Saturday, May 20, 2017

TDEM 2017 Texas Emergency Management Conference

Laurel and I attended the 2017 Texas Department of Public Safety Division of Emergency Management annual conference in San Antonio. Although it is a four-day show, we were there just for Thursday, May 18. We started with the exhibit hall and attended two break-out sessions. These are some of the vendors whom I met.

Dr. Deb Zoran is the operations supervisor of
VET outreach of Texas A&M University.
They coordinate animal rescue during disasters and emergencies.
John Taylor and Hannah Coffey of BOLD Planning,
one of the providers of mitigation and remediation plans for
organizations that do not have adequate in-house emergency planning.
Sean Scott developed the Red Guide handbooks.
They are available in English and Spanish.
Keith Blaylock of eXpress Sandbag System
did not bring the proprietary machinery with him.
However, I found the sandbags to be portable,
standardized, and stackable.
And he said that he could produce
1000 per hour all day long.
Michael Shanks of LRad explained
that his sound output speakers will cover
huge, city-sized areas with good clarity
for voice notification in times of emergency.
Mike Ross does apps and he has them for
emergency management. In the age of the
smartphone it is an easy and effective way
for jurisdictions to get the word out --
the right information...
from the right source.
Vanessa Forté of ProPac brought a wide range of
pre-packaged emergency supplies from
first aid kits to food and drink for
one person or large groups.
Mark Mathiesen of On the Mark Weather is one of several
commercial meteorologists with his own brand of applied theories.
When I reviewed and edited contracts for TDEM in 2014,
I was surprised to learn that the government agency, NOAA,
as respected as it is, is not the leading edge, and only tells you
what they tell everyone in a wide area all at the same time.
Dr. Mathiesen specializes in micro-events:
he can tell you if your school could be hit. 
Of course, there were many more to be met.  My friends from Intermedix and WebEOC were there. So were the folks from STEAR, the State of Texas Emergency Assistance Registry for people who want to be helped when getting help is a matter of life and death. I met Major Ernest Branscum of the Salvation Army several times during the day as we toured the exhibit hall. I was happy to be able to add my name to the contact list for the local chapter of the Association of Continuity Managers.   

On Thursday, May 18, at 4:00 PM, Laurel and I attended an excellent session on Insurance Fraud. The presenters were Lt. David Taylor (Compliance) and John Plent (Consumer Protection) from the Catastrophe Response Team of the Insurance Fraud unit of the Texas Department of Insurance. Just to note: The Department of Insurance is one of about 20 state agencies and departments that has its own sworn and weaponized peace officers. As explained below, when on the streets, talking to roofing contractors, he has the full law enforcement authority of any police officer in Texas.

In the aftermath of a disaster, swarms of unlicensed contractors appear, soliciting business, and being paid with money from insurance settlements. The work is uneven in quality. Sometimes, the “contractors” take a “down payment” and never return. Occasionally, they take a partial payment, do partial work, then leave, with a promise to return, which puts the matter out of the criminal law and into civil law.

The TDI catastrophe teams help people work with insurance adjusters; and they can assist insurance companies in the field. They work with consumers to help with insurance claims. Lt. Taylor and Mr. Plent come to your town to mitigate (and ideally prevent) violations and victimizations. They start by meeting with city officials. They acknowledge that after a severe storm which has taken lives, mitigating insurance fraud might not seem highly important. However, they have found law enforcement and other city officials to be very helpful. If the city has regulations, they say, then make sure that all solicitors are registered and licensed. Drive the streets; and where you see roofers working or knocking on doors, ask to see their papers. Municipalities should run background checks for outstanding warrants and sex offender registration. Their primary advice is to homeowners is to never accept a solicitation. You, the customer, should drive the process by seeking out reputable companies and getting competitive bids.

We have no state-level licensing of contractors here in Texas. However, we do have the Roofing Contractors Association of Texas and the Building Officials Association of Texas (BOAT at www.boatx.org). In fact, BOAT was one of the vendors at the TDEM conference. 


Read about the fraud team here
Watch one of their videos here.

At 2:30 PM on May 18, Laurel and I attended a disjointed, lackluster session on cyber security.  Despite our abiding professional involvement in computer security, this one put us both to sleep. The presenter was David Morgan (CISSP, CNSS NSA Security), who is a cybersecurity officer and information security manager at the Texas Department of Public Safety. He certainly seemed well qualified from his time in the Marine Corps to his experience as a visiting professor at several colleges and universities. The bottom line is that the content of his presentation did not meet the criteria set by the title of his talk, "Cyber Security - A Critical Component for Emergency Management." 

Everything we do in response to a disaster or a community event depends on computers, from smartphones to laptops. To coordinate our efforts, we bring WebEOC into community shelters. Some at this conference had special responsibilities for the emergency bands such as TICP (Texas Interoperability Communication Package) and MARS (Military Affiliate Radio System). David Morgan did not tell us how to secure any of them, or how to detect an intrusion.

Laurel and I were most interested in knowing about how computer hackers have disrupted emergency response. Aside from mentioning the recent incident in Dallas -- (Dallas Morning News here among very many others) -- in which the weather sirens sounded at midnight, he had nothing to say. 

Hackers have been changing traffic lights since at least 2003, though the ability to do so was known in the 1980s. (See Wired from 2005 here.) Recently, the Surprise, Arizona, city 911 was taken out by a hacker (See Washington Times story here.)  Bear in mind, though, that the infamous “Operation Sundevil” from 1990, which alleged that hackers had broken into the nationwide 911, was exposed and disgraced.  (See  “Operation Sundevil” in Wikipedia here and “Jefferson in Mirrorshades” in a hacker archive here. )  None of that was in this  presentation. 

David Morgan did allude to the existence of viruses, worms, trojans, and spyware, but did not differentiate among them, or tell us how to detect, mitigate, remediate, or prevent them. He did say that the Macintosh operating system is easily given to viruses because it is based on Unix, which is the operating system in which viruses were invented. David Morgan defined “Zero day” as the source of unknown vulnerabilities. He explained a “root kit” by saying that if you are “root” then you own the system.

All of that being as it may, I personally benefited by learning about Shodan.io. Coming to work the next day, I visited the site, read about it on Wikipedia, and made a note to myself to follow up. 
  
PREVIOUSLY ON NECESSARY FACTS
BSides Austin 2016
InnoTech 2015
CERT: Community Emergency Response Team
The Living Fish Swims Under Water

1 comment:

  1. Great post! I am actually getting ready to across this information, It's very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.
    Best Roofing Contractors in Chennai

    ReplyDelete