Just watched an interview on CNN with the Governor of Hawaii and their director of emergency management. Pretty impressed that the director didn't throw anybody under the bus. He basically said "An employee pushed the wrong button. It's my responsibility, so this is my fault. We're going to make procedure and technical changes to make sure this doesn't happen again."
A lot of people are calling for the person who did this to be instantly fired, but I've always been of the opinion that the guy that pushed that button would be an outstanding hire - because he'll never, ever do something like that again and he's learned an important lesson.
The problem is not the employee who pushed the button. It's whomever designed a system with no checks and balances against a single human operator's error, given the severity of the outcome.
No way we should accept errors like this as some sort of blameless par for course in software engineering. Especially as SV grows more and more into life-critical systems like autonomous vehicles. If there was deep incompetence in architecting a system like this then yes, potentially the employees responsible for that architecture could be disciplined. If the responsible employees were too junior to design appropriate safeguards correctly, then the finger points at the managers who set up the team that way.
It sounds like the parties to blame here lie somewhere in the management chain between the poor unfortunate button-pusher and the director of all emergency management for Hawaii.
This is known as the "Asoh Defense". Capt. Kohei Asoh accidentally flew a DC-8 airliner into the water while on approach to SFO. No major injuries and the aircraft was repaired. The incident was noted for Capt. Asoh frankly accepting responsibility.
Kudos. That is how you manage. However my concern is that it took over 30 minutes to send another message stating it was false. Seems like they should have been able to spot their mistake almost instantly.
As I commented below, if this happened when the stock market was open, this could have had a huge impact financially. Over 30 minutes with no updates is an eternity for news to hit Wall Street and algo trades start kicking in.
So, people on the mainland are reacting differently than people in Hawaii. But this is not unexpected. When you live in such an isolated and vulnerable place, you are prepared for events which take a turn for the worst. I sort of figured people on the mainland would be clutching pearls and calling for the firing of the employee. But we have "false alarms" in Hawaii occasionally (e.g. with tsunami warnings which fizzle out). Most people on the island take the more reasonable position that we seem to have our ducks in a row for alerting, and I'll take an occasional misfired false positive over a false negative. It won't lessen my community's readiness if the real thing happens. Call it a really true-to-life drill. If you don't live in Hawaii and are having this kind of weird panicked reaction to a mistake, perhaps give yourself a minute to really take stock about your perspective on life. It was a mistake, and maybe even helped us become better prepared.
Could they do it so say, two people have to input a code or something from different machines, or something more physical like turning two keys, hitting a button etc
That's how it should be. As I maintain - mistakes are places where the systems and automation are too weak for our fat fingers, and mistakes of my team are my mistakes.
CNN are not very objective on government issues... hopefully this was a video interview and not a "quote" ... (because videos are a bit harder to fake).
This kind of accident has happened many times in the history of the Emergency Alert System (EAS)[1] and the earlier Emergency Broadcast System (EBS). The false alarm of 1971[2] actually revealed a major flaw in the EBS. During the incident, a legitimate national alert initiation message was erroneously broadcast instead of the scheduled test message. Many stations did not propagate the message as required because of confusion caused by receiving it within the time window of a scheduled test. Interestingly, this revealed a major flaw in the system in the event of a real emergency: that an adversary could time its attack with a test broadcast of the EBS, rendering the system generally ineffective.
If I were going to erode public trust in emergency broadcast systems in order to increase the amount of damage I would do by launching an actual missile, this is how I would do it. A series of false alarms.
A similar, if obviously much smaller and less disastrous example, happens at my apartment about 4 times a week: the fire alarms for entire floors of my apartment building are easily triggered by people smoking in the breeze ways or burning their dinner. The result is that I routinely ignore fire alarms because the likelihood of a real fire is has been demonstrated to be exceedingly small.
A ballistic missile heading for Hawaii would be nuclear, the amount of additional loss of life that would incur from “damaging the public’s trust” in the early warning system would be pretty much negligible if the missile hits any major population center.
This is basically not an issue for nuclear missiles for something more like to the situation in southern Israel with conventional unguided munitions blindly shot at their general direction it might work but if a nuke could get you it would do it regardless if you duck and cover or not.
Israeli here. We get false rocket alerts every once in a while. Usually it's a bug or a badly calibrated radar picking up something else, sometimes a human error.
I think a series of false alarms would have the effect you describe. However, based on some of the reactions I'm seeing online, I wonder if a one-off false alarm will cause a lot of people to figure out what they should be doing if the alarm were to go off again for real.
If you want to go down this particular rabbit hole, then let me say that I think it's more likely this was "us" than "them". Now the whole country is talking and thinking about the effects of a real ballistic missile launch. We got a glimpse at the chaos and mass panic that would ensue.
Tomorrow there will be more people in favor of putting a swift and aggressive end to NK's nuclear ambitions than there were yesterday.
An interesting Reddit comment described a chaotic traffic situation for 20 minutes (people running lights, wrong-side-of-the-road driving, extreme speed, etc.). Human nature in these moments is very “Tragedy of the Commons” apparently.
In Ala Moana lots of people were looking out their windows but most people seemed to think it was just a mistake, and were waiting for more confirmation, from what I saw.
A lot of comments making fun of the "duck and cover" advice, but consider this: Many people suffered serious injury from the Chelyabinsk meteor when they went to a window to see the spectacle, not realizing the shock wave would follow a few seconds later and shatter the windows into their faces.
If they had gotten away from the windows and ducked and covered, they would have been fine.
So it took 38 minutes to send out a new message informing this was a false alert. How is that possible if this was simply a human error during a "shift change"?
You'd think the people who "pressed the wrong button" would be able to press the same button again?
> You'd think the people who "pressed the wrong button" would be able to press the same button again?
Absolutely not. Once you say “fire” you need official confirmation to say “no fire”.
That means certification from the military. The official needed being in a meeting or tending to something of greater importance could easily introduce delays.
In any case, I presume the system’s designers didn’t build in an “oops, fat finger” notification. Getting that ready could have easily taken 30 minutes. This happened on a week-end. The coders could have very well been at home.
It makes sense to have drills right now, India (tests with war against China and Pakistan), China (Telling their soldiers to be prepared to die for China), Russia(tests against Nato), and North Korea (getting ready for war with the US) are all having military tests for basically what will quickly become another world war.
We are really at a big crossroads as a large amount of people are rejecting globalization in many different countries. And with such major powers willing to fight hard for resources like Ukraine, South China Sea, Oil Eu pipelines, and not even mentioning the increasing gulf between various countries on core ideologies and creeds.
"Amid public outcry over the incident, the Hawaiian government also released a timeline of what transpired after the false alarm:
Approx. 8:05 a.m. – A routine internal test during a shift change was initiated. This was a test that involved the Emergency Alert System, the Wireless Emergency Alert, but no warning sirens.
8:07 a.m. – A warning test was triggered statewide by the State Warning Point, HI-EMA.
8:10 a.m. – State Adjutant Maj. Gen. Joe Logan, validated with the U.S. Pacific Command that there was no missile launch. Honolulu Police Department notified of the false alarm by HI-EMA.
8:13 a.m. – State Warning Point issues a cancellation of the Civil Danger Warning Message. This would have prevented the initial alert from being rebroadcast to phones that may not have received it yet. For instance, if a phone was not on at 8:07 a.m., if someone was out of range and has since came into cell coverage (Hikers, Mariners, etc.) and/or people getting off a plane.
8:20 a.m. – HI-EMA issues public notification of cancellation via their Facebook and Twitter accounts.
8:30 a.m. – Governor posts cancellation notification to his Facebook page.
8:45 a.m. – After getting authorization from FEMA Integral Public Alert and Warning System, HIEMA issued a “Civil Emergency Message” remotely.
The following action was executed by the Emergency Alert System (EAS):
1. EAS message over Local TV/Radio Audio Broadcast & Television Crawler Banner.
“False Alarm. There is no missile threat to Hawaii.”
“False Alarm. There is no missile threat or danger to the State of Hawaii. Repeat. There is no
missile threat or danger to the State of Hawaii. False Alarm.”
2. Wireless Emergency Alert (WEA)
“False Alarm. There is no missile threat or danger to the State of Hawaii.”
9:30 a.m. – Governor makes initial media notification.
9:34 a.m. – Governor’s message posted to his Facebook and Twitter accounts."
I'm surprised the discussion here hasn't veered toward what actually happened. Technical glitch/human error? Hacked emergency alert system? Missile actually was on the way, but being a cheap North Korean one, it fell into the ocean on the way?
There are lots of potential explanations...whatever happened, there is stuff to work on in the aftermath of this. Barring the idea that it was an actual missile that failed to hit its target, if these alert systems are vulnerable, that's a bad thing. This could have caused serious chaos in a large city like New York. Techniques like this could be used to cause gridlock before a terrorist attack, suppress voter turnout on election days, etc.
Well, it will be interesting if any researchers look into people's actual behavior within the first few minutes of the notification before the 'false alarm, never mind' message went out to see how effective this was as an emergency alert, even if unplanned.
Now we get to see & analyze the "real life" reaction to this dress rehearsal. I'm sure everyone knew without this that a real alert would be full of SNAFUs, but you don't usually get a chance to see what they would really be if everyone actually believed the alert was real.
Hopefully (and I think they will ) they'll be smart enough to use this rare opportunity.
So I posted something along these lines in another, now-duped thread... but I know that many folks were caught completely off guard and started wondering what they would have done in case of a real threat. Many just cracked Twitter jokes about dying in a blaze of glory.
For folks who want to understand the actual dangers and survivability of an ICBM strike, I strongly suggest a book from the 1960s written by one of the folks involved in the US nuclear program during the Cold War:
It cuts through many of the Hollywood-perpetuated myths - the certain and painful death in case of a nuclear strike, or the 10,000-year radioactive wasteland that's going to be left behind.
For example, it discusses why the oft-ridiculed duck-and-cover strategy is actually surprisingly effective. The primary threat from an air burst is very conventional - a shockwave and an intense burst of thermal radiation. Shelter - any shelter - greatly improves your survival odds.
The fallout from air bursts is comparatively modest (i.e., tends to be far lower than from an event such as Chernobyl) and while lethal, it decays very rapidly - dropping to reasonably safe levels in a matter of days, not centuries. Staying sheltered for 2-10 days greatly improves your odds, and the thickness of material between you and any surfaces that gather dust (roofs, ground) matters more than anything else. Here's a handy chart:
In other words, having enough food and water in your home to weather out a nasty stowstorm also makes you well-prepared for the nuclear apocalypse. Mattresses and bulky furniture provide decent shielding when all other options fail.
The long-term effect of fallout tend to be exaggerated, too; water from streams, deep lakes, or wells should be safe or get safe very quickly. Removing a layer of topsoil allows relatively safe crops to be grown. Mild radiation sickness, at the levels where people start experiencing vomiting and hair loss, is actually pretty survivable and has a relatively modest impact on your odds of developing cancer later in life.
(Plus, keep in mind that more than 2,000 nuclear tests have been conducted so far, including around 900 in Nevada alone; while they had some statistically observable negative effects, they have not turned the world into a nuclear wasteland.)
Of course, don't get me wrong - even a single nuclear strike would be awful, and a large-scale confrontation would mean untold damages and loss of life. But the important point is that a lot of people would survive and would be able to do well in the aftermath - more so if we teach them about some common-sense preparedness steps.
The main reason why our understanding of the nuclear risk is so lopsided is because for decades, many nuclear disarmament activists (including many prominent screenwriters, celebrities, and pundits) had a vested interested in portraying the already-awful outcomes of a potential nuclear war as far less survivable and far more hopeless than in reality; the mockery of duck-and-cover, the "barren wasteland" imagery in the movies, and the largely-discredited scientific theories like the "nuclear winter"... all helped to advance (otherwise noble) goals, but at the expense of teaching people that there's nothing they can do save themselves.
Plus, of course, after Cold War, we have fewer reasons to worry. It's hard to top the Cuban Missile Crisis. There's plenty of politicized hyperbole around nuclear tensions right now, but the reality is that a large-scale strike on the US is a lot less likely than throughout a good part of the 20th century.
PS. I have a short summary of NWSS and some other points about this topic (and other, more mundane but plausible hazards) in my "Doomsday Prepping for Less Crazy Folk" - http://lcamtuf.coredump.cx/prep/
This should not happen, yet time after time we see that critical American infrastructure and systems are run worse than a pre-revenue bay area chat startup. American infrastructure needs to invest and hire/pay for the same quality that bay area startups do. Let four people go that are inept and less qualified and pay a single solid person market salary.
Besides the fear and chaos potentially caused to people in Hawaii there are financial implications if the stock market were open.
I’m in Hawaii and received it this morning. First thought: there is probably no shelter close by anyway, and if they would send a missile they would probably target Honolulu (I’m in Kauai).
Civilian governments would have had to get clarity from a military caught off guard. Something as simple as the appropriate official being in a meeting could introduce delays.
Hopefully, THAAD and Aegis work in real life as they have practice. I guess the other comfort is that North Korea is likely a one-trick pony with a nuclear device (if they _have_ managed to miniaturize it). What is scarier is the anthrax antibodies found in the North Korean defector :/
I'm hoping the withdrawal of exercises of the USA and peace talks actually get us somewhere, but we've been to the table 100 times, I don't see much changing.
From what CNN is saying, it doesn't sound like it was a drill. The gov. of Hawaii said that the emergency management people were going through their normal shift-change procedures and somebody did the equivalent of:
That was my initial reaction but if this was one of perhaps many pre-populated messages that wasn't meant to go out, you might well not have "THIS IS ONLY A DRILL" strings in those messages.
[+] [-] packetslave|8 years ago|reply
[+] [-] blantonl|8 years ago|reply
[+] [-] abalone|8 years ago|reply
No way we should accept errors like this as some sort of blameless par for course in software engineering. Especially as SV grows more and more into life-critical systems like autonomous vehicles. If there was deep incompetence in architecting a system like this then yes, potentially the employees responsible for that architecture could be disciplined. If the responsible employees were too junior to design appropriate safeguards correctly, then the finger points at the managers who set up the team that way.
It sounds like the parties to blame here lie somewhere in the management chain between the poor unfortunate button-pusher and the director of all emergency management for Hawaii.
[+] [-] neurotech1|8 years ago|reply
[0] https://en.wikipedia.org/wiki/Japan_Airlines_Flight_2#The_"A...
[+] [-] nodesocket|8 years ago|reply
As I commented below, if this happened when the stock market was open, this could have had a huge impact financially. Over 30 minutes with no updates is an eternity for news to hit Wall Street and algo trades start kicking in.
[+] [-] fapjacks|8 years ago|reply
[+] [-] djhworld|8 years ago|reply
Could they do it so say, two people have to input a code or something from different machines, or something more physical like turning two keys, hitting a button etc
[+] [-] tetha|8 years ago|reply
[+] [-] tomjen3|8 years ago|reply
[+] [-] JBlue42|8 years ago|reply
Must be reading some DevOps blogs about blameless post-mortems.
[+] [-] justicezyx|8 years ago|reply
I think a small group of people feel "mission accomplished".
[+] [-] trumpsamerica|8 years ago|reply
[deleted]
[+] [-] musicandscones|8 years ago|reply
[deleted]
[+] [-] yorby|8 years ago|reply
[+] [-] amckinlay|8 years ago|reply
[1] https://en.wikipedia.org/wiki/Emergency_Alert_System#Inciden...
[2] https://en.wikipedia.org/wiki/Emergency_Broadcast_System#Fal...
[+] [-] intopieces|8 years ago|reply
A similar, if obviously much smaller and less disastrous example, happens at my apartment about 4 times a week: the fire alarms for entire floors of my apartment building are easily triggered by people smoking in the breeze ways or burning their dinner. The result is that I routinely ignore fire alarms because the likelihood of a real fire is has been demonstrated to be exceedingly small.
[+] [-] dogma1138|8 years ago|reply
[+] [-] JumpCrisscross|8 years ago|reply
[+] [-] dvirsky|8 years ago|reply
[+] [-] ImSkeptical|8 years ago|reply
[+] [-] SheinhardtWigCo|8 years ago|reply
Tomorrow there will be more people in favor of putting a swift and aggressive end to NK's nuclear ambitions than there were yesterday.
[+] [-] conspiracyies|8 years ago|reply
[deleted]
[+] [-] makecheck|8 years ago|reply
[+] [-] nstj|8 years ago|reply
Everyone cheered when the “False alarm” SMS came through across the phones.
Secure your networks people - this electronic psyops stuff is real.
[+] [-] craftyguy|8 years ago|reply
[+] [-] harryh|8 years ago|reply
[+] [-] breck|8 years ago|reply
[+] [-] sosborn|8 years ago|reply
[+] [-] mistersquid|8 years ago|reply
Even more disturbing was the instructions of the initial warning which was to "hide in a safe place".
Terrifying.
[0] https://imgur.com/a/0QkgY
[+] [-] Stratoscope|8 years ago|reply
If they had gotten away from the windows and ducked and covered, they would have been fine.
[+] [-] runesoerensen|8 years ago|reply
You'd think the people who "pressed the wrong button" would be able to press the same button again?
[+] [-] JumpCrisscross|8 years ago|reply
Absolutely not. Once you say “fire” you need official confirmation to say “no fire”.
That means certification from the military. The official needed being in a meeting or tending to something of greater importance could easily introduce delays.
In any case, I presume the system’s designers didn’t build in an “oops, fat finger” notification. Getting that ready could have easily taken 30 minutes. This happened on a week-end. The coders could have very well been at home.
[+] [-] MollyR|8 years ago|reply
It makes sense to have drills right now, India (tests with war against China and Pakistan), China (Telling their soldiers to be prepared to die for China), Russia(tests against Nato), and North Korea (getting ready for war with the US) are all having military tests for basically what will quickly become another world war.
We are really at a big crossroads as a large amount of people are rejecting globalization in many different countries. And with such major powers willing to fight hard for resources like Ukraine, South China Sea, Oil Eu pipelines, and not even mentioning the increasing gulf between various countries on core ideologies and creeds.
We really are at a new and dangerous crossroads.
[+] [-] r721|8 years ago|reply
Approx. 8:05 a.m. – A routine internal test during a shift change was initiated. This was a test that involved the Emergency Alert System, the Wireless Emergency Alert, but no warning sirens.
8:07 a.m. – A warning test was triggered statewide by the State Warning Point, HI-EMA.
8:10 a.m. – State Adjutant Maj. Gen. Joe Logan, validated with the U.S. Pacific Command that there was no missile launch. Honolulu Police Department notified of the false alarm by HI-EMA.
8:13 a.m. – State Warning Point issues a cancellation of the Civil Danger Warning Message. This would have prevented the initial alert from being rebroadcast to phones that may not have received it yet. For instance, if a phone was not on at 8:07 a.m., if someone was out of range and has since came into cell coverage (Hikers, Mariners, etc.) and/or people getting off a plane.
8:20 a.m. – HI-EMA issues public notification of cancellation via their Facebook and Twitter accounts.
8:24 a.m. – Governor Ige retweets HI-EMA’s cancellation notice.
8:30 a.m. – Governor posts cancellation notification to his Facebook page.
8:45 a.m. – After getting authorization from FEMA Integral Public Alert and Warning System, HIEMA issued a “Civil Emergency Message” remotely. The following action was executed by the Emergency Alert System (EAS): 1. EAS message over Local TV/Radio Audio Broadcast & Television Crawler Banner. “False Alarm. There is no missile threat to Hawaii.” “False Alarm. There is no missile threat or danger to the State of Hawaii. Repeat. There is no missile threat or danger to the State of Hawaii. False Alarm.” 2. Wireless Emergency Alert (WEA) “False Alarm. There is no missile threat or danger to the State of Hawaii.”
9:30 a.m. – Governor makes initial media notification.
9:34 a.m. – Governor’s message posted to his Facebook and Twitter accounts."
http://www.washingtonexaminer.com/hawaii-releases-timeline-o...
[+] [-] downandout|8 years ago|reply
There are lots of potential explanations...whatever happened, there is stuff to work on in the aftermath of this. Barring the idea that it was an actual missile that failed to hit its target, if these alert systems are vulnerable, that's a bad thing. This could have caused serious chaos in a large city like New York. Techniques like this could be used to cause gridlock before a terrorist attack, suppress voter turnout on election days, etc.
[+] [-] euvitudo|8 years ago|reply
Hopefully instead of seeking to cast blame or personnel firings, etc., folks will learn what it is they lack in emergency response.
[+] [-] Flammy|8 years ago|reply
[+] [-] jmadsen|8 years ago|reply
Now we get to see & analyze the "real life" reaction to this dress rehearsal. I'm sure everyone knew without this that a real alert would be full of SNAFUs, but you don't usually get a chance to see what they would really be if everyone actually believed the alert was real.
Hopefully (and I think they will ) they'll be smart enough to use this rare opportunity.
[+] [-] f-|8 years ago|reply
For folks who want to understand the actual dangers and survivability of an ICBM strike, I strongly suggest a book from the 1960s written by one of the folks involved in the US nuclear program during the Cold War:
http://www.madisoncountyema.com/nwss.pdf
It cuts through many of the Hollywood-perpetuated myths - the certain and painful death in case of a nuclear strike, or the 10,000-year radioactive wasteland that's going to be left behind.
For example, it discusses why the oft-ridiculed duck-and-cover strategy is actually surprisingly effective. The primary threat from an air burst is very conventional - a shockwave and an intense burst of thermal radiation. Shelter - any shelter - greatly improves your survival odds.
The fallout from air bursts is comparatively modest (i.e., tends to be far lower than from an event such as Chernobyl) and while lethal, it decays very rapidly - dropping to reasonably safe levels in a matter of days, not centuries. Staying sheltered for 2-10 days greatly improves your odds, and the thickness of material between you and any surfaces that gather dust (roofs, ground) matters more than anything else. Here's a handy chart:
http://static3.businessinsider.com/image/58cc34b9112f7043268...
In other words, having enough food and water in your home to weather out a nasty stowstorm also makes you well-prepared for the nuclear apocalypse. Mattresses and bulky furniture provide decent shielding when all other options fail.
The long-term effect of fallout tend to be exaggerated, too; water from streams, deep lakes, or wells should be safe or get safe very quickly. Removing a layer of topsoil allows relatively safe crops to be grown. Mild radiation sickness, at the levels where people start experiencing vomiting and hair loss, is actually pretty survivable and has a relatively modest impact on your odds of developing cancer later in life.
(Plus, keep in mind that more than 2,000 nuclear tests have been conducted so far, including around 900 in Nevada alone; while they had some statistically observable negative effects, they have not turned the world into a nuclear wasteland.)
Of course, don't get me wrong - even a single nuclear strike would be awful, and a large-scale confrontation would mean untold damages and loss of life. But the important point is that a lot of people would survive and would be able to do well in the aftermath - more so if we teach them about some common-sense preparedness steps.
The main reason why our understanding of the nuclear risk is so lopsided is because for decades, many nuclear disarmament activists (including many prominent screenwriters, celebrities, and pundits) had a vested interested in portraying the already-awful outcomes of a potential nuclear war as far less survivable and far more hopeless than in reality; the mockery of duck-and-cover, the "barren wasteland" imagery in the movies, and the largely-discredited scientific theories like the "nuclear winter"... all helped to advance (otherwise noble) goals, but at the expense of teaching people that there's nothing they can do save themselves.
Plus, of course, after Cold War, we have fewer reasons to worry. It's hard to top the Cuban Missile Crisis. There's plenty of politicized hyperbole around nuclear tensions right now, but the reality is that a large-scale strike on the US is a lot less likely than throughout a good part of the 20th century.
PS. I have a short summary of NWSS and some other points about this topic (and other, more mundane but plausible hazards) in my "Doomsday Prepping for Less Crazy Folk" - http://lcamtuf.coredump.cx/prep/
[+] [-] nodesocket|8 years ago|reply
Besides the fear and chaos potentially caused to people in Hawaii there are financial implications if the stock market were open.
[+] [-] vtail|8 years ago|reply
[+] [-] Simulacra|8 years ago|reply
[+] [-] napsterbr|8 years ago|reply
[+] [-] JumpCrisscross|8 years ago|reply
[+] [-] subcosmos|8 years ago|reply
[+] [-] exabrial|8 years ago|reply
I'm hoping the withdrawal of exercises of the USA and peace talks actually get us somewhere, but we've been to the table 100 times, I don't see much changing.
[+] [-] dboreham|8 years ago|reply
[+] [-] Johnny555|8 years ago|reply
[+] [-] packetslave|8 years ago|reply
'rm -rf $HOME/ foo' vs 'rm -rf $HOME/foo'
[+] [-] ghaff|8 years ago|reply