Poor user interface design blamed for Hawaii missile scare

By on
Poor user interface design blamed for Hawaii missile scare

A poorly designed user interface was reportedly behind the false alarm regarding an incoming missile that sent Hawaiian residents into a panic over the weekend.

People in the US state received a notification on their smartphones on Saturday warning of an imminent ballistic missile strike, advising them to "seek immediate shelter" and that "this is not a drill".

Fortunately, it was.

The alert was supposed to have been an internal test of the Hawaii Emergency Management Agency's (HEMA's) missile alert system, conducted semi-regularly since tensions between the US and North Korea began escalating last year.

According to The Washington Post, an employee mistakenly selected the wrong option from a drop-down list, issuing a genuine missile alert to the public instead of a dummy alert to HEMA staff.

The two options were labelled almost identically ('test missile alert' and 'missile alert') and placed one after another, while the only safeguard to prevent accidental alert launches was a single confirmation prompt.

The incident has drawn criticism from some experts, who say that such an important system should not be so open to human error.

"Even though the menu option still required confirmation that the user really wanted to send an alert, that wasn't enough, on this occasion, to prevent the worker from robotically clicking onwards," explained security expert Graham Cluley.

"There was an 'Are you sure?' message, but the user clicked it anyway. Clearly the 'Are you sure?' last-chance-saloon wasn't worded carefully enough, or didn't stand out sufficiently from the regular working of the interface, to make the worker think twice."

Federal Communications Commission chairman Ajit Pai also slammed the error, calling it "absolutely unacceptable".

"Based on the information we have collected so far, it appears that the government of Hawaii did not have reasonable safeguards or process controls in place to prevent the transmission of a false alert," he said in a statement.

Compounding the problem was the fact that it took more than half an hour for HEMA to send out a follow-up message after the first alert to reassure people that it was an error. Sending the retraction required an elevated level of permissions, and had to go through the Federal Emergency Management Agency (FEMA) for approval.

HEMA said it has now modified the system, requiring all genuine alerts to be confirmed by a second person before they are issued, as well as adding a cancellation button allowing citizens to be immediately notified in the event of another false alarm.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

As a reseller, this year would you prefer to...
Do more business with my current vendors
Add new vendors and grow business with them
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?