71 F
Washington D.C.
Wednesday, September 18, 2024

COLUMN: The U.K. Admits Failure in Pandemic Response and Offers Preparedness and Resilience Lessons

I read with great interest the recently published Module 1 of the United Kingdom government’s “UK Covid-19 Inquiry. This is the first in a series of modules assessing the U.K’s response to the Covid-19 pandemic. The first module focuses on the resilience and preparedness of the United Kingdom, and many of its findings and recommendations are universal and almost certainly apply to the United States as well. 

Among the top-line findings was that: 

“Had the UK been better prepared for and more resilient to the pandemic, some of that financial and human cost may have been avoided. Many of the very difficult decisions policymakers had to make would have been made in a very different context. Preparedness for and resilience to a whole-system civil emergency must be treated in much the same way as we treat a threat from a hostile state.” 

Of course, we cannot compare what the United Kingdom found with a similar inquiry conducted by the U.S. Government, but one would almost certainly find something very similar. Unfortunately, no such comprehensive, holistic after-action review has been—or likely will ever be—conducted by the United States Federal Government. FEMA did conduct its own internal review, but the political system has thus far been resistant to the kind of public national review done by a group of independent experts akin to the work of the 9/11 Commission in the early 2000s. This is a missed opportunity and reflects a failure of the homeland security and public health systems to live up to preparedness best practices and take a broad and transparent look at what went right and what went wrong during the pandemic response and recovery. Despite the efforts of many dedicated professionals at organizations like FEMA, it seems that, at a national level, the pandemic preparedness cycle—Plan, Organize/Equip, Train, Exercise, Evaluate/Improve—is not where it needs to be. 

In the meantime, we will have to leave it to journalists and historians to write the definitive account of the U.S. COVID response. While some of these accounts may be good reads, none will have the benefit of a full contemporaneous look at how the government performed during the pandemic. 

Returning to the U.K. inquiry, the reviews of their government’s performance were not favorable. Some additional high-level preparedness and resilience findings that resonated with me included: 

  • There were fatal strategic flaws underpinning the assessment of the risks faced by the UK, how those risks and their consequences could be managed and prevented from worsening, and how they could be responded to. 
  • Emergency planning generally failed to account sufficiently for the pre-existing health and societal inequalities and deprivation in society. 
  • In the years leading up to the pandemic, there was a lack of adequate leadership, coordination, and oversight. Ministers, who are frequently untrained in the specialist field of civil contingencies, were not presented with a broad enough range of scientific opinion and policy options and failed to sufficiently challenge the advice they did receive from officials and advisers. 
  • The Inquiry has no hesitation in concluding that the processes, planning, and policy of the civil contingency structures within the UK government and devolved administrations and civil services failed their citizens. 

Not surprisingly, the recommendations based on the lessons learned by the U.K. Inquiry related to preparedness and resilience included key areas such as risk governance, risk analysis, and stress testing, which are areas that the U.S. also needs to continue to improve. Specifically, the U.K. inquiry recommends that: 

  • Each government should create a single Cabinet-level or equivalent ministerial committee (including the senior minister responsible for health and social care) responsible for whole-system civil emergency preparedness and resilience, to be chaired by the leader or deputy leader of the relevant government. There should also be a single cross-departmental group of senior officials in each government to oversee and implement policy on civil emergency preparedness and resilience. 
  • The UK government and devolved administrations should establish new mechanisms for the timely collection, analysis, secure sharing, and use of reliable data for informing emergency responses, such as data systems to be tested in pandemic exercises. 
  • External ‘red teams’ should be regularly used in the Civil Service of the UK government and devolved administrations to scrutinize and challenge the principles, evidence, policies, and advice relating to preparedness for and resilience to whole-system civil emergencies. 

These are sound recommendations that should be considered in a U.S. context as well. 

Comprehensive after-action reports are one of the most important elements of executing the Homeland Security mission, as every incident—whether actual or “near-miss”—presents an opportunity to evaluate and improve. Done right, like the 9/11 Commission review and the recently conducted review of Microsoft by the DHS Cyber Safety Review Board (CSIRB), the public gets a transparent opportunity to see “behind the curtain” in terms of the root causes of incidents and the performance of elements of the prevent, protect, respond, and recover missions. Such reports allow for recommended strategic improvements and changes in underlying security and resilience conditions, setting a course for the homeland security ecosystem to develop positively. It seems that this type of review is going to happen in response to the mistakes that contributed to the near-miss assassination attempt on former President Trump, and let’s hope that the CSRB is willing to take on the resilience lessons from this month’s Crowdstrike outage. 

The U.K. Inquiry is another example of the strength of After Actions. As the U.K. government Inquiry acknowledges, its pandemic response failed its citizens in many ways. Stating that publicly and presenting the evidence is an important element of how the government is trying to learn from its mistakes. We are lacking the same level of transparency and authoritative detail here in the United States. We cannot let time and distance from the pandemic allow us to de-prioritize biosecurity and pandemic preparedness. I wish that effort were guided by a comprehensive, authoritative review, but absent that, we must learn from others.  

Bob Kolasky
Bob Kolasky
Bob Kolasky is the Senior Vice President for Critical Infrastructure at Exiger, LLC a global leader in AI-powered supply chain and third-party risk management solutions. Previously, Mr. Kolasky led the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center. In that role, he saw the Center’s efforts to facilitate a strategic, cross-sector risk management approach to cyber and physical threats to critical infrastructure. As head of the National Risk Management Center, Mr. Kolasky had the responsibility to develop integrated analytic capability to analyze risk to critical infrastructure and work across the national community to reduce risk. As part of that, he co-chaired the Information and Communications Technology Supply Chain Risk Management Task Force and led CISA’s efforts to support development of a secure 5G network. He also served on the Executive Committee for the Election Infrastructure Government Coordinating Council. Previously, Mr. Kolasky had served as the Deputy Assistant Secretary and Acting Assistant Secretary for Infrastructure Protection (IP), where he led the coordinated national effort to partner with industry to reduce the risk posed by acts of terrorism and other cyber or physical threats to the nation’s critical infrastructure, including election infrastructure. . Mr. Kolasky has served in a number of other senior leadership roles for DHS, including acting Deputy Under Secretary for NPPD before it became CISA and the Director of the DHS Cyber-Physical Critical Infrastructure Integrated Task Force to implement Presidential Policy Directive 21 on Critical Infrastructure Security and Resilience, as well as Executive Order 13636 on Critical Infrastructure Cybersecurity.

Related Articles

- Advertisement -

Latest Articles