The Department of Defense Can Improve Its Response to and Management of Anthrax Incidents

From March 14 to 18, 2005, potential anthrax-related incidents occurred at three Department of Defense (DoD) mail facilities in northern Virginia and Washington, D.C.: the Pentagon Remote Delivery Facility (RDF), the TRICARE Management Activity (TMA) suite in the Skyline Towers complex, and the Defense Intelligence Agency (DIA) RDF. DoD, along with several local and federal response agencies, responded to the incidents. Although further tests and analyses determined that no anthrax was present, the incidents provided an invaluable opportunity for learning, because they presented incident managers with significantly different scenarios and elicited three very different responses.

DoD asked the RAND Corporation to examine the responses to and management of the incidents and to make recommendations for future improvement. Drawing on national standards and guidelines, RAND researchers analyzed existing plans and documented actions related to each incident to draw conclusions and make recommendations at both the facility-specific level and the systemic, overarching level.

The RAND team identified areas where plans and actions were aligned and responses seemed appropriate, but also some areas where plans and actions were not aligned with national standards and guidelines. For the latter, much of the researchers' critique reflects the fact that DoD has not fully adopted the National Response Plan (NRP) and National Incident Management System (NIMS) framework for incident management, command, coordination, and control that the incident response community put in place following the 9/11 attacks. While DoD has invested a significant amount of effort in planning for terrorism, it had not defined certain roles and responsibilities called for by NRP and NIMS when the incidents occurred, and senior decisionmakers were not trained in their duties under this system. This forced DoD managers and senior leaders to respond with ad hoc decisions and actions.

As a result, RAND recommends that DoD

• Align preparedness and response models appropriately to the disease model: Prepare for a period of ambiguity about the incident, conduct appropriate environmental screening, and consider the upstream and downstream issues.
• Consider and plan according to the risk to and value of different facilities: Develop and apply appropriate methodology for assessing risk and value and plan for continuity of operations for critical or vulnerable locations.
• Conduct systemwide exercises to verify that plans will be implemented appropriately.
• Use the NRP and NIMS framework: Clarify roles, particularly of senior defense officials, to avoid confusion and/or dysfunction and facilitate improved coordination and communication with relevant jurisdictions.

While it could be argued that DoD officials made good decisions under the circumstances, there is little doubt that if a well-rehearsed, NRP- and NIMS-compliant plan had been in place, it would have produced much better results.