The FCC’s Public Safety and Homeland Security Bureau today released its final report on a false ballistic missile alert in Hawaii in January (TR Daily, Jan. 16), concluding “that a combination of human error and inadequate safeguards” were contributors to the error and making about a dozen recommendations to prevent future occurrences anywhere in the U.S.
The false alert was sent via the Emergency Alert System (EAS) and by wireless emergency alert (WEA) by a shift warning officer at the Hawaii Emergency Management Agency (HI-EMA) who thought the alert was real instead of only a test. It took the agency 38 minutes to send a corrected alert, although authorities used social media and the news media to get the word out earlier that the alert was not real.
The Public Safety Bureau presented a preliminary report to Commissioners on the incident on Jan. 30 (TR Daily, Jan. 30), and at a Senate field hearing in Hawaii last week, an official outlined the conclusions and recommendations in the report released today (TR Daily, April 5).
“As set forth in greater detail below, the Bureau finds that a combination of human error and inadequate safeguards contributed to the transmission of the January 13 false alert,” according to the 28-page final report. “Neither the false alert nor the 38-minute delay to correct the false alert would have occurred had Hawaii implemented reasonable safeguards and protocols before January 13, 2018, to minimize the risk that HI-EMA would issue a false alert, and to ensure that HI-EMA would be able to issue a rapid correction of any false alert that was delivered to the public.”
The report also said that “it took HI-EMA until 8:20 a.m. (HST), 13 minutes after the initial alert, to provide the public with the first authoritative announcement over social media that this was a false alarm, and 38 minutes to issue a correction using EAS and WEA.”
The report said there was congestion in the wake of the false missile alert getting through to 911 and many calls were not connected.
“State and local officials, as well as HI-EMA, also struggled to notify the public that the ballistic missile alert was erroneous,” it said. “The Hawaii Preparedness Report observed that ‘[k]ey government personnel were unable to communicate with each other on January 13, 2018[,] because wireless networks were saturated.’ Regarding HI-EMA, the Bureau’s investigation found that the surge in phone calls from the public into HI-EMA’s phone lines overwhelmed the agency’s limited staff and contributed to delays in answering phone calls. While network congestion may have precluded government officials from contacting each other and the public from reaching HI-EMA through the ordinary phone lines, priority communications services would have enabled government officials and HI-EMA staff to place and receive calls during this event.”
But the report said that no HI-EMA employees used the Government Emergency Telecommunications Service (GETS) or the Wireless Priority Service (WPS), which are designed to enable national security and emergency personnel to have priority phone access during emergencies.
“HI-EMA stated that its employees have access to GETS/WPS. It noted, however, that no HI-EMA staff member reported use of GETS/WPS during the 38-minute interval between the false alert and the corrected message,” the report said. “The Bureau’s investigation concluded that any inability of HI-EMA staff to reach headquarters was caused by the inability of HI-EMA staff to handle the surge of calls and not the result of GETS/WPS non-functionality. The Bureau’s investigators did not find any evidence that GETS/WPS did not work as intended for HI-EMA employees or any other emergency responder; rather it seems that GETS/WPS were not used by HI-EMA. DHS, however, informed the Bureau that GETS/WPS successfully facilitated 19 calls on January 13, 2018, though DHS did not identify the callers. The Bureau also did not find that network congestion prevented HI-EMA staff from communicating with state and local authorities to correct the false alert, or with FEMA to confirm the use of a CEM code to correct the false alert.”
The report detailed these actions that HI-EMA has taken in the wake of the false alert: (1) requiring drills to be overseen by a supervisor, (2) implementing a two-person activation/verification policy for tests and real notifications, (3) creating templates to correct false alerts, (4) asking its vendor to include improvements in the next version of its alert software, (5) suspending state ballistic missile drills, and (6) naming a new Hi-EMA administrator.
The bureau also makes recommendations to help prevent false alerts in the future in Hawaii or elsewhere. It said that state, local, tribal, and territorial emergency management agencies should (1) “[c]onduct regular internal tests in a controlled and closed environment, such as through the FEMA IPAWS Test Lab, to maintain proficiency with alerting tools, to exercise plans and procedures, and to identify opportunities for improvement in a manner that does not affect the public”; (2) “[r]equire more than one credentialed person to validate the message content prior to transmission of a ballistic missile alert or other high-impact alerts that affect a significant percentage of the population, as well as all tests”; (3) “[d]irect alert origination software providers to [i] separate live alerts from test environments and [ii] include a prompt that uses specific language to confirm whether to issue a ballistic missile alert or similar alert or test message”; (4) “limit employee permissions to create or modify any internal drill message”; (5) “[d]evelop, in a manner consistent with the Commission’s rules, protocols governing tests, uses, and corrections to alerts that are sent to the public over the EAS and WEA”; (6) “[r]equire supervisor approval and supervision of internal tests and proficiency training exercises”; (7) “[d]evelop and memorialize standard operating procedures for responding to false alerts within their jurisdictions”; (8) “[f]or public-facing alerts and tests, have a plan in advance on how to use social media as a complementary means of communications, and integrate any plans to use social media into standard operating procedures, so that emergency managers know in advance how to use all available communications tools in a coordinated manner to improve public situational awareness and understanding”; (9) “[c]arefully consider the use and frequency of no-notice drills and ensure appropriate supervision of no-notice drills and consistency with internal test protocols”; (10) “[c]onsult with SECCs [state emergency communications committees] on a regular basis — at least annually — to ensure that EAS procedures, including initiation and cancellation of actual alerts and tests, are mutually understood, agreed upon, and documented in the State EAS Plan”; and (11) “[e]stablish redundant and effective lines of communication with key stakeholders during emergencies, including by utilizing GETS cards and WPS, so that they can rely on planned workarounds in the event their phone lines become congested during emergencies.”
The report said the bureau “will follow up on these recommendations by engaging in additional outreach and education to help state emergency management agencies, EAS Participants, wireless providers, SECCs, consumers and other stakeholders better understand the current and expected capabilities of EAS and WEA. In this regard, the Bureau plans to partner with FEMA in conducting a joint webinar to help ensure stakeholders have the information they need to take full advantage of these valuable public safety tools. The Bureau will also convene a roundtable with state emergency managers, consumer groups, communications service providers, and other stakeholders to discuss the lessons that should be learned from this incident.”
The roundtable is scheduled to be held on May 15, the bureau announced in a public notice today.
In a statement on the report, Commissioner Jessica Rosenworcel, said, “As last week’s field hearing convened by Senator Brian Schatz made clear, the January 13 false missile alert in Hawaii was unacceptable. As I said in my testimony, it is essential that we address what went wrong and put policies in place so this does not happen again in Hawaii or anywhere else. Indeed, as today’s Public Safety and Homeland Security Bureau’s Final Report shows, the false alert was the result of multiple human and operational failures. To make matters worse, it took a full 38 minutes to correct the error. Fixing this should be a top priority – from working to promote best practices to establishing a mechanism for false alert reporting. We have our work cut out for us.”- Paul Kirby, firstname.lastname@example.org