How a poor user interface design caused the Hawaii missile scare

Experts slam emergency alert system's lack of safeguards, after worker selects wrong drop-down option

A poorly-designed user interface was reportedly behind the false alarm regarding an incoming missile that sent Hawaiian residents into a panic over the weekend.

People in the US state received a notification on their smartphones on Saturday warning of an imminent ballistic missile strike, advising them to "seek immediate shelter" and that "this is not a drill". Fortunately, it was.

The alert was supposed to have been an internal test of the Hawaii Emergency Management Agency's (HEMA's) missile alert system, conducted semi-regularly since tensions between the US and North Korea began escalating last year. According to The Washington Post, an employee mistakenly selected the wrong option from a drop-down list, issuing a genuine missile alert to the public instead of a dummy alert to HEMA staff.

The two options were labelled almost identically ('test missile alert' and 'missile alert') and placed one after another, while the only safeguard to prevent accidental alert launches was a single confirmation prompt.

Advertisement - Article continues below
Advertisement - Article continues below

The incident has drawn criticism from some experts, who say that such an important system should not be so open to human error.

"Even though the menu option still required confirmation that the user really wanted to send an alert, that wasn't enough, on this occasion, to prevent the worker from robotically clicking onwards," explained security expert Graham Cluley.

"There was an 'are you sure?' message, but the user clicked it anyway. Clearly the 'are you sure?' last-chance-saloon wasn't worded carefully enough, or didn't stand out sufficiently from the regular working of the interface, to make the worker think twice."

Federal Communications Commission chairman Ajit Pai also slammed the error, calling it "absolutely unacceptable". "Based on the information we have collected so far, it appears that the government of Hawaii did not have reasonable safeguards or process controls in place to prevent the transmission of a false alert," he said in a statement.

Compounding the problem was the fact that it took more than half an hour for HEMA to send out a follow-up message after the first alert to reassure people that it was an error. Sending the retraction required an elevated level of permissions, and had to go through the Federal Emergency Management Agency (FEMA) for approval.

HEMA said it has now modified the system, requiring all genuine alerts to be confirmed by a second person before they are issued, as well as adding a cancellation button allowing citizens to be immediately notified in the event of another false alarm.

Advertisement - Article continues below

Picture credit: Shutterstock

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



The Story Behind Trump's Tech Tariffs

25 Jan 2020
artificial intelligence (AI)

How Bank of America uses AI to improve customer service and take on competitors

22 Jan 2020
Careers & training

The tech skills you need to succeed in the US

21 Jan 2020
data protection

Box CEO: Most internet users will ditch privacy for online services

3 Jan 2020

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020