Hawaii missile alert triggered by one wrong click

library
crime | hacking | security

What amounts to a bad graphical user interface (GUI) – one that makes it too easy to click the “send the state’s population an emergency alert” option when you mean to click “test the emergency alert that sends people running for their lives” – terrified the population of Hawaii on Saturday morning.

The mistakenly sent emergency alert about an incoming ballistic missile was the first, adrenaline-gushing glitch. The second was that nobody at the state’s Emergency Management Agency (HI-EMA) corrected the error for a full 38 minutes.

According to the Washington Post, this tweet, from Rep. Tulsi Gabbard (D-Hawaii), was the first indication many received about the alarm being a glitch. She sent it out within about 15 minutes of the false alarm.

HAWAII – THIS IS A FALSE ALARM. THERE IS NO INCOMING MISSILE TO HAWAII. I HAVE CONFIRMED WITH OFFICIALS THERE IS NO INCOMING MISSILE. pic.twitter.com/DxfTXIDOQs

— Tulsi Gabbard (@TulsiGabbard) January 13, 2018

During the 38-minute delay between the emergency alert system sending the alarm and and its subsequent alert that the alarm had been false, the emergency message showed on phones and TVs and played on radio stations across the state.

As CNN reported, people sought shelter by crawling under tables in cafes, were ushered into military hangars, and huddled around TVs to watch the news for the latest developments. Some put their kids into the bathtub, others sought shelter in tunnels, while some tried to get to the airport to clear out before the heavens rained down ruin.

Apologies for the false alarm have come from HI-EMA and from Hawaii Gov. David Ige, who explained that the mistake was made “during a standard procedure at the changeover of a shift [when] an employee pushed the wrong button.”

The state has released a timeline (PDF) of the incident.

It shows that officials knew within 3 minutes of the alert going out that there had been no missile launch. They didn’t post notifications about the error until 8:20 a.m., when they published alert cancellations on their Facebook and Twitter accounts. It wasn’t until 8:45 a.m. that the emergency alert system issued the “false alarm” notification.

In the aftermath, Federal Communications Commission (FCC) boss Ajit Pai initiated an investigation, saying that the false alarm was “absolutely unacceptable”. Pai blamed Hawaii government officials, saying that they didn’t have “reasonable safeguards or process controls” that could have stopped the alert’s transmission.

HI-EMA says it has indeed started a review of cancellation procedures to “inform the public immediately if a cancellation is warranted.” Otherwise, we’ll get a reputation as the EMA who cried wolf, both the agency and Pai said. From HI-EMA:

We understand that false alarms such as this can erode public confidence in our emergency notification systems. We understand the serious nature of the warning alert systems and the need to get this right 100% of the time.

On Sunday, HI-EMA spokesman Richard Rapoza told the Chicago Tribune that the situation was particularly bad as there wasn’t a system in place to correct the initial error. The agency had standing permission through the Federal Emergency Management Agency (FEMA) to use civil warning systems to send out the missile alert, but not to send out a subsequent false alarm alert, he said.

That’s where that 38-minute lag came in, Rapoza said:

We had to double back and work with FEMA [to create the false alarm alert], and that’s what took time.

In the past there was no cancellation button. There was no false alarm button at all.

That part of the problem has already been fixed, Rapoza said:

Now there is a command to issue a message immediately that goes over on the same system saying ‘It’s a false alarm. Please disregard.’ as soon as the mistake is identified.

…Which leaves the “how do we keep these types of mistakes from happening in the first place” piece of the puzzle still to go. HI-EMA has said it’s suspended all internal drills until an investigation is completed.

Also, it’s initiated a requirement that two people are needed to activate and to verify tests and actual missile launch notifications.

The employee who made the mistake has been temporarily reassigned, but he won’t be fired, Rapoza said. Really, anybody could have made the same mistake, and that’s a problem with the procedures in place, not with the human who did what humans do: make mistakes.

Rapoza is right, of course, if a little late to the party. It isn’t news that poor design is a security and safety issue and the basic elements of good graphical user interface design have been understood for decades.

As interface design guru Don Norman wrote:

Bad design and procedures lead to breakdowns where, eventually the last link is a person who gets blamed, and punished.

… Does human error cause accidents? Yes, but we need to know what caused the error: in the majority of instances human error is the result of inappropriate design of equipment or procedures.

Follow @LisaVaas
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/cYqLA48O6dw/

Comments are closed.