On Jan. 13 at 8 a.m., the Hawaii Emergency Management Agency (HEMA) began its ritual testing of the state emergency and wireless-emergency alert systems—testing that is completed three times daily. Five minutes later, a HEMA employee who was supposed to have initiated the drill version of the missile alert chose instead the actual version. The employee then confirmed the selection and two minutes later, citizens across Hawaii were informed of an incoming ballistic missile via mobile phones and televisions.
Over a span of thirty-eight minutes, an uninformed public (with the exception of Kaiser’s math teacher Mark Gardner, who nonchalantly continued his golfing game) went into chaotic disarray as people sought shelter in hotel basements and even storm drains. Text messages and phone calls expressing what some thought were their last goodbyes were frantically sent, and those with their family nearby prayed while hiding in bathtubs and garages. The false alarm did not only elicit great fear among Hawaii’s residents — at least four medical emergencies resulted, the worst of which was a Hawaii Kai resident who suffered a heart attack. Needless to say, this incident exposed the flaws of HEMA’s alert system as well as shed light on the disorganized procedures of the state agency.
Contrary to statements made by Governor Ige as well as several news articles, the HEMA employee intentionally “pressed the wrong button.” The accident initially began with the actions carried out by an incompetent midnight supervisor: an unplanned drill was initiated during a swapping of night to day-shift personnel. During this drill, the supervisor simulated a United States Pacific Command (USPACOM) phone call in which HEMA employees were told “Exercise, exercise, exercise.” However, the supervisor also strayed from the protocol script and stated, “This is not a drill!” causing one employee to believe there was an incoming missile attack. His actions led to HEMA’s second fault: the agency allowed an employee with a history of unsatisfactory performance to continue working. The Federal Communications Commission (FCC) investigation had found that the employee had been a “source of concern” for a decade. On two occasions, he had erroneously thought a real event was occuring during a drill. The worst part about the incident was that there was no cancellation command already in place that could have immediately informed the public that the alarm was false. So for thirty-eight minutes, panic ensued until the agency finally added a new link to their system, which conveyed that the message was a mistake to the public. If cancellation commands had been previously written, the thirty-eight minutes could have been reduced to just seconds.
A history of failures
Although the false missile alarm was by far the most disastrous HEMA incident, it was not the agency’s only incident. When HEMA tested all 386 of its sirens, 7% of those sirens failed to work properly; instead, an ambulance siren was emitted. Furthermore, in highly-populated Waikiki, the sirens could barely be heard. If that wasn’t enough indication of how incompetent the agency is, a password written on a Post-it note was mistakenly shown in a public photo released by the HEMA headquarters. Twitter users who zoomed in on the image were even able to read the password. Fortunately, the agency’s spokesman, Richard Rapoza, stated that the password wasn’t used for any major software. However, that doesn’t excuse the fact it was still used for an internal application.
An accident waiting to happen
Additionally, the design of the missile alert system was prone to human error eventually. This is because both the test and actual ballistic missile alert links were on the same page, and the label for each had only a one word difference. In other words, it would be extremely easy to confuse the drill and the actual alert. HEMA should have designated separate computers for tests and real alerts as well as multiple-user activation and verification to prevent this kind of careless error.
Although the false alarm caused widespread panic and stress among Hawaii’s residents, this erroneous alert could not have actually initiated a war between North Korea and the US. This is because the Federal Emergency Management Agency (FEMA), the agency that informs HEMA of any missile threat, does not receive its intel from Hawaii but rather from the US Northern & Pacific Commands and the US Strategic Command. Nonetheless, the false alarm still inflicted significant damage by eroding the public’s trust in the state. It is critical that HEMA improve upon its protocols and systems since Hawaii’s lives are in its hands.