(BIVN) – The day shift warning officer who initiated the January 13 false missile threat alert in Hawaii believed that the missile threat was real, a preliminary Federal Communications Commission report says.
According to the remarks delivered during Tuesday’s open meeting of the Federal Communications Commission, James Wiley, the Attorney Advisor in the FCC’s Cybersecurity and Communications Reliability Division, noted that “because we’ve not been able to interview the day shift warning officer who transmitted the false alert, we’re not in a position to fully evaluate the credibility of their assertion that they believed there was an actual missile threat and intentionally sent the live alert.”
The FCC previously stated that the unidentified state emergency management employee who issued the mistaken threat message was not cooperating with federal investigators. However, Wiley reported today that “late last week the Hawaii Emergency Management Agency provided us with information from a written statement made by this individual shortly after the incident, which helped to improve our understanding of the events that led to the false alert.”
From Wiley’s remarks to the FCC:
In the early morning hours of January 13th, the Hawaii Emergency Management Agency’s midnight shift conducted a ballistic missile defense drill without incident. The supervisor of the midnight shift also decided to run a no-notice version of the drill during the transition to the day shift. The midnight shift supervisor specifically decided to drill at the shift change in order to help train the day shift’s warning officers for a ballistic missile defense scenario at a time when it would be challenging to properly respond.
At 8:00 a.m., Hawaii Standard Time, the Hawaii Emergency Management Agency conducted its a regularly scheduled shift change. When the supervisor of the day shift entered the agency, the supervisor of the midnight shift orally communicated the intention to conduct the ballistic missile preparedness drill. But there was a miscommunication. The incoming day shift supervisor thought that the midnight shift supervisor intended to conduct a drill for the midnight shift warning officers only (those ending their shift) – not for the day shift officers (those beginning their shift). As a result, the day shift supervisor was not in the proper location to supervise the day shift warning officers when the ballistic missile defense drill was initiated. At 8:05 a.m., the midnight shift supervisor initiated the drill by placing a call to the day shift warning officers, pretending to be U.S. Pacific Command. The supervisor played a recorded message over the phone. The recording began by saying “exercise, exercise, exercise,” language that is consistent with the beginning of the script for the drill. After that, however, the recording did not follow the Hawaii Emergency Management Agency’s standard operating procedures for this drill. Instead, the recording included language scripted for use in an Emergency Alert System message for an actual live ballistic missile alert. It thus included the sentence “this is not a drill.” The recording ended by saying again, “exercise, exercise, exercise.” Three on-duty warning officers in the agency’s watch center received this message, simulating a call from U.S. Pacific Command on speakerphone According to a written statement from the day shift warning officer who initiated the alert, as relayed to the Bureau by the Hawaii Emergency Management Agency, the day shift warning officer heard “this is not a drill” but did not hear “exercise, exercise, exercise.”
According to the written statement, this day shift warning officer therefore believed that the missile threat was real. At 8:07 a.m., this officer responded by transmitting a live incoming ballistic missile alert to the State of Hawaii. The day shift warning officer used software to send the alert. Specifically, they selected the template for a live alert from a drop-down menu containing various live- and test- alert templates. The alert origination software then prompted the warning officer to confirm whether they wanted to send the message. The prompt read, “Are you sure that you want to send this Alert?” Other warning officers who heard the recording in the watch center report that they knew that the erroneous incoming message did not indicate a real missile threat, but was supposed to indicate the beginning of an exercise. Specifically, they heard the words: “exercise, exercise, exercise.” The day shift warning officer seated at the alert origination terminal, however, reported to the Hawaii Emergency Management Agency after the event their belief that this was a real emergency, so they clicked “yes” to transmit the alert. Because we’ve not been able to interview the day shift warning officer who transmitted the false alert, we’re not in a position to fully evaluate the credibility of their assertion that they believed there was an actual missile threat and intentionally sent the live alert (as opposed to believing that it was a drill and accidentally sending out the live alert). But it is worth noting that they accurately recalled after the event that the announcement did say “This is not a drill.”
At 8:08 a.m., the mobile device of the warning officer who transmitted the alert sounded the Wireless Emergency Alert attention signal – distinct audible tones that announce a Wireless Emergency Alert – providing the first indication to those in the watch center that an actual alert had been transmitted to the public.
At 8:09 a.m., State Adjutant Major General Joe Logan, Director of the Hawaii Emergency Management Agency, notified Hawaii Governor David Ige that the agency had transmitted a false alert. At 8:10 a.m., the Director of the Hawaii Emergency Management Agency communicated to United States Pacific Command that there was no missile launch, confirming what Pacific Command already knew. The Hawaii Emergency Management Agency also notified the Honolulu Police Department that there was no missile launch. Based on our investigation to date, the Bureau believes that a combination of human error and inadequate safeguards contributed to this false alert.
The Cybersecurity and Communications Reliability Division offered these thoughts on the information gathered thus far:
With respect to human error, due to a miscommunication between the midnight shift supervisor and day shift supervisor, the drill was run without sufficient supervision. In speaking with the Bureau, other emergency management agencies stressed the importance of proper drill supervision, and that conducting a drill without proper supervision would not be tolerated. Further, the midnight shift supervisor initiated the drill by playing a recording that deviated from the script of the agency’s established drill procedure and included the phrase “This is not a drill.”
And finally, the warning officer at the alert origination terminal apparently failed to recognize that this was an exercise even though the other warning officers on duty understood that this was not a real emergency
With respect to inadequate safeguards, most importantly, there were no procedures in place to prevent a single person from mistakenly sending a missile alert to the State of Hawaii. While such an alert addressed a matter of the utmost gravity, there was no requirement in place for a warning officer to double check with a colleague or get signoff from a supervisor before sending such an alert. Additionally, the State of Hawaii appears to have been conducting an atypical number of no-notice drills, which heightened the potential for an error to occur. The Bureau’s investigation so far has revealed that while other emergency management agencies use no-notice drills under special circumstances, their common practice is to schedule drills in advance for a set date and time.
It is also troubling that Hawaii’s alert origination software did not differentiate between the testing environment and the live alert production environment. Hawaii’s alert origination software allowed users to send both live alerts and test alerts using the same interface, and the same log-in credentials, after clicking a button that simply confirmed “Are you sure you want to send this alert?” In other words, the confirmation prompt contained the same language, irrespective of whether the message was a test or an actual alert. The confirmation prompt also did not offer the officer another opportunity to review the text that is about to be sent. Further, Hawaii’s reliance on prepared templates stored in their alert origination software made it easy for a warning officer to click through the alert origination process without sufficient focus on the actual text of the alert message that he or she was about to send. In contrast, the Bureau’s investigation so far has revealed that common industry practice is to host the live alert production environment on a separate, user-selectable domain at the log-in screen, or through a separate application. Other alert origination software also appears to provide clear visual cues that distinguish the test environment from the live production environment, including the use of watermarks, color coding, and unique numbering Once the false alert was sent, the error was worsened by the delay in authoritatively correcting the misinformation. The Hawaii Emergency Management Agency had not anticipated the possibility of issuing a false alert and, as such, had failed to develop standard procedures for its response. It first sent out a correction using social media, rather than the same alerting systems that it used to transmit the false alert. Indeed, the agency was not immediately prepared to issue a correction using these systems. The agency also did not maintain redundant and effective means to communicate with key stakeholders during emergencies.