Around 8 am local time on Jan. 13, Hawaiians received what will probably (hopefully) amount to the scare of their lifetimes. “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL” came through the emergency alert systems on cell phones all across the islands.
The good news is that this was a false alarm. But the bad news is that the ambiguity surrounding the alert isn’t the most comforting for a section of the country on edge over the escalating tensions between the U.S. and North Korea.
Hawaii Gov. David Ige claimed Saturday that alert was the result of an official simply “[pressing] the wrong button” during an employee shift change, but broader questions remain. Why didn’t I get the notification here in San Diego, well within the range of intercontinental ballistic missiles that North Korea has tested in recent months? And assuming you weren’t lucky enough to be on a beach in Hawaii when the alert went out, why didn’t the average U.S. citizen receive one where they live?
To understand today’s scare, it’s important to understand how our national emergency alert system functions. The National Incident Management System (NIMS) is the systematic approach laid out by the federal government for departments and agencies at all levels of government, nongovernmental organizations, and the private sector to prevent, respond to, recover from, and mitigate any and all kinds of incidents, no matter the size or scope. NIMS dictates that the initial authority for disaster response resides at the county level, so that’s where most Mass Notification Systems that participate in the Emergency Alert System network reside.
The Emergency Alert System network is layered between federal, state, county, and local authorities through a system called the Integrated Public Alert and Warning System (IPAWS) and controlled through the IPAWS Program Management Office at FEMA. The IPAWS PMO encourages partners to regularly test public alert and warning systems; in fact, the IPAWS Modernization Act of 2015, ratified in April 2016, requires IPAWS PMO to test the system not less than once every three years.
All systems compatible with IPAWS use the Common Alerting Protocol, an international standard, to send public alerts and warnings between systems and jurisdictions. State and local agencies, like Hawaii’s Emergency Management Agency (HI-EMA), have their own systems, produced by a variety of manufacturers, to alert the public when a natural or manmade disaster is occurring or imminent. These mass notification systems use a variety of mediums to communicate danger to wide (or very narrow) swaths of people: they’re capable of desktop alerts, text messaging, reverse 9-1-1, email, Wireless Emergency Alerts, announcement or siren over a loudspeaker, and more. All systems in use on bases, municipalities, and other agencies are IPAWS compatible but not all can send information two-way; most of the bases operate in a receive-only manner.
These systems, the modern version of the CONELRAD (Control of Electromagnetic Radiation) method of emergency broadcasting established in 1951 at the outset of the Cold War, are powerfully effective in their ubiquity and power. Mass notification systems happen to be excellent tools for public awareness, and required testing can take any form. On many military bases, for example, the systems are tested each morning and night by using loudspeakers to play colors. Pretty smart, eh?
The specific kind of alert that Hawaiians received while they slept in or ate breakfast this morning was a Wireless Emergency Alert (WEA). WEAs use a different technology than voice calls or text messages and can only be used in three situations: 1. Alerts issued by the President; 2: Alerts involving imminent threats to safety or life; or 3: Amber Alerts. Participating carriers may block all but Presidential alerts.
The good news about WEAs are that they are location specific: even if you happened to be a tourist visiting Hawaii this morning, you would’ve received the alert (so long as your carrier participates). Carriers who do not participate are required to notify consumers, but the major carriers have all opted in. But the big problem, obviously, is that they’re more subject to human error than their military counterparts.
Now, civilian agencies probably don’t have the capability to detect ballistic missile launches, so in a real-life incident that message would have to come from the military, likely U.S. Pacific Command (PACOM) headquartered right there in Hawaii. PACOM would notify their base Emergency Operations Center (EOC) who would pass it up to the Regional EOC. Of note, the bases usually don’t have control of the WEA tech and can notify only those registered in their systems (but can receive all IPAWS notifications). Because of that, the base or regional EOC would have to notify Hawaii EMA for transmission. That didn’t happen today because there wasn’t a ballistic missile inbound.
The governor of Hawaii claims that during a shift change, an operator simply hit the wrong button. Well, it doesn’t exactly work that way. These alerts are not actuated by physically pushed buttons because the number of buttons that would require, for all of the different types of alerts, would be unwieldy. An operator would either type in the desired alert (or select from canned messages), select which communications mediums they’d like to use and the populations they’d like to alert, and then hit “send” and then again confirm that they really want to send that message. The canned messages might be available as electronically selectable on a computer screen (like a Windows button) but a “confirm” dialogue would still be required.
Time will tell what really happened, but as a Certified Emergency Manager (CEM) who helped set up the Mass Notification System for a major military base, I know that what likely occurred was a serious breach in procedure at Hawaii EMA. The authority who issued today’s alert and then took 40 minutes to send a retraction on WEA. PACOM immediately released a message saying that there was no threat, so why didn’t Hawaii EMA immediately send a retraction via WEA? There are serious implications associated with false alerts. What happens when an alert about a tsunami, wildfire, or active shooter are real and people ignore them?
Maybe we were hacked, as some have alleged, but probably not. No matter what happened, someone must be held accountable for this egregious breach of professionalism — and that person is almost definitely sitting at HI-EMA. Let’s hope that this scare motivates agencies across the nation to take a look at their own procedures. And let’s hope Gov. Ige holds his team accountable.