[brerlapn]

A number of folks have asked if anyone knows more details on how a false alert could have been issued. I had some exposure to conversations about these alerts a few years ago, so a few thoughts. This isn't based on extensive experience, but provides a bit more background than you'll get from the news stories I've seen, and if you're burning with curiosity this should give you some jumping off points to research it further.

Although FEMA is actively developing more robust controls for their IPAWS system, the controls on user behavior and what functions can be triggered in the system have limited capabilities to enforce restrictions (one would be the requirement for a digital signature to accept a CAP message as valid). If you listen to the press conference [2] Hawaii says they will now be using a 'two person rule' which indicates that the most significant controls they have are manual/behavioral (not automated in the system by user roles or automated workflows based on state policies). Few information systems do much more than have a few coarsely-permissioned user roles, though, so it's not like FEMA or Hawaii has tried to cheap out on the functionality - it's just not a very common capability and emergency alerts isn't a mission where you want to be using 'interesting new tools' that aren't well tested.

There are several alerting systems - the Emergency Alert System (EAS), the Wireless Alert System (WEA), and Non-Weather Emergency Alerts (NWEM). States use FEMA's IPAWS system for sending alerts, which [1] this one seems to have been sent through (localities don't necessarily participate in IPAWS, which is voluntary, but the Hawaii EMA was the one that sent this). Some questions I would have about this would be: - IPAWS messages must have a digital signature to be accepted by the system, however based the Hawaii EMA press conference and articles which say 'an employee made an error' I would guess that the digital signature is not used in a way that is actually tied to the official authorized to declare the alert but to is accessible to their whole emergency Operations Group. - Are they sending test messages with that signature? With a 'two-person rule', it sounds from the press conference that it isn't enforced by the machine (not like having two keys which both have to be turned to send the message) but by the first person stepping away from the machine and letting the other person push the "are you sure you want to send this?" button. That doesn't seem much better, but changing the system to do that gets away from the basic CAP architecture and isn't likely to happen soon.

The FCC is currently working on a proceeding regarding updating WEA to allow more geographic targeting of alerts, the way the other alerts can be targeted at specific locales. The current system dates back to 2011 or 2012, and is pretty coarsely-targeted, which is probably why you're getting Amber Alerts on your phone for a town that is 6 hours away just because it's in your state. You can find it at Proceeding Numbers 15-91 and 15-94 [3].

[1] You can see the message here, which archives messages sent via IPAWS: http://ipawsnonweather.alertblogger.com/?p=18764 [2] http://dod.hawaii.gov/hiema/press-conference-missile-alarm-l... [3] https://www.fcc.gov/fcc-announces-comment-dates-rulemaking-s...

This gives some more technical details on IPAWS and the Common Access Protocol that these messages use: https://www.fema.gov/pdf/emergency/ipaws/ipaws_cap_mg.pdf