Integrated Public Alert and Warning System (IPAWS) Practitioner Webinar Program
Collaborative Operating Group Basics
March 7th, 2012

Avagene Moore: Ladies and Gentlemen: Welcome to the March 7, 2012, IPAWS Practitioners Special 
Interest Group Webinar.   We are pleased to see you in our audience today and trust we will all benefit 
from the discussion.

As result of interaction with a good number of stakeholders around the country over the past few weeks, 
we designed today’s Webinar as a basic overview IPAWS program.  We are hopeful that you will listen 
closely and ask any questions you may have to clarify any point or process related to the successful 
implementation of the IPAWS Program.  

To help with our dialogue, Mark Lucero, Chief of IPAWS Engineering, is with us once again.   Mark will 
go over basic options for organizing Collaborative Operating Groups (COG) at different levels of 
government, and outline COG obligations under the Memorandum of Agreement with FEMA.  As Mark 
speaks, may I suggest you jot down any questions you may have and even refer to the slide number that 
relates to your question if that is helpful?  We sincerely want you to leave today’s Webinar with a better 
understanding of IPAWS and how it can work for you.  Your questions and comments will be 
constructive to us as well.

Also, Gary Ham, System Architect, is with us today.   Gary is here to help with your questions if needed.   
We always appreciate Gary’s assistance. 
 
We will take questions after Mark’s formal remarks.  Mark, thank you for being here today.  I now turn the 
floor to you.

[Slide 1]

Mark Lucero:  Thank you for joining us today.  It seems that many people are interested in IPAWS but 
have questions.  We now have nine alerting authorities and 22 COGs in process.  


[Slide 2]

We are going to talk about the basics of COGs and what you have to do to get a COG for your 
interoperability, and requirements for MOAs.  

[Slide 3]

A collaborative operating group is a virtual organization that helps you to do your job.  In order to use 
IPAWS you need to have a tool which is your interface.  You need to be able to create your group which 
could be based on geographic or geopolitical boundaries ranging from large to small.  

[Slide 4]

The person at the helm is the COG administrator.  This person can assign members to your COG.  
Someone in your COG would manage your people.  FEMA does not manage your people.  You should 
select members based on how you do business on a daily basis.

You establish your own policies as to who can be a member.  You need to develop your own SOPs.  
The third bullet gives you some ideas as to what kind of permissions you may want.

[Slide 5]
There are two things you can use your COG for.  The first is for information sharing.   If you are not 
sending alerts to the public you do not need alerting authority.  If you are sending alerts to the public you 
will need a state review.  If you are not alerting the public you can post messages to other COGs or 
members inside your COG.

[Slide 6]

The process for going through public warnings—you establish your COG and get a digital certificate.  A 
digital signature says that there is no question that you sent it.  There is no way anyone else could have 
sent it.

The particular tool or software you use may be different in terms of configuration.  Your software vendor 
will put the digital certificate in place.  There is a list of developers who have tools available for 
interoperability and public alerting.

Gary Ham:  Digital signatures guarantee that the message was sent by you and not somebody else.  If 
the message were to be intercepted during transit, the signature would be invalidated.  It protects you as 
the originator from someone who might change your message.

[Slide 7]

Mark Lucero: Each state is a little different. Some states determine who is allowed to send messages to 
the public and in other states the counties make their own decisions.  You will have to follow the rules of 
your state.  If you want to send messages to the public you will have to fill out a public alerting 
application.

On the application we will have to know which technologies you want to send messages through, where 
you intend to send messages, and what alerts you intend to send.  

[Slide 8]

The county or city may want to coordinate with the state EMA or official to get alerts to the public.   Most 
alerting takes advantage of emailing, faxing or calling someone to get approval to send a message.  
That can be facilitated through IPAWS with COG-to-COG alerting or by providing local access to a state 
system.  

[Slide 9]

States operate differently.  In a hybrid approach you might provide backup coverage for the state as a 
county or city.  The key is coordination to make the system work.  It could be the case that certain event 
codes can only be used by the state, such as Amber Alerts.

[Slide 10]

Home Rule means that the locality or county sets its own rules as to how alerts are sent out.  The county 
could manage your COG.  Again, coordination is needed. To send an alert to outside jurisdictions you 
could use IPAWS to send a message to the neighboring country.

[Slide 11]

A COG can be established multi-county or larger than your political boundary.  You may have mutual aid 
agreements that would be used to establish your COG.  COGs are flexible and you can create your 
COGs and membership to accommodate what you are trying to accomplish.  As a participating member 
you need to figure out how you want to use your COG and establish your rules for membership 
accordingly.

[Slide 12]

After you acquire your tool and have contacted FEMA, you will receive an MOA to sign.  If you don’t 
sign the MOA you do not get a digital certificate for public alerting.  You must change passwords every 
90 days.  You must have anti-virus software on your system and a password protected screensaver.  
These are security measures you are probably already using.

[Slide 13]

There are rules of behavior you must sign and abide by.  You cannot leave your laptop or computer 
accessible to others.  

[Slide 14]

If you lose your password or something has impacted your security practices, let us know.  We will do 
what is necessary to keep you protected.

[Slide 15]

Another requirement is for you and your members to complete a training program.  If you have your own 
security training program locally, use it.  There is a FEMA training program available.  There is EMI 
training for IPAWS available as well.

Once you do your training, we will keep a copy of the EMI certificate for the COG POC, but you will also 
want to keep records of your own training. In the event of a FEMA audit, you would need to have these 
documents.  

Your own internal training is very important.  You need to think about how you will train your message 
originators and COG members.  

[Slide 16]

Maintain your own policies and documentation.  Keep your signed behavior policies and training 
certificates.

[Slide 17]

Hopefully I have answered some questions and made you think of new ones.  Here are a few frequently 
asked questions:  

1. What types of sponsoring organizations are eligible to apply for a COG?  Right now our policy is to 
allow federal, state, territorial, tribal and local government organizations to apply for COGs.  The jury is 
still out on other organizations that provide services in times of need.

2. Is IPAWS mandatory for government agencies?  No.  

3. Where do I find software?  If you visit the IPAWS website there is a list of vendors who are testing or 
have who completed software.  There are other vendors we do not know about.  

4. Is grant funding available?  Yes. The grant money can be used to get an alerting tool.  

5. Will I be notified when the application process is complete?  Yes.

6. How do I know when my software system is ready to use?  There is a link to a handout with notations 
as to what readiness or capabilities these tools have.  If you are doing public alerting you want to use a 
tool that has posted a successful CAP 1.2 message.  

7. Does IPAWS interact with social media?  We are working with several social media like Facebook and 
Google to encourage them to develop interfaces with IPAWS.  We are working on a feed that can be sent 
by third party distributors based on geography or IPs.  

We have done a lot of work but this system will keep evolving to provide greater reach to the public.

[Slide 18]

That is all I’ve got.  I appreciate your attention.  I can open it up to any questions.

Avagene Moore: Thank you, Mark. And now to our Q&A.

Audience Question: Will there be a functionality that would allow for RSS feeds to be fed out of IPAWS 
based on FIPS codes? This way we can automatically feed watches and warnings to our web-based 
utilities.

Mark Lucero:  Yes.  We are working on a feed that can be disseminated to the public.  It is an Atom feed.  
Right now it is strictly for EAS participants but we are looking to expand that to all public alerts.  We 
don’t want the general public to be getting that feed but we want to establish agreements with developers 
to receive that feed and re-disseminate it.  That keeps the bills low for IPAWS and provides that 
capability for the public.  We should have that feed by summer.  Contact me if you are a developer and 
would like information about that.

Audience Question: What about neighboring states what type of agreement will have to be made with 
each other or will it be a default with COGS reference Slide 10

Mark Lucero:  There are a couple of ways that could happen.  If you have three states and a power plant 
near the border, you could create a COG for this area in all three states for information sharing.  Chances 
are each state would have its own alerting requirements but through this COG relationship you could 
make things known between the three states.  

Gary Ham:  The key is that there are two modes of distribution.  Both modes are valid.  COG-to-COG 
distribution means you put the ID of the COG you want to get the message in the address block and they 
get that message at that COG regardless of alerting authority.  The people who monitor those COGs 
have the responsibility to do public alerting in their area if necessary and allowed.

IPAWS allows your SOPs and your rules as to how you use these methods.  You can use private and 
public alerting based on the rules you have.  The technical ability is there.

Mark Lucero:  The short answer is that the COGs are flexible enough to work with other jurisdictions within 
the requirements of individual states.  As long as the authorizing entity is okay with who is sending alerts 
in their area that should apply.  

Audience Question: Except for CMAS, is the system operational? We are set up with software and all 
approvals.

Mark Lucero:  Yes.  The system is operational.  CMAS will begin to roll out April 7.  We have been 
posting which jurisdictions and states have gone through the process on the IPAWS website.  

Audience Question: Are there any jurisdictions out there that are leading the way in implementation of this 
software?

Mark Lucero: Yes, in particular New York City who participated in a CMAS demo on December 15.  
Florida is working on a statewide rollout.  Contact us if you want to participate.

Audience Question: Do I understand correctly, that COGs can contain members that can issue alerts and 
others that can only send or receive messages to other members of the same COG?

Mark Lucero:  That is correct.  If you establish a COG strictly to monitor what is going on and send things 
back and forth and you don’t want alerting going on, you can do that.

Gary Ham:  If you have members of the same COG and some may be authorized for public alerting and 
others that are not. It has to be enforced by your local software.  IPAWS manages certificates at the 
COG level, not the individual user level.

Mark Lucero:  Bring that question up to your vendor to adjust your permissions.  

Audience Question: Will jurisdictions at the city / county level be members of multiple COGS based on 
perceived risks at the state / regional level? Or is this handled with COG-GOG alerting?

Mark Lucero:  Chances are you wouldn’t have a person or organization members of multiple COGs.  It 
would most likely be COG-to-COG messaging but that is not cut and dried.  

Audience Question: Who shall be the certificate authority for the certificates?

Mark Lucero:  The root certificate is a FEMA root.  All certificates we send out are served from the FEMA 
root.  The issuer might be ENTRUST.  Send me an email and I can find an answer.

Audience Question: When is the cell phone alerting going to be made available? Once available, will we 
be allowed to conduct a 'TEST' alert to the public to let them know about the program, so when an actual 
alert takes place, they will know the alert is real and not a 'spam' text. If not, how do you suggest we 
advertise this to the public or will a National alert be sent to all cell phone users once available?

Mark Lucero:  Cell phone alerting is available now in New York City.  April 7 is a start date for cell carriers 
to begin rolling out the service.  A test would have to be coordinated.  A test was done in New York City.  
The carriers are a little reluctant to do live testing.   Give us a call and we will provide an outreach packet 
for emergency managers and public safety officials.

Audience Question: If a local EMC creates an alert message for the public, what kind of timeline is 
expected before approval and dissemination of that message? 

Mark Lucero:  In the testing we conducted in New York City it took three seconds from the hitting of the 
alert button to reaching the ADAM feed.  It was around 13 seconds to reach most individuals.  

Audience Question: Our experience shows us that some of our EAS messages are sent by a dispatcher 
in the PSAP. Are there any requirements that would preclude this practice continuing? Are there any 
special requirements needed to allow a dispatcher to send this message at the request of the authorized 
commander?

Mark Lucero:  It is possible.  You would want to establish SOPs and establish your COG members to 
include them.  Make sure they are trained and have access to alerting authority.

Avagene Moore: Mark, on behalf of the IPAWS Practitioners SIG, we thank you for the information 
shared with us today.  Gary, thanks for being with us too!

To you the audience – thank you!   We appreciate your presence, questions and interest.    Please note 
the contact information included on the closing slide.  We are available and willing to help if you contact 
us.   

The objective of our SIG Webinars is to keep you informed and updated as the IPAWS Program moves 
forward.  We hope you will join us each time we meet – you are important to the outcome of our mutual 
interests.   Please stay in touch with us.  

We look forward to our next SIG Webinar for Practitioners on Weds April 4th.   Please watch for a mail list 
notice of topic and speaker and make plans to join us!

Thank you all – the IPAWS Practitioner SIG is adjourned.