Communications Worker Credentialing Requirements (2017)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Final Report – Page 2 To accomplish this objective, the research team performed the following tasks:  Conducted a review and comparison of all current and emergent credentialing systems pertaining to authorized physical access of workers to repair, service, or maintain communications equipment and facilities within access-controlled areas.  Summarized the nature and status of ongoing efforts at national and state levels such as: o The Incident Qualification Card, commonly called a Red Card; o The National Incident Management System (NIMS) resource typing and credentialing project; o The Arizona Professional Emergency Management Certificate effort; and o Additional statewide efforts, including those in West Virginia, Texas, and California.  Identified effective practices associated with each credential. The research team employed an evolutionary approach to this research project, in the respect that completion of each successive task formed the foundation from which the next task built. The project was divided into the following two phases:   Phase I – Credential Elemental Analysis. This phase was directed at determining the basic elements of current credentials and comprised four tasks.   Phase II – Identification of Effective Practices. This phase focused on generating a list of effective practices currently in use by various state and federal agencies. The accomplishments of both phases are documented in this final report, which was prepared under Task 6 of the research plan. Detailed descriptions of the two phases and associated project tasks are provided below. Chapter 2 Credential Elemental Analysis (Phase I) The goal of Phase I was to expand our knowledge base of the current state of security credentialing as it relates to communications workers who are given access to repair, service, or replace communications infrastructure during emergencies. This knowledge base included the identification of current national- and state-recognized security credentials required for communications workers and a detailed breakdown of each credential by its basic elements (i.e., security attributes; related costs; time to acquire; issuing agencies, programs, policies, and exemptions; and accepting entities). The research completed in this phase culminated in a series of organized matrices of communications worker credentials. Phase I included the following project tasks:  Task 1. Elemental Analysis: Identify and compare the relevant national and state security credentials requirements for communications workers who are given access to repair, service, or replace communications infrastructure in emergencies.  Task 2. Requirements to Obtain (RTO) Analysis: Using information available from the issuing agency, determine the approximate requirements and time and costs associated with applying for, obtaining, and renewing each credential identified in Task 1.

Final Report – Page 3  Task 3. Regulatory Analysis: Identify the legal authorities, programs, policies, and exemptions pertaining to the issuance of security credentials for communications workers, including those who may access secure areas.  Task 4. Interim Report and Panel Meeting: Submit an interim report and meet online to answer panel questions and obtain expert feedback regarding the legitimacy and effectiveness of the characteristics of analyzed credentials. Task 1. Elemental Analysis The research team used two primary methods to conduct the elemental analysis. First, the research team compiled all communications worker security credentialing literature in the Virginia Tech Transportation Institute (VTTI) library. This effort was augmented by a national- and state-level review of state plans, publications, and operating procedures with the objective of determining the underlying credentialing processes and regulatory requirements of each credential. Additionally, State Emergency Preparedness Plans developed by departments of transportation (DOTs) were reviewed. To complement the literature survey, the research team worked with subject matter experts to draw upon their knowledge and experiences to identify the security credentials required for communications workers, both existing and under development. Subject matter experts were selected from the project panel and supplemented with members of additional stakeholder groups, including the following:   Federal Emergency Management Agency (FEMA)  Federal Highway Administration (FHWA)  State Departments of Emergency Management (DEMs)  American Association of State Highway and Transportation Officials (AASHTO)  National Association of Chiefs of Police (NACOP)  National Sheriffs’ Association (NSA)  International Association of Firefighters (IAFF)  Communication Workers of America (CWA) The research team used the findings from the literature search (in combination with the subject matter expert feedback) to develop two matrices for each credential. Initially, a credential type/attribute list was created containing information from sources such as published relevant reports and current credentialing practices by emergency management agencies. A credential attribute is defined as any piece of information provided by the credential (e.g., permit or card) for purposes of identifying and/or authenticating the user. Examples of credential attributes are name, identification number, photograph, biometric data, etc. Potential sources of information may include photographs of credentials, actual credentials, and written descriptions to identify each attribute element of each credential. After organizing the attribute data for each credential (e.g., access permit, wallet card), a comprehensive matrix was constructed to include all credential names and associated attributes. This matrix allows for the comparison of each attribute while also providing a graphical representation of duplications and an overall list of every attribute provided by all identified credentials. A matrix of attributes is presented at the end of the Task 1 section.

Final Report – Page 4 Literature Review The review of the available literature conducted using the VTTI and Virginia Tech libraries revealed several reports describing emergency response planning at state transportation agencies. Credentialing includes licenses and certificates obtained through various training (e.g., FEMA/NIMS) and evaluation programs. The literature search showed that there is no consolidated credentialing for communications workers operating within the emergency response community. To enhance the guidance provided by this project, a survey of government, private sector, and civilian credentials was completed to identify appropriate credentialing factors. Below is a list of the credentials surveyed from various sources, followed by an explanation of each. Figure 1 presents a structural diagram containing the main entities and their sub-agencies issuing emergency responder credentials. Department of Homeland Security (DHS) Federal Communications Commission (FCC) Private Telecom Transportation Security Administration (TSA) National Guard/ Federal Employees Federal Emergency Management Agency (FEMA) Maritime Radio Operator Permit (MROP) General Radiotelephone Operators License (GROL) Society of Cable Telecom Engineers (SCTE) National Assn of Radio and Telecom Engineers (iNARTE) Transportation Worker Identification Credential (TWIC) Hazardous Material Endorsement (HME, Class 6) Aviation Worker Credentials Defense Biometric Identification System (DBIDS) Incident Command System (Red Card) (various Broadband Telecom Specialist credentials) “Train the Trainer” Courses Junior Telecom Technician/ Engineer Senior Telecom Technician/ Engineer National Weather Service American Radio Relay League Master Telecom Technician/ Engineer Emergency Management Professional Program Civilian Assistance Groups Figure 1. Organizations and agencies issuing worker credentialing for various emergency response activities. (Source: Virginia Tech, VTTI) The elemental analysis and credential synthesis from the literature review resulted in several credentials potentially required of persons who conduct communications restoration work during and after a disaster response and recovery. A list of these credentials is provided below:  Transportation Worker Identification Credential (TWIC)  Hazardous Material Endorsement (on Commercial Driver’s License [CDL])  Aviation Worker Credentials (access badge)

 D  E  "R  S  N C  M  G  A In the fol credentia process Requirem diversity country. incident i governm Figure 2 (Source: efense Biom mergency M ed Card" – ociety of Ca ational Asso ertification aritime Rad eneral Radi mateur Rad lowing sectio ls. The info required by ents may d of titles, trai Figure 2 illus ncreases an ent. . Stakeholde https://www etric Identif anagement Incident Co ble Telecom ciation of R io Operator otelephone io Emergen ns, brief inf rmation cove various stak iffer betwee ning curricu trates how d responde r emergenc .dhs.gov/sit ication Syst Profession mmand Sys munication adio and Te Permit (MR Operators L cy Service ( ormation is rs general eholders wh n agencies lum, and res state, local, rs need to m y response f jurisdictio es/default/fi em (DBIDS al Program tem s Engineers lecommunic OP) icense (GR ARES) provided on aspects of th en multi-jur (e.g., local v ource roles and regiona anage reso or different nal deploym les/publicati ) (SCTE) ations Eng OL) each of the e emergen isdictional d s. state) du across polit l entities int urces acros levels of inc ents. ons/st-crede Final ineers, Inc. entities iss cy responde eployments e to, for exa ical jurisdict errelate as s jurisdictio ident manag ntialing-inte Report – Pa (iNARTE) uing worker r credential occur. mple, the ions in the the scale of ns and leve ement on m roperability ge 5 ing an ls of ulti- .pdf)

Final Report – Page 6 Agencies and National Programs The following sections present detailed information regarding training programs and incurred costs provided by various agencies regarding credentialing of workers who need to access restricted areas in federal government buildings and adjacent premises. These types of credentialing apply to several categories of staff (e.g., transportation, fire departments, etc.) not necessarily related to communications restoration, but they can be extended to communications workers if deemed appropriate. Department of Homeland Security (DHS) (www.dhs.gov) and National Incident Management System (NIMS) (www.fema.gov/national-incident-management-system) The DHS is a cabinet department of the U.S. federal government, and has FEMA and the Transportation Security Administration (TSA) among its sub-departments. The department itself does not issue credentials but delegates that to the sub-departments.  NIMS represents a systematic approach for federal, state, and local governments to work together and respond to, recover from, and mitigate domestic incidents irrespective of their cause and complexity. A main component of NIMS is the Incident Command System (ICS), which compiles all the applicants’ credentials, qualifications, and identification into a single, condensed, comprehensive system shared by federal, state, and local authorities (DHS, 2012; Edwards et al., 2015).  TSA ensures that transportation workers, particularly those that transport hazardous materials or have unescorted access to secure areas of federally regulated maritime or airport transportation facilities, are properly screened to certify they do not pose a security threat (Stambaugh et al., 2014). TSA can issue three types of credentials:  Transportation Workers Identification Credential (TWIC) card  Aviation Worker Credential (AWC) or AW badge  Hazardous Materials Endorsement (HME) program (driver’s license endorsement) The TWIC card is required by the Maritime Transportation Security Act for workers who need unescorted physical or logical access to secure areas of the nation’s maritime facilities and vessels. TSA conducts a security threat assessment (background check) to determine a person’s eligibility and issues the credential (GAO, 2013). U.S. citizens and immigrants in certain immigration categories may apply for this credential. Most mariners licensed by the U.S. Coast Guard also require a credential that could utilize a Personal Identity Verification- Interoperable PIV-I Card (see Figure 3). At the same time, DHS assisted various high-risk urban areas in assessing their tactical interoperable and timely communications capabilities in support of security and operations during an emergency. As the results indicated that most of these urban areas lacked a viable strategic plan to guide these communications efforts, DHS developed and released the National Emergency Communications Plan (NECP) in 2008 which outlines the nation’s strategic approach to improving operability, interoperability, and continuity of communications credentialing (DHS, 2012).

(Sou Criteria to as mand access in every 5 y commun commun Figure 3. rce: http://in issue a TW ated by the ports and o ears (GAO, ications wor ications wor Example of fo.idmanage IC card (ht Maritime Tra n vessels. T 2011). The kers if the fe kers to conf PIV-I card re ment.gov/20 tps://www.ts nsportation his is enfor card system deral gover orm to (see quired for s 12/03/piv-sm a.gov/for-in Security Ac ced by the U can potent nment want Figure 4). tate and reg art-cards-a dustry/twic) t for worker .S. Coast G ially be app s to make a Final ional employ ctive-directo are establis s who requi uard and g lied to crede single cred Report – Pa ees. ry-and.html hed by the T re secure ets renewed ntialing ential for all ge 7 ) SA,

The badg operator, TSA. Thi taken by The airpo deterrenc process c wants to ing process but all emp s check req an approve rt must also e and safet an potentia make their o to issue an loyees must uires legal re d agency, a brief all em y, as card d lly be applie wn credent Figure 4. Ex (Source: h AWC for ai be submitte sidence or nd a Federa ployees abo esign is at a d to creden ial but still m ample of TW ttp://www.ts rport person d for a bac citizenship, l Bureau of ut their dut irport discre tialing comm eet federal IC card. a.gov) nel is deter kground che a submitted Investigatio ies in an em tion (Figure unications requiremen Final mined by th ck and app photograph n (FBI) back ergency, inc 5). This bad workers if e ts. Report – Pa e airport roval by the , fingerprint ground che luding terro ge-issuing ach compan ge 8 s ck. rism y

HME req fingerprin takes a c coursewo Stambau utilizes th Similar c (PSAC), represen mission i safety pe are prope documen nationwid responsi technolog Additiona Processi uniform c emergen (Sourc uires a CDL ts taken by ourse on Ha rk, and exa gh et al., 20 e same car redentialing established ting disciplin s to offer Fir rspective to rly supporte tation, plans e broadban bilities and a ies develop lly, DHS is ng Standard redentialing cy response e: https://sec endorseme an approve zMat safety m take abou 14). The cre d as the CD may be obt in 2013 (htt es of public stNet guida ensure that d in the net , and conce d network. T dministratio ed by FirstN working to a s (FIPS) 20 and access purposes ( Figure 5. Ex ure.natacs. nt, legal res d agency, a , followed b t 10 hours dential can L. ained throug p://www.firs safety as w nce, informa user needs work. PSAC pts related he committ n aspects re et. lign its cred 1, an open t control or o MacGregor ample of AW aero/images idence or ci nd an FBI ba y a written e (Wallace et take up to s h the FirstN tnet.gov/abo ell as state, tion, and su , requireme advises Fi to the build- ee also prov garding net entialing ope echnical sta ther federa et al., 2008) badge. /badge/badg tizenship, a ckground c xam. The a al., 2010; M ix weeks to et’s Public ut) and con tribal, and l bject matte nts, and saf rstNet throu out, deploym ides expert work policie rations with ndard used l identificatio . Final e_custom.jp submitted p heck. The a pplication, i arinik et al., be finalized Safety Advis sisting of m ocal govern r expertise f ety operatio gh providing ent, and o ise on interg s, procedur the federa by federal o n requirem Report – Pa g) hotograph, pplicant als ndependent 2011; and sent a ory Commit embers ments. Its rom a public nal capabilit relevant peration of a overnment es, and l Information fficials for ents for ge 9 o nd tee ies al

Final Report – Page 10 Department of Defense (DoD) – Defense Biometric Identification System (http://dbids.dmdc.mil/about.html) Under the Department of Defense (DoD), the DBIDS allows a guard at an entry point of a military installation to scan and authenticate identification cards, vetting access to the base. The database networks with the FBI criminal system, as well as a DoD database created for the program specifically. It is currently only in use for the military and some DoD facilities, and can utilize both old and new ID cards, as well as previously issued government ID (PIV-I). Additionally, Common Access Cards (CAC) and Uniformed Services ID cards are issued to military retirees and authorized family members after required data are uploaded in the database (NIMS, 2011). FEMA (www.fema.gov) FEMA and NIMS facilitate coordination between all emergency responders, including all levels of government communication with public, private, and nongovernmental organizations (NGOs), to fully utilize FEMA’s ICS and Multiagency Coordination System (Wallace et al., 2010; DHS 2012). NIMS provides standardized training so that all responders at a national level have similar directives. The system also provides and establishes the training core and education courses available for independent study online by federal, state, local, or private trainers. Time and cost may vary depending on training source, with expiration being at government/private/NGO discretion (see Figure 6).

Figure 6. Example of national tr (Source: Sta aining progr mbaugh et a ams and as l., 2014) Final R sociated cos eport – Pag ts. e 11

Final Report – Page 12 National Emergency Management Basic/Advanced Academy and Emergency Management Professional Program (EMPP) (http://training.fema.gov/empp/basic.aspx http://training.fema.gov/empp/advanced.aspx) This FEMA-established and issued credential is free to the applicant after the applicant completes the required course work comprising about 200 credit hours that must be taken within a calendar year. A certificate is issued to emergency managers and senior executives that have significant experience and enroll in various training programs throughout the year as it is designed to unify training for emergency managers all over the country. This credential (EMPP certificate) is designed for newly appointed emergency managers or managers with a minimum of 3 years of experience, including members of:  State, local, tribal, and territorial homeland security or emergency services programs;  NGOs, voluntary agencies, or professional organizations;  Private sector emergency management offices;  College or university emergency management staff; and  FEMA, federal partners, military and emergency managers at other departments or agencies. Office of National Capital Region Coordination (http://hsema.dc.gov/) SAFECOM (http://www.dhs.gov/safecom), a Post-Katrina Act emergency response council, has been designed to facilitate the development of communications plans for local, tribal, and state governments. SAFECOM offers no credentials of its own; it is instead a resource for governing bodies to prepare for emergencies in the field of communication. SAFECOM and the Office of National Capital Region Coordination are essential sources of information regarding credentialing practices using federal standards and interoperability. The Office of Emergency Communications (OEC) in DHS is responsible for administering SAFECOM elements that control the development of tools, guidance, and templates on communication-related issues. OEC also issues credentials for state and local Communications Unit Leaders (COM-L) and Communications Technicians (COM-Tech.), as well as for amateur radio operators called Auxiliary Communicator (AuxCom) (GAO, 2008). The National Wildfire Coordinating Group (NWCG) (http://iqcsweb.nwcg.gov/) The National Wildfire Coordinating Group (NWCG) sets minimum training, experience, and physical fitness standards for wildland fire positions of all Department of the Interior (DOI) personnel. It also issues Incident Qualification Card(s), commonly called a “Red Card” (Figure 7), which is an accepted interagency certification showing that a person is qualified to do the required job when arriving at an incident site. Workers earn qualifications and meet standards with training courses offered by various government (federal and state) or private groups. Standards are typically approved by the DOI agencies’ fire departments, and implemented through the Incident Qualification and Certification System (IQCS), which is the DOI’s fire qualifications and certification record-keeping system. Additionally, FHWA is providing effective disaster recovery planning as it is critical to maintain information system safety and efficiency for the U.S. DOT and its Operating Administrations (OAs) to avoid major communication disruptions during a potential unexpected event (US DOT, 2016).

(These qu superviso selected worker’s keeping t Positions ensures incidents Federal The FCC Although and aircr commun standard recognitio Maritime Source:h The FCC required the open be a lega pass a w must be Source: U.S alifications rs and eme for the spec identity, exp he focus on Qualificatio the ability of that may oc Communi establishes many radio aft fields. Du ications, the . An FCC qu n of technic Radio Oper ttp://study.c issues the by certain s sea or any l U.S. reside ritten test co renewed eve . Forest Serv are stored in rgency plan ific emergen erience leve resolving th n Guide (IP DOI to prev cur (US DO cations Co regulations operator an e to the gap private sec alification (i al compete ator Permit om/articles/ MROP licen hips, aviatio tidewater ar nt, know ho vering radio ry 5 years. Figure 7. Ex ice www.fs. the NIMS d ners when t cy situation l, and quali e situation QG) establis ent, protect I, 2015). mmission for telecom d repair cre in credent tor credentia f required) i nce. (MROP) Telecommu se with the n and coast ea of the Un w to send a laws, regu ample of Re fed.us/.../inc atabase sy he need aris . On scene fications are instead of m hes minimu , mitigate, p (FCC) munications dentials exis ialing for bro ls in these f s merely leg nications_Li approval of al radiotelep ited States. nd receive lations, and d Card. ident/.../Exa stem and ca es so that q at a wildfire easily seen anaging wo m standard repare for, r , radio, and t, they are adband, lan ields have b al identifica cense_and_ an independ hone statio To earn an oral commu operating p Final R mple_Incide n be acces ualified wo or other em in a comm rkers. The D s for inciden espond to, a competition all directed a dlines, and ecome the tion rather th Credential_ ent tester. ns, and abo MROP, an nications in rocedures. M eport – Pag nt_Card) sed by rkers are ergency, th on format, OI Incident t personnel nd recover in those fie t the marin wireless industry an a Information MROP is ard vessels individual m English, and ROP licen e 13 e and from lds. er .html in ust ses

Final Report – Page 14 General Radiotelephone Operators License (GROL) Source:http://study.com/articles/Telecommunications_License_and_Credential_Informat ion.html The GROL is required for telecommunications workers who repair and maintain radiotelephone transmitters in the maritime, aviation, and global public radio services industries. The FCC issues this license with the approval of an independent tester for a $120 fee. The applicant must pass the test for MROP (see above) and display proficient skill in communication via oral English, but also test on circuit components, antennas, signals, emissions, and principles of electricity. Private Sector Communications These organizations bridge the credentialing gap between the professional communications world and FCC regulations by offering technical competencies that members can earn by taking written tests. Credentials from these organizations are universally recognized in the field as technical competence. Society of Cable Telecommunications Engineers (SCTE Certificate) Source:http://www.scte.org/SCTE/Membership/Benefits_of_Membership/SCTE/Membership/Me mbership.aspx?hkey=3e7a4d11-ecb0-4515-8052-54593a3ec853 The SCTE, a private organization, offers many certification options for telecommunications professionals who install, troubleshoot, and maintain broadband and digital video devices. SCTE utilizes a global database to track earned credentials. Certifications must be renewed every 3 years. These credentials are often paid for by an employer and are offered, in part, by industry leaders such as Linux and Cisco. National Association of Radio and Telecommunications Engineers Inc. (iNARTE) Certification Source: http://inarte.org/what-we-offer/inarte-professional-certifications/ The iNARTE certification system is for telecommunications professionals involved in local area network (LAN), wide area network (WAN), satellite, cellular, and related technologies and requires written testing. iNARTE was recommended for and certified by the FCC as a Commercial Operators License Examination Manager (COLE Manager) and, therefore, is often required for most government telecommunications jobs. Credentialing is often paid for by an employer and is issued for military and government jobs, but is applicable to civilian work as well. The association also utilizes a global database to track earned credentials. Civilian Emergency Assistance Groups Amateur Radio Emergency Service (ARES) (http://www.arrl.org/ares) ARES is loosely governed by the FCC, and all HAM operators (amateur radio licensees) are licensed by the FCC, but the organization is more supportive than directive, since it is volunteer based. The American Radio Relay league (ARRL) is the issuer of the credential (e.g., local AuxCom card), but “groups” are organized locally by the person holding the position of Emergency Coordinator (EC). In the event of an emergency, ARES members support the

Final Report – Page 15 community and first responders by providing radio communication on HAM bands when other communication methods fail. Radio Amateur Civil Emergency Service (RACES) (http://www.usraces.org) RACES is a government standby radio service provided for in Part 97.407 of the FCC rules and regulations. It is made up of only those amateur radio operators who are pre-credentialed by state or local jurisdictions to provide emergency radio communications in times of emergency and during the immediate aftermath. SKYWARN National Program (Certificate) (http://www.skywarn.org) SKYWARN is a volunteer program that has numerous trained severe weather spotters who keep their local communities safe by providing timely and accurate reports of severe weather events to the National Weather Service (NWS). The NWS is the issuing authority that establishes the criteria and offers free 4-hour classes required for this credential. A certificate is issued, but as the information is vetted by a meteorologist, credential verification is not needed.

Final Report – Page 16 Elemental Analysis Matrix Based on the information collected from the sources described above, a comprehensive matrix was created comprising agency/sub- agency, credentials currently available, and credential attributes. Table 1. Elemental Analysis Matrix Showing the Credential Type and Attributes Note: The information provided herein does not necessarily pertain to communications workers. It generally covers infrastructure and utility repair personnel (e.g., first responders) responding rapidly to an emergency (emergency/recovery worker). Credential Type Credential Attribute Agency Sub-Agency Credential Name Qualification Issued at Completion Name UniqueID Number Photo Biometric Data Logical Access Qualifications Radio Callsign Team/Rank Certificate Issued Other credentials reqr'd to authenticate? Department of Homeland Security Transportation Security Administration Transportation Worker Identification Credential (TWIC) PIV/PIV-I Card      Hazardous Material Endorsement (On CDL) Additional endorsement on CDL card     Aviation Worker Credentials Badge issued by airport       National Guard/Military Defense Biometric Identification System (DBIDS) PIV/PIV-I Card        FEMA Emergency Management Professional Program Certificate    NIMS "Red Card" -- Incident Command System Card, and credentials in system       Private Sector SCTE Society of Cable Telecommunications Engineers (SCTE) Certificate, entered into global database of members     iNARTE National Association of Radio and Telecommunications Engineers Inc (iNARTE) Certification Certificate, entered into global database of members     FCC Telecom/Radio Maritime Radio Operator Permit (MROP) Permit       General Radiotelephone Operators License (GROL) Permit      Civillian Groups National Weather Service SKYWARN Certificate    American Radio Relay League Amateur Radio Emergency Service Permit      ARRL ARES Certificate    

Final Report – Page 17 The collected information may support the development of a statewide system to credential communication emergency management and response personnel to ensure proper authorization and access to an incident, including those involving mutual-aid agreements and/or assistance agreements. Task 2. Requirements to Obtain (RTO) Analysis The Requirements to Obtain (RTO) matrix below (Table 2) was created by compiling a list of relevant credentials on the federal, private, and civilian levels, and finding the information or actions required to submit an application for, and acquire, each credential. The websites and primary sources for each credential and issuing agency were used to provide information on the table such as what the credential is used for and how it is issued. When possible, pictures of the credentials were used to show its construction and design. Topics in the table include the following: - Full name - Date of birth - Address - Place of birth - Legal residence/citizenship - Photo - Fingerprints - Background check (security threat assessment) on-job training, and - Required coursework/tests A major barrier in compiling this information was that many of these credentials are not publicly available due to security concerns, but what is available publicly is listed. NIMS-compliant planning information availability varies by state, as each governing body is tasked with developing a plan that is FEMA/NIMS compliant. Most of the smaller details of credentialing and actual practices are left vague to allow for maximum flexibility of on-scene incident managers. Respective turn-around times and costs for each credential were estimated and included. Sources for this information include reported times and costs from credential holders, federal government Paperwork Reduction Act estimates, and estimates from the credential issuer.

Final Report – Page 18 Table 2. RTO Matrix Note: Some of the information was made available by local agencies, such as the Virginia Tech Office of Emergency Management, which provided expert feedback on incident management and safety training. Credential Type Credential Attribute Agency Sub-Agency Credential Name Qualification Issued at Completion Full Name Date of Birth Address Place of Brith Legal Residence Photo Fingerprints Security Threat Assessment On-job Training Classroom Courses Exam/Test Cost (Specify) Aprox. Hours to complete application/ credits Job Experience / Prerequisites (Specify) Department of Homeland Security Transportation Security Administration Transportation Worker Identification Credential (TWIC) PV/PV-I Card         $128 6 hours Port Workers Hazardous Material Endorsement (On CDL) Additional endorsement on CDL card           $80-$100 10 hrs Truck Drivers (Must have CDL) Aviation Worker Credentials Badge issued by airport          $80-$100 Varies by airport Established by airport National Guard/Military Defense Biometric Identification System (DBIDS) PV/PV-I Card          None N/A Must be military member FEMA Emergency Management Professional Program Certificate      None 171 credit hours For emergency managers NIMS "Red Card" -- Incident Command System Card, and credentials in system         $0-$4000 Basic courses take about 15 hours First Responders Private Sector SCTE Society of Cable Telecommunications Engineers (SCTE) Certificate, entered into global database of members     $75-$120 Annually Varies by course None. Only requirement is the written tests iNARTE National Association of Radio and Telecommunications Engineers Inc (iNARTE) Certification Certificate, entered into global database of members      $100-$150 Varies by course 3-9 years, depending on level FCC Telecom/Radio Maritime Radio Operator Permit (MROP) Permit     $80 2 hrs Proficent in spoken English General Radiotelephone Operators License (GROL) Permit     $120 4 hrs Proficent in spoken English Civillian Groups National Weather Service SKYWARN Certificate    None 4 hours None. American Radio Relay League Amateur Radio Emergency Service Permit     $15  10 hrs Requires Ameatur Radio License

Final Report – Page 19 Task 3. Regulatory Analysis To complete Task 3, the research team has supplemented information gathered for attributes and the RTOs with data concerning the issuing agency, programs, policies, and exemptions pertaining to the issuance of security credentials for communications workers. In addition, as the team reviewed the state plans, publications, and operating procedures, a summary table was created that lists each state, the credential, and the agency responsible for oversight (Table 3). (Note: The appendix contains links to several selected states’ departments/divisions of emergency management and their emergency plans.) Table 3. State Emergency Management Credentialing Summary Matrix State Credential Available Incident Specific Oversight Agency Access Type Source or Reference ARES/RACES Collaboration Alabama Yes Yes AL Emergency Managmt Agency Red Card Emergency Operations Plan Yes Alaska Yes Yes AK Dept. of Comm, Comnity and Ec. Devlpt (DCCED) Red Card State Emergency Operations Plan Yes Arizona Yes Yes AZ Div. of Emerg Management Permit State Emergency Plan Yes Arkansas Yes Yes AR Dept of Emrg Mngmt Permit Emergency Operations Plan Yes California Yes Yes CA Office of Emergency Services Red Card State Emergency Plan Yes Colorado Yes Yes CO Dept of Public Safety/Emrg Mngnt Permit State Emergency Operations Plan Yes Connecticut Yes Yes Dept of Emrg Servs and Public Protect Red Card State Response Framework Yes Delaware Yes Yes DE Off. of Emrg Management Permit Emergency Operations Plan Yes Florida Yes Yes FL Depart. of Mangmt Services Red Card State Emergency Operations Plan Yes Georgia Yes Yes GA Emergency Managmnt Agency Red Card Emergency Operations Plan No Hawaii Yes Yes HI Civil Defense Permit Catastrophic Hurricane Operations Plan No Idaho Yes Yes ID Bureau of Homeland Secuirty Card Emergency Operations Plan Yes Illinois Yes Yes IL Emerg Mngmt Agency Permit Emergency Operations Plan Yes Indiana Yes Yes IN Department of Homeland Security Permit Emergency Response Plan Yes Iowa Yes Yes Polk County Emerg Mangnt Agency Red Card Comprehensive Emergency Plan No Kansas Yes Yes KS Divi. of Emerg Mangmt Red Card State Emergency Operations Plan Yes Kentucky Yes Yes KY Division of Emerg Mangmt Permit Emergency Operations Plan Yes Louisiana Yes Yes LA Off. of Homeland Sec. and Emrg Prep Permit Emergency Operations Plan No Maine Yes Yes ME Dept. of Emerg Mngmt Permit Emergency Operations Plan Yes Maryland Yes Yes MD Emergency Management Agency Permit Emergency Preparedness Program Strategic Plan No Massachusetts Yes Yes MA Emergency Management Agency Permit Comprehensive Emergency Management Plan Yes Michigan Yes Yes MI Emrg Mngmt and Home Sec Div. Permit Emergency Management Plan Yes Minnesota Yes Yes MN Deptm of Public Safety Permit State Emergency Plan Yes Mississippi Yes Yes MS Emergency Management Agency Permit Comprehensive Emergency Management Plan Yes

Final Report – Page 20 Table 3. (contd.) Collected data will also be useful in assessing worker identification credential (WIC) program effectiveness and identifying deficiencies before the program is fully implemented by an agency. A developed program may require workers’ enrollment and access card issuance as well as implementation and testing of access control technologies such as a biometric card reader. Moreover, states currently have Professional Emergency Management Certification programs in place that are aimed at fostering emergency management training. The research team conducted Tasks 1, 2, and 3 concurrently and collected the relevant information from publicly available sources on credentialing practices using various state and federal standards. A summary of these practices is listed below. State Credential Available Incident Specific Oversight Agency Access Type Source or Reference ARES/RACES Collaboration Missouri Yes Yes St. Louis County Permit Emergency Operations Plan Yes Montana Yes Yes MT Disast and Emerg Mangmt Services Permit Emergency Response Framework Yes Nebraska Yes Yes NE Emergency Management Agency Permit Emergency Operations Plan Yes Nevada Yes Yes Division of Emerg Mangmt Red Card Emergency Operations Planning Guide No New Hampshire Yes Yes NH Bureau of Emerg Mangmnt Permit Emergency Operations Plan Yes New Jersey Yes Yes NJ Office of Emerg Mangmnt Permit Emergency Operations Plan Yes New Mexico Yes Yes NM Dept of Home Sec and Emrg Mngmt Permit All-Hazard Emergency Operations Plan Yes New York Yes Yes NY Office of Emerg Mangmnt Red Card Comprehensive Emergency Management Plan Yes North Carolina Yes Yes NC Departmt of Public Safety Permit All Hazard Incident Management System Yes North Dakota Yes Yes Cass County Dept of Emerg Mngmt Permit Emergency Operations Plan Yes Ohio Yes Yes OH Emerg Managmt Agency Permit Emergency Operations Plan Yes Oklahoma Yes Yes OK Dept. of Emerg Mangmnt Permit Emergency Operations Plan Yes Oregon Yes Yes OR Emergency Management Red Card State Emergency Plan Yes Pennsylvania Yes Yes PA Emergency Management Agency Permit State Emergency Operations Plan Yes Rhode Island Yes Yes RI Emergency Management Agency Permit HazMatrls/Envir Protect Plan No South Carolina Yes Yes SC State Emerg Ops Center Permit Emergency Operations Plan Basic Plan Yes South Dakota Yes Yes SD Off. of Emerg Managmt Permit Emergency Management Handbook No Tennessee Yes Yes TN Emergency Managmt Dept Permit Emergency Operations Plan Yes Texas Yes Yes TX Emergency Management Division Red Card State Emergency Plan Yes Utah Yes Yes Div. of Emerg Management Permit Emergency Operations Plan No Vermont Yes Yes Office Emergency Management Permit Emergency Operations Plan No Virginia Yes Yes VA Emerg Mangemt Office Permit State Emergency Operations Plan Yes Washington Yes Yes WA State Milit Dept Emerg Mangmt Div. Red Card Comprehensive Emergency Management Plan Yes West Virginia Yes Yes WV Div. of Home Sec and Emerg Mngmt Permit Emergency Operations Plan Yes Wisconsin Yes Yes WI Div. of Emerg Management Red Card Emergency Response Plan Yes Wyoming Yes Yes WY Depart of Homeland Sec. Permit Response Plan Yes

Final Report – Page 21 Summary of Current Credentialing Practices across Different Agencies The information obtained during these three tasks has provided insight into the following questions: 1. Who receives the credential and for what purpose? - TWIC is issued for port workers, DBIDS for military and DoD entry points, and the “Red Card” for emergency response workers. - SCTE and iNARTE credentials are earned by technicians and engineers in the telecommunications field. - Any citizen can join SKYWARN, a volunteer organization for providing ground-truth observations during weather events to the NWS. - Any citizen with a HAM radio license can join the ARRL’s ARES, a group called upon to provide emergency communications for citizens and emergency services in a disaster area. - Some interstate jurisdictions use the Emergency Management Assistance Compact (EMAC) or mutual aid for specific credentialing. 2. Who establishes the criteria for obtaining credentials? - The federal government establishes guidelines for credentialing for its respective departments through legislation that creates and regulates the department. SCTE and iNARTE create their own credentialing requirements with input from the FCC and other telecommunications companies, such as Linux, Cisco, and Red Hat. Civilian assistance groups are regulated by their own bylaws and fall within FCC guidelines for earning radio credentials. 3. Who administers and issues the credential? - The federal government, ultimately under the direction of the DHS, directly issues credentials through the appropriate sub-agency for TWIC, DBIDS, and “Red Card.” DHS oversees certification of aviation workers under FCC/Federal Aviation Administration (FAA) laws and emergency managers under FEMA. - The majority of private industry certifications are maintained by two major organizations, SCTE and iNARTE. The MROP and GROL licenses are offered and maintained by the FCC. The civilian assistance groups, such as SKYWARN and ARES, are set up by nationwide organizations, but each local chapter maintains its own autonomy, issuing credentials locally. - The ESF-2 Communications Coordinator of the responding jurisdiction who may issue a credential only for the specific purpose requested. 4. How is the credential obtained? - TWIC cards and airport worker credentials require an application with fingerprints, federal background check, and proof of documentation (birth certificate, passport, etc.). The credential, if approved, is mailed to the applicant. HME (HazMat transport) requires an active CDL, a background check, and coursework, followed by an exam. The endorsement is then added to the driver’s CDL. - EMPP credentials are issued to those that complete the coursework and are actively employed in the emergency management field.

Final Report – Page 22 - NIMS credentials (e.g., TWIC, AWC) are obtained through training programs for the basic courses. Later, a mix of on-the-job experience, additional training/specialization, and testing are required for SCTE and iNARTE credentials. MROP and GROL radio permits are obtained through testing with the FCC. Both civilian services, ARES and SKYWARN, credentials are valid only with the relevant training and permissions from local authorities. 5. Who agrees to accept the credential for access in emergency situations, and how is that established? - Any NIMS credential (see above) is automatically accepted by law enforcement and other first responders on an emergency scene. The NIMS model can be expanded to include communications workers quite easily, but this would place some burden on communications companies and their employees, as the base classes for NIMS and ICS take several hours to complete, and the turnover rate for employees must be managed to avoid unneeded spending and time spent earning these credentials. 6. Is the credential administered to an organization on behalf of qualified employees or to individuals (e.g., independent contractors)? - The following are issued to an organization on behalf of qualified employees: aviation workers, NIMS (issued to first responders but must be employed in the field to be eligible), ARES, and SKYWARN. - The following are issued to individuals: TWIC, HME, DBIDS, EMPP, SCTE, iNARTE certification, MROP, and GROL communications. - If the EMAC or Mutual Aid request is for a Strike Team or a Task Force the credentialing may be issued by the responding jurisdiction to the organization, e.g., a Tower Repair Strike Team, which assures that all members of the Team are tower repairers. If the request is for individual resources, e.g. Tower Repairers, then the credential is issued to individuals. In the receiving jurisdiction, communications worker credentials are usually issued to individuals, since they are typically deployed one or two at a time to a specific site. 7. What is the time and cost to obtain the credential? This may be estimated based upon recommendations provided by the issuing authority. - All federal credentials take less than a day to apply for and cost under $130. The largest share of the cost goes to the FBI background checks that are required for TWIC, airport workers, and HazMat endorsements on a CDL. The basic levels of NIMS and the entire EMPP are free to those that qualify to take the courses. If on-site training is needed for NIMS, an organization can hire a private company that offers training courses and issues certifications. - Private sector communications certificates vary in cost, based on what tests the student is purchasing, but generally range between $100 and $1,500. The time to study for each test varies by student, but the certificates are issued immediately after a successful test attempt. - The civilian assistance groups discussed above are free to join, but some require an amateur radio license, costing $15 and passing an hour-long test. - FCC radio operator permits cost $80 to $120 and require a 2- to 3-hour test.

Final Report – Page 23 8. How might properly credentialed personnel be integrated into the emergency response planning process? - Properly credentialed personnel can be used to accurately draw up emergency response plans, as the NIMS system allows emergency planners to see the credentials and location of first responders across their region and the country. Civilian assistance groups travel to the location of a disaster only after being called upon to provide aid, but can be counted on to respond anywhere, as they are included in nearly every state emergency plan. - Currently, there is no plan to include credentialed individuals from private communications credentialing companies in emergency planning. However, the NIMS system could be expanded to include them as contractors, requiring them only to have relevant credentials, not the entire base system normally required of NIMS-certified first responders. This could reduce workload and cost for both the government and private telecommunications companies. 9. How will the credential be authenticated in the field during an emergency (e.g., equipment, processes, and applications)? - Any PIV-I/PIV card, commonly used by the federal government and state authorities, can be authenticated by a chip reader, a barcode scanner, or a magnetic stripe reader. This combination leads to usefulness when traveling to other regions for emergency response. SCTE and iNARTE certifications are not usually authenticated in the field, but as both have a global database of all certified members, they can be checked by proxy. - Local civilian assistance groups often issue identification cards internally, but the letter of intent issued by a government official declaring a state emergency is what authorizes their presence in the disaster zone. A grouping of credentials designating specific access areas or competencies along with security levels is presented in Table 4. This table complements the information supplied in previous matrices with the purpose of indicating credentials that are issued to varied individuals belonging to certain work fields regardless of their background or type of incident. Future developments will shed more light into which credentials certify or designate worker competency in specific technical areas related to communications systems and operations and which credentials certify or attest to an individual’s security status. Table 4. Classification of Identified Credentials Function of Security Level or Access Area Credential Agency Security Level Access Area Competency TWIC DHS, TSA High Land, Air, Maritime Transportation HME DHS, TSA High Land Transportation AWC DHS, TSA High Airports Transportation Red Card DOI, NPS High Wildland Fires Wildfire emergency PIV-I DHS, TSA High Land Communication MROP, GROL FCC Medium to Low Land, Air, Maritime Communication SCTE, iNARTE FCC Medium to Low Land Communication ARES Civilian Low Land Communication