"Smile. Acronym Soup. Yum" (Anonymous)

    In February of 2003, Homeland Security Presidential Directive-5 (HSPD-5) made the Department of Homeland Security (DHS) the principal federal agency for domestic incident management, and tasked DHS with developing a National Response Plan (NRP), based on NIMS (National Incident Management System), which replaces, among other things, the Federal Response Plan (FRP) and the United States Government Interagency Domestic Terrorism Concept of Operations Plan (CONPLAN).  To those unfamiliar with this acronym soup, the NRP is an all-discipline, all-hazards plan (an initial one was developed by FEMA in 2003 and a final one was released in May of 2006 by DHS).  NIMS is a core set of concepts and terminology for incident command and multi-agency coordination.  NIMS was released in March of 2004.  Incident command is explained below, followed by a graphic of the CONPLAN, which for many years was the primary incident response document for domestic terrorism.

What is Incident Command?

     An incident command system (ICS) exists when the leader of the first emergency response team to reach the scene of an incident assumes command.  Usually, this is a fire chief.  This person directs operations from the back of an emergency vehicle and also stays in constant contact with base (a fire station, dispatch room, or emergency operations center).  They are the only ones who should call for reinforcements, along with dispatchers.  Once the incident response exceeds the incident commander's span of control (six or seven operations), it is time to form separate task forces and delegate command.  The incident commander cedes authority once a more senior chief arrives, if they are needed elsewhere, or if exhaustion calls for rest.  The following is the basic structure of incident command and its five components.  

COMMAND - Sets priorities and objectives and is responsible for overall command of the incident.
OPERATIONS - Has responsibility for all tactical operations necessary to carry out the plan.
PLANNING - Responsible for the collection, evaluation, and dissemination of information concerning incident development as well as the status of all available resources.
LOGISTICS - Responsible for providing the necessary support (facilities, services, and materials) to meet incident needs.
FINANCE - Responsible for monitoring and documenting all costs. Provides the necessary financial support related to the incident.


    As opposed to the CONPLAN (displayed above in its 1997 version), the older Federal Response Plan was basically a Cold War relic, like many other Continuity of Operations Plans.  If one is interested, the Federation of American Scientists maintains a good webpage on the FRP as Modified by Presidential Decision Directive-39 PDD-39.  It might be noted that some academics actually like parts of the old FRP, such as the distinction between crisis and consequence management, and of course, those who dislike the conversion of FEMA power into DHS power tend to like the older plans.  In historical terms, the FRP and PDD-39 are practically synonymous.  A couple of other Clinton-era documents of significance are: (1) PDD-63 (Critical Infrastructure Protection) which set up a National Infrastructure Protection Center (NIPC, which was replaced in 2003 by a TTIC, Terrorist Threat Integration Center, and in late 2004 superceded by an intelligence community counterpart, the NCTC, National Counterterrorism Center); and (2) about thirteen ISACs (Information Sharing and Analysis Centers) for various public-private partnerships where private industry (which owns or controls about 80% of critical infrastructure) could work out protective solutions.  The NCTC is a growing, multi-agency organization devoted to all-source intelligence collection as well as terrorism tracking and analysis.  The ISACs are about half well-developed, and about half still struggling to get organized in some industry areas.  Also, much of the information sharing that went on at NIPC (which did a relatively good job towards cybersecurity, by the way) were replaced by the growth of JTTFs (Joint Terrorism Task Forces) which supposedly represent unified law enforcement at all levels.  The 2005 National Response Plan (NRP) supercedes the CONPLAN which needed continual updating and really took a hit when the failures of the Hurricane Katrina response became evident.  There's more to the acronym soup, but those are the basics.

Permanent link to the NRP is at
NRP supercedes FRP, CONPLAN, FRERP, and INRP
NRP integrates NCP, other Contingency Plans
NRP incorporates NIMS, HSOC, IIMG, PFO, JFO, ESFs

    Starting in 2001, the Bush administration started releasing a new series of Homeland Security Presidential Directives (HSPDs) governing homeland security policy, and it's probably important to list them all, as found below.

Bush Administration Homeland Security Presidential Directives

HSPD 1 Organization and Operation of the Homeland Security Council (Oct 2001)
HSPD 2 Combating Terrorism Through Immigration Policies (Oct 2001)
HSPD 3 Homeland Security Advisory System (March 2002)
HSPD 4 National Strategy to Combat Weapons of Mass Destruction (classified) (December 2002)
HSPD 5 Management of Domestic Incidents (Initial NRP) (February 2003)
HSPD 6 Integration and Use of Screening Information (September 2003)
HSPD 7 Critical Infrastructure Identification, Prioritization, and Protection (December 2003)
HSPD 8 National Preparedness (December 2003)
HSPD 9 Defense of United States Agriculture and Food (January 2004)
HSPD 10 Biodefense for the 21st Century (April 2004)
HSPD 11 Comprehensive Terrorist-Related Screening Procedures (August 2004)
HSPD 12 Policy for a Common Identification Standard for Employees and Contractors (Aug 2004)
HSPD 13 Maritime Security Policy (December 2004)
HSPD 14 Domestic Nuclear Detection (April 2005)
HSPD 15 Roles in the war on terrorism (classified) (March 2006)


    First of all, terms such as crisis and consequence management should be defined.  Traditionally, the FBI has had responsibility for crisis management and FEMA for consequence management.  Leadership in the Department of Homeland Security has strongly indicated they don't prefer those terms, but it is worth spending some time on them for educational purposes.  According to Fink (1986), crisis management is about "rolling with the punches" when there's no time or way to recover.  In management science, crisis management is associated with the topic of critical incident task analysis, and in criminal justice or police psychology, it is associated with the topic of critical incident stress debriefing.  There are many counseling and social work enterprises which make their living off crisis management principles.  The connections with homeland security are probably best understood by knowing that crisis counseling has always championed the cause of "speedy response."   

    There are no good definitions of consequence management.  Generically, the term refers to ameliorative action that is quick, careful, and decisive.  The word "consequence" is usually taken to mean an event of "high consequence" involving mass casualties, such as superterrorism or a Weapons of Mass Destruction (WMD) incident.  The concept involves a concern for surge capacity, such as the overwhelming of medical resources, as well as any lingering effects on public health and the environment in the post-disaster environment.  For example, if after the best decontamination procedures, all the government could do is assure some survivors a pain-free lifestyle for two years or so, this would be consequence management.  In the security field, this is more generally known as contingency planning because "contingencies" are always those secondary possibilities that need to be in a back-up plan.  Both crisis and consequence management tend to defy attempts at real-time coordination, and detract from an all-hazards approach in their calling for specialized services.  Also, the two concepts tend to devolve into public relations or public education efforts, which may be well and good, perhaps important enough to call them the sixth major function of incident command, but problems arise when it devolves into rhetoric and propaganda.  For example, crisis management in business usually implies a public relations campaign to convince consumers that it's now safe to use a product.  Beyond the old terminology of crisis and consequence management, modern terminology includes the following:

Four Phases of Incident Management

"the reduction or elimination of future risk"

"a practiced state of readiness to respond"

"an immediate reaction or relief that saves lives"

"the process of repair and restoration"

    Mitigation is long-term, pre-disaster planning which involves sustained expenditures on structural and non-structural efforts to reduce or eliminate future risks.  Preparedness is a state of readiness involving the marshalling of resources in the areas of prediction, forecasting and warning, and also involving education and training initiatives, evacuation plans, and some sort of drills, practice, or simulated response exercises.  Response is defined as an immediate reaction or relief effort focused on saving lives.  Recovery is the process of repair and restoration.


    Threat assessment is a common element, and seems to work with a well-managed, multi-agency approach.  Threat assessment is part of larger field of study called risk analysis, which also contains the subfields of vulnerability analysis and threat analysis.  The following table and paragraphs may be helpful with explanation.

Summary of Selected Risk Analysis Formulas (* =multiplication)

Relative Risk analysis likelihood of hazard * impact of event.
Vulnerability analysis likelihood of threat * scope of impact
Threat analysis scope of impact * source identification * control weaknesses
Mitigation cost to mitigate * level of risk reduction + residual risk

    Probabilistic approaches (Bedford & Cooke 2001) involve sophisticated notions of release (rate at which the hazard strikes), exposure (vulnerability of populations per unit time), dose rate (impact per person), and background levels (inherent natural risk levels).  However, simpler calculations can be done with specific risks as a function of the likelihood of a hazardous event (sometimes called the threat probability) times the impact of the event (or the scope of the impact factor).  The likelihood of a hazardous event is the most important factor to have good hard data on because impact is often simply calculated as scope (how many people).  Calculating the likelihood of a hazardous event is, for the most part, the same as calculating its threat probability, which unless one is calculating the probabilistic "Relative Level of Risk Determination," one is most likely doing threat assessment along non-probabilistic lines (Alexander & Musch 1999), as follows:

    Billions of dollars are spent every year on WMD prevention and preparedness.  Beefing up stockpile resources and devising plans for delivering it to the right places is time-consuming.  There are many agencies involved with the incident management of WMD threats.  WMD threats also involve a wide range of weapons.  While biological incidents may be nothing more than HAZMATs with an attitude, there are some distinct differences with certain chemical and, of course, radiological weapons.  Chemical WMDs can be pretty much controlled by monitoring precursor chemical usage among the population, just as agricultural fertilizer product sales can be monitored.  Radiological WMDs are likely to require the domestic terrorist group to have some sponsorship, and if foreign sponsorship is involved (i.e., so called "blended" or "seamless" terrorism), the CIA can be called in.  False WMD reporting is (and should be) a serious matter, since significant government resources are required to investigate such threats.  Title 18 of USC Section 2332(a) makes it a felony to threaten to use WMD.

    Domestic terrorism threat assessment can be carried out either by focusing upon the attack plan (which has been the discussion up to now), or by focusing upon the target (both, ideally, should be the focus).  The criteria for evaluating a terrorist target can be found in many places, and it is important to note that some targets simply have qualitative appeal to domestic terrorists, and threat assessment schemes vary in this area.  From Alexander & Musch (1999), one such scheme is reproduced below in approximate form:

What follows is a typology or classification of the many possible targets of terrorist attack.

Political Targets Economic Targets Ecological Targets

1. The President
2. The Vice President
3. The First Lady
4. Mrs. Vice President
5. The President's Family
6. The Vice President's Family
7. Ex-Presidents
8. An Ex-President's Family
9. U.S. Embassies
10. U.S. Consulates
11. Foreign Embassies in U.S.
12. Governors of Key States
13. The Statue of Liberty
14. Political Conventions
15. The White House
16. The U.S. Congress
17. Air Force One
18. The Lincoln Memorial
19. Camp David
20. The Smithsonian Institute
21. The Washington Monument

1. Oil Pipelines
2. Banks
3. Financial Institutions
4. Oil Tankers
5. Oil Companies
6. Auto Manufacturers
7. Fort Knox
8. The Wheat Belt
9. Important Bridges
10. New York Harbor
11. The Lincoln Tunnel
12. The Holland Tunnel
13. Postal Services
14. Empire State Building
15. Wall Street
16. NY Stock Exchange
17. Electrical Power Grids
18. Coal Power Plants
19. Nuclear Power Plants
20. Chemical Companies
21. FED Chairman
1. America's Farm Belt
2. National Forests
3. U.S. Cattle Herds
4. National Parks
5. Hoover Dam
6. Dams
7. Garbage Dumps

Educational Targets

1. Universities
2. Private Schools
3. Summer Camps
4. School Buses
5. Ivy League Schools
6. Schools that Politicians attended

    When selecting a target, terrorists usually seek out the one that is: (a) most high up in vital importance; (b) softest in terms of being unprotected; and (c) most significant or symbolic to their cause.  A series of attacks on the nation's landmarks, for example, would NOT be the typical pattern of a relatively small, emerging terrorist group.  That kind of totally symbolic strategy would most likely be followed by a terrorist group that has already attacked other targets, and is using the landmarks as a way to "finish up" their work.  For example, during a high threat condition, resources are often over-directed to so-called "iconic" targets, or those with great symbolic significance only. A group with an ecological target would also be typically one that has already attacked in another way, the purpose here being to demoralize or weaken their enemy, but like groups with an educational target, there might be some unusual race-based hatred involved.  Therefore, the main targets are going to be POLITICAL and ECONOMIC, especially as the two of these (and others) might overlap.  For example, the terrorists can be expected to do their homework, and they will find out which companies, corporations, causes, and schools that the political leaders worked for, are involved in, or attended.  These kind of calculations will ultimately determine targeting and target hardening.

         Much hardening is directed toward what might be called transportation, transit, or tourist targets.  These are almost always insecure, if not "soft" targets, and usage of them by terrorists may be more a matter of convenience than calculation.  Their only value is the shock or fear effect produced, but governments often have to go to great lengths to show they are protecting their innocent citizens.  The following is a list of such targets.

Tourist Targets

1. Museums
2. Theme Parks
3. Shopping Centers
4. Railway Stations
5. Subway Stations
6. Airports
7. Ferries
8. Opera Theatres
9. Musical Events

10. Expensive Restaurants
11. Expensive Hotels
12. New Years Eve Events
13. Cruise Ships
14. Ski Resorts
15. Golf Resorts
16. Casinos
17. Athletic Events
18. Hollywood Events

    With this last group of targets, there is the distinct possibility that a terrorist attack will not be recognized as an attack when it comes, and by that, is meant that some kind of "silent" WMD might be used, for example, a germ warfare agent or slow radiological leak of some kind.  While there is no substitute for the value of news coverage that will be obtained by big flashes and bombs, such "flashy" tactics will make little difference depending upon the choice of target.  In other words, a small shopping center in the heartland makes for as good a tourist bombing target as a large shopping center in a major city.  A society cannot monitor and harden everything in everyplace, but it can predict and prepare, eliminating those threats that can be prevented, and minimizing the impact of those threats that cannot. 

DHS Webpage for National Response Plan (NRP)
FAS Page on Presidential Directives and Executive Orders
Homeland Security Presidential Directive-5 (HSPD-5)
Homeland Security Watch
NIMS Online
U.S. Domestic Terrorism Concept of Operations Plan (CONPLAN) [FBI version pdf]
Wikipedia: Continuity of Operations Plans

Alexander, Y & Musch, D. (Eds.) (1999). Countering biological terrorism in the U.S. NY: Oceana.
Bedford, T. & Cooke, R. (2001). Probabilistic risk analysis. NY: Cambridge Univ. Press.
Crank, J. & Gregor, P. (2005). Counterterrorism after 9/11. Cincinnati: LexisNexis Anderson.
Deflem, M. (Ed.) (2004). Terrorism and counter-terrorism: Criminological perspectives. San Diego: Elsevier.
Dyson, W. (2001). Terrorism: An investigator's handbook. Cincinnati: Anderson.
Fink, S. (1986). Crisis management: Planning for the inevitable. NY: Amacom Books.
Ignatieff, M. (2004). The lesser evil: Political ethics in an age of terror. Toronto: Penguin Canada.
Ronczkowski, M. (2004). Terrorism and organized hate crime: Intelligence gathering, analysis, and investigations. Boca Raton, FL: CRC Press.
Vohryzek-Bolden, M., Olson-Raymer, G. & Whamond, J. (2001). Domestic terrorism and incident management. Springfield, IL: Charles C. Thomas.

Last updated: Aug 26, 2010
Not an official webpage of APSU, copyright restrictions apply, see Megalinks in Criminal Justice
O'Connor, T.  (Date of Last Update at bottom of page). In Part of web cited (Windows name for file at top of browser), MegaLinks in Criminal Justice. Retrieved from of URL accessed on today's date.