On Saturday morning the residents of the US state of Hawaii received a terrifying message on their mobile phones:
"BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL."
A similar message was broadcast on television and radio stations.
"If you are indoors, stay indoors. If you are outdoors, seek immediate shelter in a building. Remain indoors well away from windows. If you are driving, pull safely to the side of the road and seek shelter in a building or lay on the floor."
The people of Hawaii must have been petrified. After all, just last month, Hawaii started testing its nuclear warning sirens for the first time since the Cold War. And since then United States and North Korean leaders have been trading insults with each other about the "bigness" of their nuclear buttons.
Thankfully, the alert was a false alarm. An employee of the Hawaii Emergency Management Agency had pressed the wrong button, as a spokesperson explained:
"Somebody clicked the wrong thing on a computer....We needed a cancellation procedure. So basically we’re going back and checking all of our processes. We're aware that our credibility is vital. We’re doing everything we can to reassure the public that this was a one-time error, that it will not happen again."
The Washington Post sheds some more light on what went wrong:
Shortly after 8 a.m. local time Saturday morning, an employee at the Hawaii Emergency Management Agency settled in at the start of his shift. Among his duties that day was to initiate an internal test of the emergency missile warning system: essentially, to practice sending an emergency alert to the public without actually sending it to the public.
Around 8:05 a.m., the Hawaii emergency employee initiated the internal test, according to a timeline released by the state. From a drop-down menu on a computer program, he saw two options: "Test missile alert" and "Missile alert."
This sounds like terrible user interface design to me. Why have the genuine "Jeez Louise! Freak out everybody!" option slap-bang next to the harmless one labelled "Test the brown alert"?
Even though the menu option still required confirmation that the user really wanted to send an alert, that wasn't enough, on this occasion, to prevent the worker from robotically clicking onwards.
The sending of the false alert wasn't the only problem. The scare was compounded by how long it took for the equivalent of a "Whoops, sorry. We shouldn't have sent that alert. Don't panic" message to be sent to the Hawaiian population: 38 minutes.
You see, the Hawaii Emergency Management Agency is allowed to send out missile alerts via the civil warning system, but it didn't have permission to send out a correction. D'oh!
That meant it took until 8:45am local time for the wording of the correction to be approved by FEMA, the Federal Emergency Management Agency.
Meanwhile, as Alia Wong of The Atlantic vividly describes, the people of Hawaii went through a horrendous experience:
Matthew LoPresti, a state representative whose district is very close to Pearl Harbor (the likely target of a hypothetical bomb), recalled putting his young daughters, who are 4 and 8, in the bathtub, attempting to explain what was happening, and telling them to pray. "I couldn’t even get through a Hail Mary without my phone going off," LoPresti, who is the vice chair of the House public-safety committee, told me. "As I sat there with my kids... I was going between this doesn’t really feel real and this is actually what it would feel like. It’s unbelievable that weapons would bring this kind of destruction."
What can we learn from this horrific false alarm?
We should remember that it's only human to make mistakes. Each and every one of us goofs up every day - the only difference is that for most of us it doesn't make international headlines. We shouldn't beat up on whatever poor soul made this error, but instead look at what could have been done to make their human error less likely.
Poor user interface appears to have played its part in the erroneous alert.
There was an "are you sure?" message, but the user clicked it anyway. Clearly the "are you sure?" last-chance-saloon wasn't worded carefully enough, or didn't stand out sufficiently from the regular working of the interface, to make the worker think twice.
The authorities have already said that they are putting systems in place to reduce the likelihood of such a monumental goof occurring again. For instance, in the future genuine alerts will need to be authorised by a second employee to reduce the chances of a single user sleep-walking through the process.
In addition, a system has been put in place to incorporate a "Whoops!" button, which will mean that if an alert is sent out in error in future, it can quickly be followed by an "It’s a false alarm. Please disregard" message before too much harm is done.
For further discussion of this issue be sure to check out this episode of the "Smashing Security" podcast:Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.