Active Shooter Events: Guidance from the National Fire Protection Association, the International Association of Chiefs of Police, and the Role of Unified Command

By Stephen Owen, Criminal Justice Chair and Professor, Radford University, E-mail: ssowen@radford.edu

Introduction

The Federal Bureau of Investigation (FBI) defines an active shooter situation as “an individual actively engaged in killing or attempting to kill people in a populated area.”[1]  Under this definition, the FBI identified 30 such incidents in 2017;[2] this was the highest in any year since 2000, when the FBI began recording them.[3]  While their complexity extends well beyond a one-sentence definition,[4] it is clear that active shooter situations – or, those in which the weapon is a vehicle, bladed instrument, explosive device, or something other than a firearm – require deliberate and effective preparation by first responders and the public, alike, and come with many challenges during the response and recovery phases.

Two newly prepared documents were released earlier this year to provide first response communities with guidance on how to prepare for, respond to, and recover from active shooter incidents.  The National Fire Protection Association released standard NFPA-3000, focused on “Active Shooter/Hostile Event Response (AHSER),”[5] and the International Association of Chiefs of Police updated its concepts and issues paper on active shooter response.[6] 

The purpose of this article is to provide a broad overview of each document, to consider their use for developing preparedness, and to focus specifically on one element that each shares in common:  An emphasis on unified command.  While this article does not delve into the specifics of tactical response,[7] it does advocate for the use of unified command as an incident management strategy.

The NFPA’s New Standard:  NFPA-3000

In 2018, the National Fire Protection Association (NFPA) released a new standard, NFPA-3000, titled “Standard for an Active Shooter/Hostile Event Response (ASHER) Program.”[8]  The purpose of the standard is to guide preparedness, response, and recovery efforts related to ASHER incidents.  As such, the standard does not attempt to provide a “one size fits all” plan, but rather synthesizes generally recognized best practices across a wide variety of topics that can guide jurisdictions to assess their own risks, plans, response protocols, and recovery processes. 

Consistent with Federal Emergency Management Agency (FEMA) doctrine emphasizing the importance of interagency collaboration,[9] NFPA-3000 recognizes the need for multiple response partners to come together when addressing ASHER incidents.  In doing so, the standard covers:

  • local risk assessment;
  • development of standard operating procedures and emergency action plans;
  • fire service, EMS, and law enforcement tasks and competencies;
  • the use of incident size-ups and identification of hot, warm, and cold zones; [10]
  • recommendations for personal protective equipment (i.e., ballistic armor) in each zone;
  • implementation of unified incident command structures;
  • training for first responders and members of the public;
  • public notification and communication;
  • post-incident recovery, including family assistance center operations, management of volunteers and donations, and psychological recovery;
  • and much more.

The NFPA-3000 standard was developed with input from many stakeholder groups.  The NFPA’s Technical Committee on Cross Functional Emergency Preparedness and Response included members representing law enforcement, fire and rescue services, emergency medicine, emergency management, industry suppliers, first response leadership (including the International Association of Chiefs of Police, International Association of EMS Chiefs, and International Association of Fire Chiefs), public safety labor organizations, and a variety of other subject matter experts.   

Finally, NFPA-3000 is intended to be dynamic.  Work is already underway on the second edition of the standard, to be released in 2021.  At least two rounds of public comment are scheduled, the first closing on August 1, 2018 and the second on May 8, 2019,[11] contributing to the first and second drafts of revisions to the standard. 

The IACP’s Updated Concept Paper:  Active Shooter

Also in 2018, the International Association of Chiefs of Police (IACP) released an updated “concepts and issues” paper on active shooter response.[12]  This document was intended to supplement the IACP model law enforcement agency policy on active shooter incidents.[13]  Developed by the IACP’s Law Enforcement Policy Center, the document provides useful background information about active shooters and serves as a primer on response strategies with a primary (though not exclusive) focus on law enforcement.  As such, this is an outstanding companion document to read in conjunction with NFPA-3000, as the two offer complementary, and consistent, guidance.

The IACP paper begins with an overview of active shooter incidents, including a brief historical sketch and overview of what is known about this type of incident.  One clear theme, and reflective of current law enforcement practice, is the importance of a rapid response by individual officers or contact teams, this having replaced past reliance on special operations units (e.g., SWAT/SORT); this transition is often identified (and in the IACP document as well) as a result of the 1999 Columbine incident.[14]

In the remainder of the IACP paper, guidance is offered on principles that may shape the law enforcement response to active shooter incidents.  These include:

  • guidelines for engagement;
  • the establishment of appropriate perimeters and hot, warm, and cold zones;
  • the role of law enforcement-EMS collaboration through the use of the rescue task force model,[15] in which treatment and triage may be established in the warm zone rather than waiting for the scene to be fully secured prior to EMS entry;
  • the establishment of a unified incident command;
  • identification of incident management locations, such as responder staging, media staging, and appropriate locations for survivors and victim families to be gathered;
  • and more.   

Documents Ready to be Used for Preparedness

The NFPA and IACP documents deserve a broad readership.  There is much to shape discussion not only for the “traditional” first response agencies (police, fire, EMS), but also among response partners such as (but not limited to) public safety answering points (or other dispatch centers),[16] public health, hospitals, public works, institutional emergency managers, elected officials, public information officers, community counseling professionals, and others who would have a role in ASHER incidents.  Place managers and staff at locations with response plans for their publics or clients[17] may also find value in the documents, by gaining further understanding of first responder priorities in such incidents.

An outstanding strength of both NFPA-3000 and the IACP paper is their succinct but thorough identification of issues related to active shooter incidents.  At the same time, both are quick to note that their scope is not only shootings, but also extends to other types of attacks that can result in mass casualty incidents.

There is great potential for both documents to guide the development of plans, protocols, exercises, training and public education initiatives, and other efforts to build preparedness.  As ASHER incidents pose significant life safety threats, evolve rapidly, pose uncertainties, and require decisive actions, such preparedness is essential.  One value is that the guidelines are broad enough to be applied to each agency’s individual context – recognizing, for instance, that there may be differences based on agency resources and size, urban or rural location, threat profile within the jurisdiction, and so on.

For agencies utilizing FEMA’s Homeland Security Exercise and Evaluation Program[18] (HSEEP) model of exercise development, NFPA-3000 and the IACP paper can serve as models for structuring exercise evaluation guides (EEG’s) to assess agency performance of key tasks; the practices outlined in each document can easily be translated to EEG formats or planning checklists that can guide pre-exercise briefings and structure evaluator comments.

Plan development, training, exercising, and other initiatives should not be conducted in isolation.  As stated by law enforcement trainer Mike Wood in a discussion of mass casualty incident planning, “The days of public safety stovepipes are over…all public safety specialties [must] understand how they will combine forces and work together during an emergency.”[19]  This can only be accomplished through collaborative work – whether planning, training, or exercising – and is essential to the development of effective unified command structures.

Unified Command:  A Quick Overview

NFPA-3000[20] and the IACP paper[21] both recommend that a unified incident command structure be utilized for active shooter (or other ASHER) incidents.  Further, they recommend a centralized command post.  While the concept of unified command is a staple of FEMA’s incident command system training,[22] it is worthwhile to quickly review the concept.

In the aftermath of the September 11, 2001 terrorist attacks, the National Commission on Terrorist Attacks Upon the United States (the “9/11 Commission”) was created to study what happened, including the evolution of terrorist threats, intelligence and threat analysis processes, the attacks themselves, and the response to them.  One finding was that, in the New York response, “there was a lack of comprehensive coordination” among the agencies responding to the incident, and that “information that was critical to informed decisionmaking was not shared among agencies;”[23] in fact, different agencies had different command posts. This led the Commission not only to recommend use of the incident command system (ICS), but also to recommend that “the Department of Homeland Security should consider making funding contingent on aggressive and realistic training in accordance with ICS and unified command procedures.”[24]     

In 2003, President George W. Bush issued Homeland Security Presidential Directive 5,[25] which specified the development of a national incident management system (NIMS).  Most recently revised in October of 2017,[26] current NIMS doctrine continues to define the incident command system, which creates a structure and set of principles intended to guide response to any type of incident(s), across any jurisdiction(s). 

One component of incident command is the concept of unified command.  At its most basic, unified command directs that response agencies managing an incident should work together in doing so.  This is accomplished by having each agency send the person who would ordinarily serve as its incident commander to a single command post.  Those individuals then collaborate as a team, each with their own expertise that can guide the response to determine incident objectives and to develop and approve the incident action plan for each operational period or shift.  They function in place of a single incident commander.  Important to note is that deference is granted based on expertise – that is, the law enforcement representative would be presumed to direct the law enforcement component of the operations, the EMS representative for triage/treatment/transport, and so on – but all would be “on the same page,” leading to good communication and a coordinated effort. [27]

NIMS has this to say about the benefits of unified command: “A Unified Command allows these participating organizations to set aside issues such as overlapping and competing authorities, jurisdictional boundaries, and resource ownership to focus on setting clear priorities and objectives for the incident.  The resulting unity of effort allows the Unified Command to allocate resources regardless of ownership or location.”[28]     

In other words, collaboration in incident command should be established as close to the outset of an incident as possible, to ensure communication and coordination.  In turn, doing so strengthens the overall response and the ability to achieve critical life safety and incident stabilization outcomes.[29] 

Unified Command:  Challenges

Since the 9/11 Commission Report, agencies have continued to struggle with the use of unified command.  Several examples from active shooter incidents are briefly described below, drawn from after-action reports (AAR’s) that contain more extensive discussion (each of which offers numerous other insights worth reviewing, as well).[30]  This is not to suggest that any response was inadequate, but rather that there was the opportunity to further develop and utilize unified command structures.

Aurora Theater Shooting (2014).[31]  In reviewing response actions, the AAR noted, “Police and fire commanders did not establish a unified command during the first hour and did not communicate effectively using available radio systems in the initial, critical, minutes of response, triage and transport.”[32]  This, in turn, impaired victim access to ambulances (many victims were instead transported by police vehicles)[33] and led to stress for hospital emergency departments, with whom communication was also not fully established.  One factor related to these observations was that “there was no joint police, fire, and EMS active shooter policy,”[34] which has since been remedied.

Pulse Nightclub Shooting (2016).[35]  One finding of the AAR was stated as follows:  “While the SWAT commander led the response inside the club,[36] during the first hour of the incident there was no one who assumed command outside the club to manage the overall operation as well as the staging and deployment of personnel and resources as they arrived on the scene.”[37]  In addition, unified command linking law enforcement with EMS was not established; each worked from a separate command post.  A consequence was that “emergency medical services (EMS) officials…were unaware of the discussions occurring and the decisions being made.”[38]

Fort Lauderdale-Hollywood International Airport Shooting (2017).[39]  One theme in the AAR was the presence of multiple commands, rather than a single unified command.  For instance, the authors of the AAR noted that “Planning occurred in silos among approximately five [incident command posts],”[40] and that the primary law enforcement command post “did not communicate regular status reports to other first responding agencies to support accurate and timely situational awareness.”[41]  The AAR reported that this challenged the ability to develop and implement incident action plans. 

From these three incidents alone, several lessons can be extracted.  First, response to active shooter events requires collaboration between law enforcement and EMS, and potentially other responders, which is better provided through a coordinated unified command than through independent efforts.  Second, communication is critical, and having a single command post with unified command can improve communication.  Finally, a recommendation across virtually all AAR’s is the importance of continued training and exercising.  Deliberate and inclusive planning processes can help agencies prepare for unified command in active shooter (and other) incidents.

Unified Command:  Explaining and Overcoming Challenges

One question begged by the above is, if unified command is recognized by the NFPA and the IACP as essential for ASHER incidents, and is consistent with a Presidential policy directive and NIMS doctrine, why is it so challenging?  There are several answers that are suggested by prior research, each of which contains within it potential solution(s).

Mechanistic or Organic?  In research for his doctoral degree, Hsein-Ho Chang studied the incident command system and found that it could be perceived as a rigid “mechanistic” system driven by top-down rules and strict structures, or that it could be perceived as a flexible “organic” system designed to permit collaboration in determining how to best resolve an incident.  If viewed as a mechanistic system, the tendency would be toward having one incident commander in a command-and-control model.  If viewed as an organic system, the tendency would be to more readily incorporate unified command, recognizing that incident needs, approaches, and priorities may change; this, in turn, would require collaborative and evolving decision making that would be more challenging under a mechanistic command-and-control approach.[42]

The organic approach emphasizing unified command would seem to be most consistent with the “Guiding Principles” expressed in FEMA’s National Response Plan.  These include fairly strong statements in support of promoting response partnerships; noting that changes in incident status require flexibility and adaptability; and, indeed, the use of unified command:  “Effective, unified command is indispensable to response activities.”[43]

This raises a significant question as to how ICS is taught and how it is received.  If presented, whether in training or policy documents, as solely mechanistic, then unified command may not resonate as a valuable and routine practice.  This could suggest the need for a careful self-examination among response agencies in this regard.  In one after-action report, a concern was noted that training was not perceived as relevant because ICS as presented “does not connect the structure to ‘real’ incidents.”[44]  This could be a signal that a model is perceived as more mechanistic (generating frustration at trying to “fit” an incident into ICS “boxes”) and less organic (using ICS as a flexible management tool), which further dialog could help to address. 

Complexity of incidents.  In a study of past incidents (beyond ASHER situations), Donald Moynihan, Director of the La Follette School of Public Affairs at the University of Wisconsin, found several factors that impede the success of the incident command system, generally.  These include having to manage numerous complex tasks, having “intense time constraints,” and coordinating among many responders.[45]  Unfortunately, all are present in ASHER incidents.  Multiple complex priorities include stopping the attack, warning the public, clearing facilities and their occupants, conducting a preliminary investigation, establishing and maintaining perimeters, facilitating triage, treatment, and transportation of the injured, and more.  These priorities must all be accomplished as soon as possible, and preferably sooner, and can involve the work of hundreds of response personnel immediately arriving on the scene.

At the same time, Moynihan found that implementation of the incident command system is more likely to be effective when there has been prior experience utilizing ICS structures and “responders had strong positive working relationships with one another.”[46]  This reinforces the notion that training and exercising matter, as does a routine use of incident command – and of unified command, in particular – across all incidents (actual or exercised).  Exercises provide an excellent opportunity to deliberately reach out to response partners to participate.  Even if an exercise is “really” intended as an EMS or law enforcement-focused activity, other responders can learn from simply observing, and unified command can be integrated as a component of virtually any exercise scenario.

Moynihan’s focus is on developing networks and building relationships in an incident command context.  Doing so is simply unified command by another name.  (For a humorous but valuable perspective on the role of relationship-building in unified command, see retired Virginia State Police Captain Thomas Martin’s presentation, “The Many Hats of Highway Incident Management,” linked in footnote 47).[47]

Cognitive Barriers.  Joseph Pfeifer, who in 2001 was a New York Fire Department (FDNY) battalion chief and responder to the World Trade Center on September 11, currently serves as Chief of Counterterrorism and Emergency Preparedness for the FDNY.  In an essay on crisis leadership, he identified two potential barriers to effective incident management.  The first is “operational addiction,” in which the incident commander is so deeply involved in ground-level tactics that the larger roles of incident command – including establishment of objectives, establishment of unified command, maintenance of situational awareness, and overall incident management – are neglected.  The second is “normalcy bias,” in which the incident is perceived as being just another routine call (or if not routine, one that leads to a reaction of “we’ve got this”), without recognition of the new, unusual, or unanticipated challenges it may pose.[48]

In either case, the temptation is strong to stay within the organizational silo rather than expanding to include other voices at the command table.  With operational addiction, the metaphorical blinders come out to exclude a full consideration of response needs; with normalcy bias, the need for expanded participation in command structures is obscured by the overconfidence that “we’ve got this” can bring. 

Based on an assessment of numerous active shooter exercises, the consulting firm C3 Pathways has developed a thought-provoking paper about how on-scene incident command may evolve.  One focus is on the achievement of unified command through a bottom-up approach, rather than presuming unified command will be either instantaneous or rigidly hierarchical (both unrealistic assumptions).[49]  While each community of responders will no doubt have its own approach, the model helps to mitigate operational addiction by demonstrating how tactical operations can remain at the forefront of command and operations as a collaborative command structure is built, and helps to mitigate normalcy bias by ensuring a continued focus on situational awareness and a progressive establishment of unified command.   

No doubt other factors affect the use of unified command, but the discussion above suggests that, while there are explanations for gaps in unified command, there are also solutions.  As NFPA-3000 and IACP guidance continue to emphasize the importance, and necessity, of unified command for ASHER incidents, this will likely remain as an important area of discussion for agency trainers, planners, and exercise developers.

Conclusion

Active shooter incidents are all-too-familiar in the contemporary landscape.  Many debates could be held as to why this is the case, but an immediate concern is how to effectively structure first response activities. The NFPA-3000 standard and the IACP’s “concept and issues” paper on active shooters provide a strong set of recommended best practices that – especially in the context of unified command – are of value for agencies to consider as plans are developed, trained, and exercised; at the same time, it remains a hope that they never again have to be utilized in an active situation.

 

[1] Defined on the Federal Bureau of Investigation’s “Active Shooter Resources” page, available online at https://www.fbi.gov/about/partnerships/office-of-partner-engagement/active-shooter-resources, paragraph 1.

[2] U.S. Department of Justice. (2018). Active shooter incidents in the United States in 2016 and 2017. Washington, DC: Author.  Available at https://www.fbi.gov/file-repository/active-shooter-incidents-us-2016-2017.pdf/view

[3] This was based on a review of the above document with the following:  U.S. Department of Justice. (n.d.). Active shooter incidents in the United States in 2014 and 2015.  Washington, DC: Author.  Available at https://www.fbi.gov/file-repository/activeshooterincidentsus_2014-2015.pdf/view; and U.S. Department of Justice. (2014). A study of active shooter incidents in the United States between 2000 and 2013.  Washington, DC: Author.  Available at https://www.fbi.gov/file-repository/active-shooter-study-2000-2013-1.pdf/view.

[4] One useful overview is:  Sinai, J. (2016). Active shooter: A handbook on prevention (2nd ed.). Alexandria, VA: ASIS International.

[5] The NFPA-3000 website contains background information and a link to the standard, itself:  https://www.nfpa.org/codes-and-standards/all-codes-and-standards/list-of-codes-and-standards/detail?code=3000&tab=research

[6] The paper is available from the IACP website:  http://www.theiacp.org/model-policy/wp-content/uploads/sites/6/2018/04/ActiveShooterPaper2018.pdf.

[7] There are numerous sources that do so.  Without implying endorsement, examples include Blair, J. P., Nichols, T., Burns, D., & Curnutt, J. R. (2013). Active shooter events and response. Boca Raton, FL: CRC Press; Advanced Law Enforcement Rapid Response Training (ALERRT), e.g., https://alerrt.org/; and Rapid Deployment, Awareness, Intervention, Decisiveness, EMS, Recovery (RAIDER), e.g., https://www.alicetraining.com/our-program/raider/

[8] Information pertaining to NFPA-3000 was summarized from resources available at the standard’s webpage, provided in footnote 5, above.

[9] This would include FEMA’s National Response Framework (3rd edition, 2016), available at https://www.fema.gov/media-library-data/1466014682982-9bcf8245ba4c60c120aa915abe74e15d/National_Response_Framework3rd.pdf, and FEMA’s A Whole Community Approach to Emergency Management: Principles, Themes, and Pathways for Action (2011), available at https://www.fema.gov/media-library-data/20130726-1813-25045-0649/whole_community_dec2011__2_.pdf.   

[10] Similar to its usage for hazardous materials incidents, the hot zone is the location of the active threat; the warm zone is an adjacent area where potential risk may still occur; and the cold zone is outside of the known danger area.

[11] From the NFPA-3000 standard webpage, linked in footnote 5, above, select the “Next Edition” tab for upcoming dates and actions.

[12] The IACP paper is available online from the webpage linked in footnote 5, above.

[13] The IACP model policy on active shooters (2018 update) is available online from: http://www.theiacp.org/model-policy/wp-content/uploads/sites/6/2018/04/ActiveShooterPolicy2018.pdf

[14] E.g., “A lesson quickly learned from Columbine was that first responding law enforcement officers play a critical role during active shooter situations,” Blair et al., paged 12, cited in footnote 7.

[15] See the International Fire Chiefs Association position paper on “Active Shooter and Mass Casualty Terrorist Events” (2013), which includes an overview of the rescue task force concept and which also distinguishes it from tactical EMS/medic programs:  https://www.iafc.org/topics-and-tools/resources/resource/iafc-position-active-shooter-and-mass-casualty-terrorist-events

[16] Too often neglected, but beyond the scope of this article, is the need to ensure that PSAP personnel and functions are specifically integrated into active shooter exercises.  APCO International offers resources and training related to the telecommunications role in active shooter incidents:  https://www.apcointl.org/training-and-certification/continuing-dispatch-education-cde/resources-for-active-shooter-incidents/.

[17] There are multiple models for public response, and there is some degree of debate about what the “best” model is.  Some of the more commonly discussed include run/hide/fight, https://www.dhs.gov/sites/default/files/publications/active_shooter_pocket_card_508.pdf; avoid/deny/defend (paired with ALERTT, cited in footnote 7), http://www.avoiddenydefend.org/; alert/lockdown/inform/counter/evacuate (ALICE, paired with RAIDER, cited in footnote 7), https://www.alicetraining.com/; and the Standard Response Protocol established by the “I Love U Guys” Foundation, http://iloveuguys.org/.     

[18] Department of Homeland Security. (2013). Homeland security exercise and evaluation program (HSEEP). Washington, DC: Author.  Available at: https://preptoolkit.fema.gov/documents/1269813/1269861/HSEEP_Revision_Apr13_Final.pdf/65bc7843-1d10-47b7-bc0d-45118a4d21da.

[19] Wood, M. (2018, spring). 8 essential truths about MCI response plans in the wake of the Vegas shooting.  PoliceOne Academy, pp. 8-11 (quotation from page 10).

[20] Unified command is the focus of NFPA-3000 Chapter 8.

[21] Unified command is discussed in Section III-B in the IACP paper.

[22] E.g., ICS-100/200/300/400.

[23] National Commission on Terrorist Attacks Upon the United States. (2004). The 9/11 Commission report:  Final report of the National Commission on Terrorist Attacks Upon the United States. New York, NY: W. W. Norton & Company.  Quotation from page 321.

[24] Ibid, quotation from page 397.

[25] The full text of the directive is available at:  https://www.dhs.gov/sites/default/files/publications/Homeland%20Security%20Presidential%20Directive%205.pdf

[26] Federal Emergency Management Agency. (2017). National Incident Management System (3rd ed.). Washington, DC: Author. Available online at https://www.fema.gov/media-library-data/1508151197225-ced8c60378c3936adb92c1a3ee6f6564/FINAL_NIMS_2017.pdf. 

[27] Unified command is the subject of Unit 6 in ICS-100, and is reviewed in Unit 2 of ICS-200.

[28] National Incident Management System document, cited in footnote 26, above; quotation from pages 22-23.

[29] Consistent with Incident Command System principles, the three main priorities at any incident are life safety, incident stabilization, and property preservation; life safety and incident stabilization are clearly the most significant in ASHER incidents.

[30] Both NFPA-3000 and the IACP paper emphasize the importance of after-action reporting.

[31] TriData Division, System Planning Corporation. (2014). Aurora Century 16 Theater shooting: After action report for the City of Aurora.  Available online at https://justiceclearinghouse.com/wp-content/uploads/2017/10/C16-AAR.pdf.  For purposes of this discussion, see Chapter III and V, in particular.

[32] Ibid, quotation from page 33.

[33] Transportation in the law enforcement vehicles was hailed as a life-saving measure, although one precipitating factor was that ambulances could not access the area, in part due to some of the issues noted here.  This raises a question, beyond the scope of this article, about what policy guidance should be provided for using law enforcement vehicles for medical transport.

[34] TriData Division, cited in footnote 31, above; quotation from page 79.

[35] Straub, F., Cambria, J., Castor, J., Gorban, B., Meade, B., Waltemeyer, D., & Zeunik, J. (2017). Rescue, response, and resilience: A critical incident review of the Orlando public safety response to the attack on the Pulse nightclub.  Washington, DC: Office of Community Oriented Policing Services.  Available online at https://ric-zai-inc.com/Publications/cops-w0857-pub.pdf.  For purposes of this discussion, see Chapter 3, in particular.

[36] The SWAT commander was one of the first responding officers, as he was also the shift’s watch commander.  An off-duty officer who was working security at the nightclub engaged the shooter in gunfire and was part of the first contact team to enter the building.

[37] Straub et al., cited in footnote 35, above; quotation from page 47.

[38] Ibid; quotation from page 59.

[39] Ross and Baruzzini, Inc. (2017). Fort Lauderdale-Hollywood International Airport active shooter incident and post-event response: January 6, 2017: After-action report.  Available online at http://www.broward.org/Airport/Advisories/Documents/Afteractionreportfll.pdf.  For purposes of this discussion, see sections 3.1.1. and 3.2.2, in particular. 

[40] Ibid; quotation from page 24.

[41] Ibid; quotation from page 12.

[42] Chang, H. (2015). An analysis of the incident command system (Doctoral dissertation). University of Delaware, Newark, DE.  Available online at http://udspace.udel.edu/handle/19716/17458.  See the discussion of decision points, including the table on page 58, which distinguish mechanistic from organic approaches to ICS.

[43] U.S. Department of Homeland Security. (2016). National response framework (3rd ed.). Washington, DC: Author.  Available online at https://www.fema.gov/media-library-data/1466014682982-9bcf8245ba4c60c120aa915abe74e15d/National_Response_Framework3rd.pdf. Quotations from pages 5-6.

[44] Straub et al., cited in footnote 35, above; quotation from page 59.

[45] Moynihan, D. P. (2007). From forest fire to Hurricane Katrina: Case studies of incident command systems.  Washington, DC: IBM Center for the Business of Government.  Available online at http://www.businessofgovernment.org/sites/default/files/MoynihanKatrina.pdf.   Quotation from page 34.

[46] Ibid.

[47] The “Many Hats of Highway Incident Management” video is available at https://vimeo.com/29673244.    

[48] Pfeifer, J. W. (2013). Crisis leadership: The art of adapting to extreme events. Cambridge, MA: Harvard Kennedy School Program on Crisis Leadership.  Available online at https://www.hks.harvard.edu/sites/default/files/centers/research-initiatives/crisisleadership/files/Pfeifer%20Crisis%20Leadership--March%2020%202013.pdf.  Quotations from pages 3-4.

[49] C3 Pathways. (2013). 4 best practices for active shooter incident management. Orlando, FL: Author.  Available online at https://www.c3pathways.com/whitepaper/White_Paper_4_Best_Practices_Active_Shooter.pdf