From the first Morning Jolt of the week:
Incompetence Is More Frightening Than Hackers
I spent much of Saturday wondering if the false warning of an imminent ballistic missile strike on Hawaii was the work of malicious hackers. That scenario would be strangely preferable, having a malevolent entity to blame, instead of accepting that the entire system for warning the public really can be activated by one employee pressing the wrong button, as the state’s governor described it.
Apparently it wasn’t even a button; it was a drop-down menu on a computer screen.
Shortly after 8 a.m. local time Saturday morning, an employee at the Hawaii Emergency Management Agency settled in at the start of his shift. Among his duties that day was to initiate an internal test of the emergency missile warning system: essentially, to practice sending an emergency alert to the public without actually sending it to the public.
Around 8:05 a.m., the Hawaii emergency employee initiated the internal test, according to a timeline released by the state. From a drop-down menu on a computer program, he saw two options: “Test missile alert” and “Missile alert.” He was supposed to choose the former; as much of the world now knows, he chose the latter, an initiation of a real-life missile alert.
“In this case, the operator selected the wrong menu option,” HEMA spokesman Richard Rapoza told The Washington Post on Sunday.
Around 8:07 a.m., an errant alert went out to scores of Hawaii residents and tourists on their cellphones: “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.” A more detailed message scrolled across television screens in Hawaii, suggesting, “If you are indoors, stay indoors. If you are outdoors, seek immediate shelter in a building. Remain indoors well away from windows. If you are driving, pull safely to the side of the road and seek shelter in a building or lay on the floor.”
Imagine getting that text, turning on the television for some sort of confirmation or reassurance that it was only a drill, and finding the same message running across the top of the screen, with a pre-recorded voice repeating the warning. No wonder Hawaiians were terrified; they awoke to find themselves in the early scenes of The Day After.
If it hadn’t been terrifying, it would have been comic; having scared the bejeebers out of most residents in the state, the state agency couldn’t quickly figure out a way to tell everyone it had been a false alarm:
Part of what worsened the situation Saturday was that there was no system in place at the state emergency agency for correcting the error, Rapoza said. The state agency had standing permission through FEMA to use civil warning systems to send out the missile alert — but not to send out a subsequent false alarm alert, he said.
The Hawaii Emergency Management Agency said it has also suspended all internal drills until the investigation is completed. In addition, it has put in place a “two-person activation/verification rule” for tests and actual missile launch notifications. On Saturday, Ripoza said, the employee was asked in the computer program to confirm that he wanted to send the message. In the future, a second person will be required for confirmation.
Our John Fund asks a fair question: if this sort of mistake doesn’t get you canned, what does?
“This guy feels bad, right. He’s not doing this on purpose. It was a mistake on his part and he feels terrible about it,” explained Hawaii EMA administrator Vern Miyagi, a former Army major general. But Miyagi declined to say that the staffer would face any disciplinary actions. Richard Rapoza, the official spokesman for EMA, declined to identify the errant employee and added, “At this point, our major concern is to make sure we do what we need to do to reassure the public. This is not a time for pointing fingers.”
Actually, it is. In the Air Force my father served in for some 20 years, anyone who committed such a blunder would have been demoted or cashiered — along with any superior officer, such as Miyagi, who had failed to put in place redundancies to prevent such a fiasco. That kind of accountability strikes me as a pretty good way to start to “reassure the public.” It’s not as if EMA didn’t have any clues something was potentially wrong. The Honolulu Star-Advertiser reported that while 93 percent of test alerts issued last month had worked, some could hardly be heard and a dozen mistakenly played an ambulance siren.
See? Hackers would be a more reassuring explanation.