Trouble in Paradise: Hawaii Emergency Mismanagement

By Jack Giardina on January 26, 2018

mobile phone with missile warning
Source: Wired

On Saturday January 13, 2018, people in the Hawaiian islands found themselves in the midst of a large-scale panic when an emergency alert for a ballistic missile attack was broadcasted statewide.  An official all clear message was issued 38 minutes later to both residents and visitors of the islands.  However, not long after the collective sigh of relief came questions and demands regarding exactly what went wrong.  According to Hawaii Governor David Ige, the error occurred when the alert system was being tested during a shift change at the Hawaii Emergency Management Agency (HEMA).  The test was typically performed twice each day, and Saturday a single employee’s mistake highlighted a breakdown at multiple levels.  HEMA officials struggled to relay an official message broadcasting the false alarm, the Governor scrambled to reset his Twitter password in an attempt to get word out, and dozens of others who knew the truth helplessly looked on as millions panicked.  Human error in critical situations is practically unpreventable, however having a system in place that significantly reduces the probability of such events is imperative.


Alert System User Interface (UI) Design:

Shortly after the incident, the Honolulu Civil Beat circulated an image on social media that was said to be a screenshot of the interface a HEMA employee used to issue the alert.  The image includes a very primitive and poorly designed UI where real-world alerts and drill alerts are mixed together seemingly at random.  The false alarm option was added to the screen later as it was notably absent prior to Saturday’s meltdown.

HEMA test interface
Source: Honolulu Civil Beat

Several days later HEMA put out a statement disputing the validity of the above image, pointing out that they couldn’t publicize the actual screen due to security concerns.  Another mock-up was then provided to the public by HEMA that more accurately reflects what the real interface looks like.

HEMA test interface
Source: Honolulu Civil Beat

Both the first and the second system designs have been widely criticized and for good reason.  The mock-ups are lacking not only in their design, but also in terms of basic security controls.  The more ‘accurate’ mock-up that was released highlights a critical failure by HEMA to grasp the importance of security as they again displayed many of the same flaws only with some color and fancy font thrown in.

Safeguards that should have been in place:

  • Defense in Depth – Multiple levels of security designed to protect assets or processes.
    • Segmentation
      • By coding multiple menus into a system (one for drill alerts, one for real-world alerts), the chance of error can be significantly reduced and the test process simplified.
    • Two-man rule
      • Requiring a second party to authenticate critical processes performed by another further minimizes the likelihood of a mistake.  Two-stage menus (HEMA had these in place) can also provide a level of security however a second party is much more effective.
    • Standardization
      • Standardization of processes is a crucial factor when accuracy is a priority.  The organization of groups, menus, lists, messages (EXERCISE EXERCISE EXERCISE), and buttons minimizes the risk of confusion at key moments and allows systems to become more intuitive.

Where do we go from here?

If anything can be learned from the alert fiasco it’s that we (the state of Hawaii) were simply not prepared for an incident like this.  Rather than directing ire, time, and energy at a single employee who failed to perform his job correctly or at forgotten Twitter passwords, it’s more important that we focus on fixing on our processes moving forward.  Regardless of whose responsibility it is to notify the public of an impending disaster, best practices must be utilized to ensure that our systems work correctly when it matters most.