After the headline-making false missile alert that took place in Hawaii in January 2018, multiple government agencies have taken steps to determine who was at fault during the event and how such a mistake could be prevented in the future.
The Federal Emergency Management Agency and the Department of Homeland Security’s Office of Inspector General (OIG) were both involved in that process. The resulting report from the OIG now offers two specific recommendations aimed at improving the overall effectiveness of the IPAWS warning system.
The first proposed change would require state and local alerting authorities to implement emergency alert software with certain new capabilities. The second proposal would require that new training requirements be put into place for state, local, tribal and territorial alerting authorities.
Both proposed changes are designed to “enhance the effectiveness” of the IPAWS Program Management Office, the report said. Both proposed requirements are expected to be formally put into place by Oct. 31, 2019.
The first proposal will require software vendors to include critical functions in their proprietary emergency alerting software that FEMA previously identified and communicated back in 2015 and then again in 2018. FEMA will also begin to require alerting authorities to sign a Memorandum of Agreement with FEMA and obtain this updated commercially available emergency alert software from a list of FEMA’s pre-approved vendors. That MOA must be renewed every three years.
As it stands today, alerting authorities are required to purchase commercially available emergency alert software from a FEMA-approved vendor before they are able to send emergency alerts through IPAWS. But not all systems are the same; three years ago, FEMA determined that some systems were unable to perform what it called “certain critical functions.”
In a subsequent letter to vendors in February 2015, FEMA recommended that they ensure that their software include functions such as the ability to preview or cancel an alert, the ability to alert the user when the software license had expired, and other intuitive user interfaces.
Some vendors subsequently updated their software, others did not, the OIG report said. In response, in 2018 FEMA again sent a letter to vendors strongly encouraging them to ensure their software provided essential capabilities, which included ones in addition to those FEMA identified in 2015 — such as the ability to send an alert to multiple channels and for users to see alert histories and logs.
When it came to the false missile alert in Hawaii, none of those previously identified concerns were a factor, the OIG said. In that case, it was determined that although officials from the Hawaii Emergency Management Agency (HI-EMA) successfully canceled the alert, they were initially uncertain how to issue a second alarm aimed at correcting the erroneous first alarm. FEMA subsequently provided guidance that morning to HI-EMA officials on how to issue the correcting alarm.
And yet, even though the Hawaii false missile alert did not result from any of the concerns identified by FEMA, other examples abound as to the need for agencies to have these capabilities in emergency alert software, the OIG report said.
For example, a representative from the Pennsylvania Emergency Management Agency noted that the alerting software they purchased does not allow users to preview the actual message before sending. In another case, the state of Georgia intended to send an alert about a winter storm warning, but the message the public received was worded in a confusing manner and referenced a civil emergency, not a winter storm warning. In that situation, the alert software did not include the ability to cancel the message.
“Until FEMA requires vendors to include these functions, alerting authorities may face continued challenges in various aspects of the alerting process,” the report said.
Furthermore, FEMA said that its officials are also concerned about a lack of training from some software vendors. FEMA said it provides several online training opportunities specific to IPAWS, but it does not mandate vendors provide training to alerting authorities in their chosen emergency alert software.
“Nonexistent or inadequate system training for alerting authorities increases the potential for false or delayed alerts or cancellations, and other errors,” the OIG report said.
That led to the implementation of the second recommendation: requiring software vendors to provide agencies training on system functionality and capabilities.
While a lack of training was not a concern during the Hawaii false missile alert, other examples highlight the need to ensure alerting authorities receive training regarding their specific software, the OIG report said. For example, in June 2017, Florida authorities attempted to send a child abduction AMBER Alert to 54 separate locations but were unaware the emergency alert software only allowed dissemination to a maximum of 31 locations at a time.
Other steps may be forthcoming. In the wake of the Hawaii false alert, several U.S. senators introduced the Authenticating Local Emergencies and Real Threats (ALERT) Act in February 2018, which calls for the federal government to be solely responsible for alerting the public of a missile threat. The proposed legislation also aims to require FEMA to recommend best practices for procedures for officials to authenticate civil emergencies and initiate, modify, and cancel alerts. That legislation is currently being considered by several House subcommittees.