How a poor user interface design caused the Hawaii missile scare
Experts slam emergency alert system's lack of safeguards, after worker selects wrong drop-down option
A poorly-designed user interface was reportedly behind the false alarm regarding an incoming missile that sent Hawaiian residents into a panic over the weekend.
People in the US state received a notification on their smartphones on Saturday warning of an imminent ballistic missile strike, advising them to "seek immediate shelter" and that "this is not a drill". Fortunately, it was.
The alert was supposed to have been an internal test of the Hawaii Emergency Management Agency's (HEMA's) missile alert system, conducted semi-regularly since tensions between the US and North Korea began escalating last year. According to The Washington Post, an employee mistakenly selected the wrong option from a drop-down list, issuing a genuine missile alert to the public instead of a dummy alert to HEMA staff.
The two options were labelled almost identically ('test missile alert' and 'missile alert') and placed one after another, while the only safeguard to prevent accidental alert launches was a single confirmation prompt.
The incident has drawn criticism from some experts, who say that such an important system should not be so open to human error.
"Even though the menu option still required confirmation that the user really wanted to send an alert, that wasn't enough, on this occasion, to prevent the worker from robotically clicking onwards," explained security expert Graham Cluley.
"There was an 'are you sure?' message, but the user clicked it anyway. Clearly the 'are you sure?' last-chance-saloon wasn't worded carefully enough, or didn't stand out sufficiently from the regular working of the interface, to make the worker think twice."
Federal Communications Commission chairman Ajit Pai also slammed the error, calling it "absolutely unacceptable". "Based on the information we have collected so far, it appears that the government of Hawaii did not have reasonable safeguards or process controls in place to prevent the transmission of a false alert," he said in a statement.
Compounding the problem was the fact that it took more than half an hour for HEMA to send out a follow-up message after the first alert to reassure people that it was an error. Sending the retraction required an elevated level of permissions, and had to go through the Federal Emergency Management Agency (FEMA) for approval.
HEMA said it has now modified the system, requiring all genuine alerts to be confirmed by a second person before they are issued, as well as adding a cancellation button allowing citizens to be immediately notified in the event of another false alarm.
Picture credit: Shutterstock
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download