Reprinted from TV Technology.
Human error and inadequate safeguards contributed to the Jan. 13 false ballistic missile alert generated by the Hawaii Emergency Management Agency and transmitted to the public via the EAS and WEA systems, according to a preliminary report presented today during the FCC’s monthly open meeting.
The report, presented by James Wiley, attorney advisor at the FCC’s Cybersecurity and Communications Reliability Division, recounts the events of that Saturday morning and presents a timeline to put them into context.
The midnight shift supervisor at the Hawaii Emergency Management Agency “specifically decided to drill at the shift change” to assist in the training of the day-shift’s warning officers for a missile scenario “at a time when it would be challenging to properly respond,” the report said.
While the midnight supervisor verbally told the day-shift supervisor that a preparedness drill would be conducted, “a miscommunication” left that supervisor thinking the intention was to run the drill for the night-shift officers, it said. As a result, “the day shift supervisor was not in the proper location to supervise the day shift warning officers” when the drill began, the report said.
The midnight supervisor began the drill at 8:05 a.m. by pretending to be U.S. Pacific Command during a call to the day-shift warning officers. That supervisor played back a recording which began by saying “exercise” three times. However, it also included a sentence saying: “This is not a drill,” the report revealed.
A written statement from the day-shift warning officer who initiated the false alarm acknowledged hearing “This is not a drill” but not “Exercise, exercise, exercise.” Seated at the alert origination terminal, the day-shift warning officer “clicked ‘yes’ to transmit the alert,” the report said.
“In speaking with the bureau, other emergency management agencies stressed the importance of proper drill supervision, and that conducting a drill without proper supervision would not be tolerated,” the report said.
The report also concluded that the midnight shift supervisor played a recording that “deviated from the script of the agency’s established drill procedure,” specifically one that included the sentence “This is not a drill.” The other human error identified in the report was that of warning officer, who failed to recognize the message as part of an exercise while other warning officers on duty did, it said.
The report also laid out several inadequate safeguards that contributed to the false alarm being transmitted to the public, including:
The lack of procedures to prevent a single person from sending an erroneous missile alert;
No requirement to double check with a colleague or to get a supervisor to sign-off before sending the alert;
An “atypical number of no-notice drills” being conducted by the state, which increased the potential for error; and
No difference in the alert software used by the state to differentiate between a test and live alert, the lack of different system log-ins for test and live alerts and no unique confirmation language to emphasize that the message about to be sent would be a live alert.
Once the errant alert was sent, matters were made worse “by the delay in authoritatively correcting the misinformation,” the report said.
FCC Chairman Ajit Pai identified two things in particular that he found to be “most troubling” in a separate statement. “…[O]ur investigation has found so far: (1) Hawaii’s Emergency Management Agency didn’t have reasonable safeguards in place to prevent human error from resulting in the transmission of a false alert; and (2) Hawaii’s Emergency Management Agency didn’t have a plan for what to do if a false alert was transmitted,” Pai said.
“The public needs to be able to trust that when the government issues an emergency alert, it is indeed a credible alert,” he said. “Otherwise, people won’t take alerts seriously and respond appropriately when a real emergency strikes and lives are on the line.”