This past weekend, people in the state of Hawaii experienced some excitement when an emergency alert was disseminated state-wide. Although sent in error, it was a scary 38 minutes between the receipt of this text message: BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL, and the subsequent message explaining it had been a mistake.
Three days later, a freakishly similar alert mistake occurred in Japan, in that case under the auspices of the Japanese national news broadcaster NHK. That alert was corrected 10 minutes after being sent. A spokesman for NHK apologized that “staff had mistakenly operated the equipment to deliver news alerts over the internet.”
We are all jumping a bit squirrely these days. There has been lately more talk of the threat of nuclear missile strikes since the Cold War.
Last month, Hawaii had in fact begun monthly tests of its nuclear attack warning system. It was implemented days after North Korea claimed that their newest intercontinental ballistic missiles could reach the U.S. In addition to the automated text message alerts, a 50-second Attack Warning tone will be sounded on the first business day of every month. This in conjunction with the regular siren tests warning resident of hurricanes and tsunamis, per the FEMA.
There are some problems here. In the case of natural disasters, having an alarm sound at a prescheduled day and time is fine. Mother Nature isn’t going to schedule her storms based on anything humans do. But an alarm for a terror attack… if you were North Korea and actually serious about sending over a missile, wouldn’t you surely do it on that day.
The Hawaii mistake revealed a number of problems and insofar as it was a test, that is a good thing at the end of the day.
Lack of Preparedness. Many Hawaiians – both civilians and governmental employees – claimed they did not know what to
do or where to go. More information needs to be sent out and individuals prompted to
Common Sense Tools. The computer interface that the Hawaii Emergency Management Agency uses is as user unfriendly as it gets. The links the technician had to click were on a list similar to this one. Instead of chasing DRILL PACOM (CDW) – STATE ONLY he chose the live one, sans DRILL. Given the haphazard design of the list, it’s easy to see how this might happen. Especially so since the drills are new. Although the protocol has been changed to now requiring two people to send any message, among the better fixes is simply programming that requires the user to type in, for example: “send test message” That could surely have done the trick.
Testing is Really Important. The mistake scenario incurred by Hawaii was surely better than if a wrong alert was sent out during an actual attack.
Security vulnerabilities always seem related to human error and a lack of for lack of a better word, creativity. Conversely, it’s important to think that the security solutions likewise belong to the human element and to adversarial thinking outside the box.