: Physically protect computing devices such as laptops, PEDs, blackberry devices, smartphones etc.; protect sensitive data sent to or received from IPAWS; do not program computing devices with automatic sign-on sequences, passwords or access credentials when using IPAWS. Users will not provide or knowingly allow other individuals to use their account credentials to access IPAWS. To prevent and deter others from gaining unauthorized access to sensitive resources, users will log off or lock their computer workstation or will use a password-protected screensaver whenever user steps away from a workstation area, even for a short time and will log off when leaving for the day. Inform local system administrator when access to IPAWS is no longer required. Promptly report security incidents to the Local System Administrator. 10b. System Certificates is responsible for monitoring the expiration of the certificate. [This should be the Technical POC on the original IPAWS MOA or his/her replacement.] The credentials for the training and live keys are located in the [your organization] [designated location] in a sealed envelope and are never to be displayed openly. 8

25 GLOSSARY Acronym AMBER COG EAS ETN FIPS IPAWS IPAWS-OPEN MOA MOU NOAA NWEM WEA Description America s Missing Broadcast Emergency Responder Collaborative Operating Group Emergency Alert System Electronic Telephone Notification System Federal Information Processing System ing and Warning System IPAWS-Open Platform Emergency Networking Memorandum Of Agreement Memorandum Of Understanding National Oceanic and Atmospheric Administration Non-Weather Emergency Messaging Wireless Emergency Alerts 9