The Hawaii Saga

I simply don’t think I can refrain from some extended commentary on the Hawaii missile notification incident any longer.  I’ve tossed a few Tweets on this topic in the past couple of weeks, but as the layers of this onion are peeled back, more and more is being revealed.  I’m not a conspiracy theorist, but the number of half-truths that have been reported on this incident lead me to believe we still don’t know everything that transpired that morning.  Now that the FCC has leaned into this investigation, more and more information is being revealed, despite reports that the employee at the center of it gave limited cooperation in the investigation (likely at the advice of an attorney).  Most of my commentary is based upon information reported by the Business Insider and Washington Post which includes information from the ongoing FCC investigation.

eas_logo_rev1_3

First, why was public notification of a false missile strike such a big deal?  The effective practice of notification and warning in emergency management relies on the transmission of accurate, timely, and relevant information.  Since emergency management is already challenged by a percentage of citizens that willfully don’t pay attention to warnings, don’t care about them enough to take action, or otherwise refuse to take action, the erosion of any of these pillars will degrade public trust in an already less than ideal environment.  We sometimes struggle to get accurate weather-related warnings issued, but when a warning is sent for a ballistic missile strike that isn’t occurring, that’s a significant error.  We certainly saw across social media the stories of people on the Hawaiian Islands as well as those in the continental US with friends and family in Hawaii.  The notification of an impending ballistic missile strike is terrifying to a population.  Imagine saying good bye to your family and loved ones for what you think is the last time.  What truly made this erroneous notification unforgivable was the 38-minute time span it took for it to be rectified.

While there is a lot of obvious focus on the employee who actually activated the alert, I see this person as only one piece of the chain of failures that occurred that morning.  It was first reported that the employee accidentally selected the wrong option in a drop-down menu; selecting an actual alert instead of a test.  While mistakes can and do happen in any industry, the processes we use should undergo reviews to minimize mistakes.  Those processes include the tools and technology we use to execute.  Certainly, any system that issues a mass notification should have a pop-up that says ‘ARE YOU REALLY SURE YOU WANT TO DO THIS???’ or a requirement for verification by another individual.  I’ll note that the Business Insider article says there is a verification pop-up in the system they used, so clearly that wasn’t enough.

Findings released from the initial FCC investigation found that the employee apparently thought this was a real incident instead of an exercise, therefore, their action was intentional.  So, we have another mistake.  As mentioned before, the processes and systems we have in place should strive to minimize mistakes.  A standard in exercise management is to use a phrase similar to ‘THIS IS AN EXERCISE’ in all exercise communications.  By doing so, everyone who receives these communications, intentionally or otherwise, is aware that what is being discussed is not real.  I would hope that if the warning point employee heard that phrase with the order to issue an emergency alert, the outcome would have been different.  According to the FCC report, the phrase ‘Exercise, exercise, exercise’ was used, but so was the phrase ‘this is not a drill’.  While reports indicate some issues with past performance of this employee, I would caution that messages such as this are confusing and should never be issued in this manner.  They need to take a serious look at their exercise program and how it is managed and implemented.

Next, 38 minutes of time passed before a retraction was issued.  Forgive me here, but what the fuck happens in 38 minutes that you can’t issue a retraction?  There are timelines posted in the Business Insider and Washington Post articles on this matter.  I believe that what I’m reading is factual, but I shake my head at the ineptitude of leadership that existed, ranging from the employee’s supervisor, to the agency director, and all the way up to the Governor.  There is no reason a retraction could not have been issued within minutes of this false alarm.  We see things in this timeline such as ‘drafting a retraction’ and ‘lost Twitter password’.  Simply bullshit.  There isn’t much to draft for an initial retraction other than ‘False Alarm – No missile threat’.  We know from later in the timeline that this could have been sent through the same system that sent the initial message.

It’s noted that Hawaii EMA didn’t have a plan in place for issuing retractions on messages.  An easy enough oversight, I suppose, but when they report that this same employee had issued false messages on two previous occasions, a plan would have been developed for something that was an obvious concern.

A possible path to correction is a bill that may be introduced by Sen. Brian Schatz which would give the US Departments of Defense and Homeland Security the responsibility to notify the public of an incoming missile attack.  Is this a perfect fix? No.  Consider that weather alerts can be issued by the National Weather Service, or by state or local emergency management agencies based upon NWS information or what they are actually observing on the ground.  I’m a big believer in state’s rights as well as their ultimate responsibility to care for their populations, so I believe the states should have the ability to issue such alerts, however they should generally be defaulting to DoD, as DoD has the technology to detect an incoming attack.

There are numerous layers of failure in this situation which need to be examined and addressed through rigorous preparedness measures.  It obviously was an embarrassing occurrence for Hawaii EMA and I’m sure they are working to address it.  The intent of my article isn’t to harp on them, but to identify the potential points of failure found in many of our systems.  Unfortunately, this situation makes for a case study that we all can learn from.  Current technology provides every state, county, city, town, and village the ability to access an emergency alert system of some type.  Some are municipal systems, some are regional, some are state, and some are national (IPAWS).  We access these systems through custom developed programs or commercially available interfaces.  These systems will instantly issue alerts to cell phones, email accounts, social media, radio, and TV; and some will still activate sirens in certain localities.  The technology we have enables us to reach a high percentage of our populations and issue critical communications to them.  While the technology is great and the message we send is important, it’s only one element of a good public information and warning program.  Clearly, we see from the occurrence in Hawaii, that we need to have solid plans, policies, procedures, systems, training, and exercises to ensure that we can effectively and efficiently issue (and retract) those messages.  So crack open your own plans and start making a list of what needs to be improved.

© 2018 – Timothy M. Riecker, CEDP

Emergency Preparedness Solutions, LLC SM

Strenghtening 9-1-1 Systems

Tim RieckerThis morning, Government Security News (GSN) published an article regarding the FCC‘s examination of last June’s derecho storms that severely impacted Virginia, Maryland, West Virginia, DC, and Ohio.  The FCC looked into the long-lasting down time of 9-1-1 call centers in these impacted areas, provided comment, as well as recommendations – which largely are pretty sound.

If you’ve read earlier blog posts of mine, you’ll know that I more-often-than-not tend to defend utility companies.  Yes, we can all be better prepared, but I believe that sometimes the expectations are unreasonably high, especially with wide-spread disasters.   Also, utility companies are just that – companies – their primary goal is to be profitable.  With this in mind, there comes a point when the cost of mitigation may, at least in the short-term, make them unprofitable.  While in theory I would say ‘suck it up’, share holders tend not to see things that way.  So that does leave us with a bit of a quandary.

9-1-1 is an absolutely critical service.  Outages and disturbances in these systems occur every day throughout the nation, but are typically short in duration.  The derecho left 3.6 million people with interrupted 9-1-1 service, some for many days.  While there are general infrastructure issues that result from storms that can impact a utility system, this was compounded after the derecho by continued high winds for a few days, making many repairs impossible.  The FCC report cites, however, a few easy fixes that could have greatly reduced both the number of outages and the duration of many of these outages – including emergency power generators at central offices and distribution hubs.  There were also planning gaps that were discovered, that, once addressed should help reduce impacts by both number and duration.  I believe we also need to harness the technology we have to discover redundancies and back-ups that can be implemented in the even of future system failures.

Every incident is a learning experience for all involved – and hopefully even for those fortunate enough to not be involved.  The challenge is accepting these lessons learned and applying them to improve our measure of preparedness, increasing our awareness, and better enabling us to respond more effectively the next time around.

What lessons have you learned from disasters???