Hawaii’s ballistic missile false alarm and a user interface failure

"Somebody clicked the wrong thing on a computer."

Hawaii's ballistic missile false alarm

On Saturday morning the residents of the US state of Hawaii received a terrifying message on their mobile phones:

BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.”

A similar message was broadcast on television and radio stations.

“If you are indoors, stay indoors. If you are outdoors, seek immediate shelter in a building. Remain indoors well away from windows. If you are driving, pull safely to the side of the road and seek shelter in a building or lay on the floor.”

The people of Hawaii must have been petrified. After all, just last month, Hawaii started testing its nuclear warning sirens for the first time since the Cold War. And since then United States and North Korean leaders have been trading insults with each other about the “bigness” of their nuclear buttons.

Thankfully, the alert was a false alarm. An employee of the Hawaii Emergency Management Agency had pressed the wrong button, as a spokesperson explained:

Somebody clicked the wrong thing on a computer.…We needed a cancellation procedure. So basically we’re going back and checking all of our processes. We’re aware that our credibility is vital. We’re doing everything we can to reassure the public that this was a one-time error, that it will not happen again.”

The Washington Post sheds some more light on what went wrong:

Shortly after 8 a.m. local time Saturday morning, an employee at the Hawaii Emergency Management Agency settled in at the start of his shift. Among his duties that day was to initiate an internal test of the emergency missile warning system: essentially, to practice sending an emergency alert to the public without actually sending it to the public.

Around 8:05 a.m., the Hawaii emergency employee initiated the internal test, according to a timeline released by the state. From a drop-down menu on a computer program, he saw two options: “Test missile alert” and “Missile alert.”

This sounds like terrible user interface design to me. Why have the genuine “Jeez Louise! Freak out everybody!” option slap-bang next to the harmless one labelled “Test the brown alert”?

Even though the menu option still required confirmation that the user really wanted to send an alert, that wasn’t enough, on this occasion, to prevent the worker from robotically clicking onwards.

The sending of the false alert wasn’t the only problem. The scare was compounded by how long it took for the equivalent of a “Whoops, sorry. We shouldn’t have sent that alert. Don’t panic” message to be sent to the Hawaiian population: 38 minutes.

You see, the Hawaii Emergency Management Agency is allowed to send out missile alerts via the civil warning system, but it didn’t have permission to send out a correction. D’oh!

That meant it took until 8:45am local time for the wording of the correction to be approved by FEMA, the Federal Emergency Management Agency.

Meanwhile, as Alia Wong of The Atlantic vividly describes, the people of Hawaii went through a horrendous experience:

Matthew LoPresti, a state representative whose district is very close to Pearl Harbor (the likely target of a hypothetical bomb), recalled putting his young daughters, who are 4 and 8, in the bathtub, attempting to explain what was happening, and telling them to pray. “I couldn’t even get through a Hail Mary without my phone going off,” LoPresti, who is the vice chair of the House public-safety committee, told me. “As I sat there with my kids… I was going between this doesn’t really feel real and this is actually what it would feel like. It’s unbelievable that weapons would bring this kind of destruction.”

What can we learn from this horrific false alarm?

We should remember that it’s only human to make mistakes. Each and every one of us goofs up every day - the only difference is that for most of us it doesn’t make international headlines. We shouldn’t beat up on whatever poor soul made this error, but instead look at what could have been done to make their human error less likely.

Poor user interface appears to have played its part in the erroneous alert.

There was an “are you sure?” message, but the user clicked it anyway. Clearly the “are you sure?” last-chance-saloon wasn’t worded carefully enough, or didn’t stand out sufficiently from the regular working of the interface, to make the worker think twice.

The authorities have already said that they are putting systems in place to reduce the likelihood of such a monumental goof occurring again. For instance, in the future genuine alerts will need to be authorised by a second employee to reduce the chances of a single user sleep-walking through the process.

In addition, a system has been put in place to incorporate a “Whoops!” button, which will mean that if an alert is sent out in error in future, it can quickly be followed by an “It’s a false alarm. Please disregard” message before too much harm is done.

For further discussion of this issue be sure to check out this episode of the “Smashing Security” podcast:

Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

Tags: ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

,

6 Responses

  1. Colin R

    January 16, 2018 at 7:47 am #

    Let’s hope the user interface design of the nuclear firing option is different!

    • Dan S in reply to Colin R.

      January 18, 2018 at 9:50 am #

      More saliently, let’s hope that the military’s missile defence command and control infrastructure is more robust. Presumably there’s some kind of parallel system to alert commanders of an incoming attack for possible retaliation. If that works in a similar way, we’re in real trouble.

  2. aitchjayem

    January 17, 2018 at 1:10 am #

    Another comprehensively explanatory article with a delicious dose of wit :) A *learning opportunity* indeed and perhaps also an assurance that there are substantive controls in place so that the gentleman with the “even bigger” button was not able to take immediate retaliatory measures.

  3. Michael Webb

    January 17, 2018 at 4:04 am #

    No matter what reasonable answer there may be, the lunatic fringe is going to blame President Trump anyway. They already have.

  4. Matthew Parkes

    January 19, 2018 at 2:00 pm #

    Does the lunatic fringe include the tin foil hat brigade? This story is already circulating the UFO conspiracy channels on youtube. Apparently it was not an error but a test by the government to gauge a population’s reaction. Apparently it was also linked to the highly classified unknown payload of the most recent SpaceX rocket launch which is allegedly spy satellites or some form of defence hardware for the impending alien invasion heralded by strange happenings in the skies over Hawaii, Michigan and parts of the UK in recent days oh boy!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.