Conduit Street

Hawaii’s False Missile Alert: Lessons Learned (Part 1 of 2)

Washington Post article (2018-01-13) reported that the state of Hawaii issued an emergency alert on January 13, 2018, that warned of an incoming ballistic missile attack. The alert turned out to be a false alarm but briefly caused a public panic until the alert was retracted 38 minutes after it was sent. While it was ultimately determined that the alert was caused by human error and failures in Hawaii’s emergency alert procedures, initial speculation raised the possibility that Hawaii’s emergency alert contact lists had been hacked or compromised.

MACo will examine the Hawaii alert situation and discuss how it is relevant to both Maryland and its counties in a two part blog article. Part 1 (this part) will discuss what happened and highlight the importance of protecting the contact information of residents. Part 2 will explore the shortcomings in Hawaii’s emergency alert system and provide lessons learned for Maryland’s local governments.

WHAT HAPPENED

The article noted that at approximately 8:07 am, the Hawaii Emergency Management Agency sent the following cellphone alert: “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.” The alert appeared to have been accidentally activated by an Agency employee during a shift change. While the Agency tweeted that there was no actual missile threat at 8:20 am, a second text alert retracting the previous alert was not sent until 8:45 am. The article stated that the message caused a brief panic in some residents and tourists while others appeared to have no idea what was happening. From the article:

“I literally sent out ‘I love you’ texts to as many family members as I could. It was all kind of surreal at that point,” [Honolulu resident Noah] Tom, 48, told The Washington Post. He made the difficult decision of turning the car toward home, where his two youngest children were. “I figured it was the largest grouping of my family.” …

 

Back on shore, there was no panic, just vacationers and others wondering why there was no immediate coverage on restaurant televisions or local radio.

THE AFTERMATH
Unsurprisingly the false alarm resulted in calls for a thorough investigation from both state and local Hawaii officials. The article indicated that the Federal Communications Commission (FCC) also plans to conduct an investigation. Both the Agency and other emergency management agencies throughout the United States plan on reviewing their alert procedures and if necessary making changes to avoid a similar situation. Part 2 of this series will examine the procedural and communication lessons the Hawaii incident poses to county emergency management agencies.
PROTECTING EMERGENCY ALERT CONTACT INFORMATION
While the cause in this particular incident was human error, it is also critical for states and local governments to protect their emergency contact information. As part of their 2018 legislative initiatives, both MACo and the Maryland Municipal League are introducing legislation to prohibit the release of an individual’s personal contact information (street address, email address, or telephone number) under the Maryland Public Information Act where that information was solely provided or gathered to create an alert, notice, or news distribution list. This prevents residents from being spammed with unwanted messages,  or worse, false alerts that are made to look like official notices. MACo believes this makes sense from both a security and privacy perspective.