Written Statement of Nicole McGinnis Deputy Chief, Public Safety and Homeland Security Bureau Federal Communications Commission “Hawaii False Missile Alert: What Happened and What Should We Do Next?” Before the Committee on Commerce, Science and Transportation U.S. Senate Thursday, April 5, 2018 1Good morning Senator Schatz and members of the Hawaii Congressional delegation, and thank you for the opportunity to testify before you today. The false alert warning of an imminent ballistic missile attack issued on January 13th by the State of Hawaii was unacceptable. It resulted in widespread panic, which was exacerbated by a delay of nearly 40 minutes before a correction was issued through proper alerting channels. False alerts like this one can shake the public’s trust in alert messaging, and ultimately jeopardize the public’s safety in times of real emergency. But as unfortunate as this incident was, alert messaging remains an essential tool for protecting the lives of all Americans. The Commission is committed to doing everything within its legal authority, and in coordination with our federal, state, and local partners, to ensure that our nation’s alert messaging tools are available and used properly when they are needed most. The Commission acted swiftly in the wake of this incident in Hawaii to open an investigation into the matter. Since this Committee’s hearing on January 25, the Bureau presented its preliminary findings to the Commission on January 30 and submitted that presentation to this Committee for the record. As part of its investigation, the Bureau has coordinated with the Hawaii Emergency Management Agency (HI-EMA), the Federal Emergency Management Agency (FEMA), and industry and has conducted many interviews with stakeholders. The Bureau is finalizing its final report and expects to release it in the near future. We would be pleased to submit that report in its entirety to the Committee upon its release. The final report will provide an analysis of the facts gathered from our independent investigation and will incorporate facts developed in a separate report prepared by HI-EMA. We expect that the final report will confirm the Bureau’s preliminary findings: The false alert in Hawaii and HI-EMA’s delay in correcting it was due to a combination of human error and the lack of effective operating procedures and safeguards. In my testimony today, I’d like to highlight some of the final report’s anticipated key findings and lessons learned. First, human error occurred on many levels. For example, one error was the use of a recording to initiate the drill that contained the text of an EAS message for a live ballistic missile alert, including the language, “THIS IS NOT A DRILL.” While the recorded message also contained the language “EXERCISE EXERCISE EXERCISE,” the employee tasked with issuing the alert submitted a written statement to HI-EMA stating that he mistakenly believed the exercise was, in fact, a real event. This failure to hear and/or properly understand the instructions indicating the exercise was a test was clear human error. Another error was the result of miscommunication between the outgoing and incoming shift supervisors as to which shift would perform the test during the shift change. The midnight shift supervisor did not provide the day supervisor with written notice of the test, and only mentioned it to the day supervisor minutes before the drill was conducted. The day shift supervisor assumed that the drill would be run by the midnight shift, and did not understand that the drill would involve the day shift. Because of this miscommunication, the day shift supervisor was not in the watch center at the time of the drill, and it was conducted without supervision. 2Second, the procedures to prevent or correct the false alarm were not adequate. For example, HI-EMA lacked procedures to prevent a single person from mistakenly issuing a live missile alert. Given that the employee issuing the alert was the only one under the mistaken impression that the event was real, requiring sign off of a second warning officer would have prevented the false alert. Equally significant, the checklist used during the January 13 exercise lacked any protocol for correcting a false alert with an “all clear” or similar message to the public. Clear protocols for not just cancellation, but also for prompt correction of a false alert over the same systems used to issue the alert would have reduced the public panic that ensued in the extensive time following the false alert. The final report will also detail the Bureau’s findings with respect to the how the emergency alert system (EAS) participants and participating wireless emergency alert (WEA) providers transmitted the message. The majority of EAS participants received the alert within seconds and retransmitted it. From a technical perspective, this was exactly as the system is designed to work. Those that did not relay the alert did not have their equipment set to “auto-forward” the message, which we understand is being addressed and that such messages will now be auto- forwarded going forward. The four nationwide wireless carriers offering service in Hawaii also received and transmitted the WEA alert within seconds. Neither EAS nor WEA is designed such that a carrier or participant would have the discretion to question whether an alert was erroneous. Although reports suggest that some consumers did not receive the alert, there are several reasons why this might have been the case, including lack of access to a wireless signal or having the device powered off during the time the alert was sent and cancelled, which would have impacted the receipt of the message. In addition, some handsets are not WEA capable, and consumers may also opt out of non-Presidential alerts. None of these are flaws in the operation of the system. The most important outcome of this investigation, however, is the identification of lessons learned and best practices to prevent this type of a mistake from occurring in the future. In this respect, the final report will offer recommendations to state, local, Tribal, and territorial emergency alert originators and managers to minimize the risk of similar incidents occurring in the future. HI-EMA is already implementing or has implemented many of these anticipated recommendations. Among others, these recommendations will include: ? Conducting regular internal tests in a controlled and closed environment, such as the FEMA’s Integrated Public Alert and Warning System (IPAWS) Test Lab. This will enable staff to maintain proficiency with alerting tools and to exercise plans and procedures in a manner that does not affect the public; ? Requiring more than one credentialed person to validate message content prior to transmission of high-impact alerts that affect a significant percentage of the population; ? Implementing specific upgrades to alerting software to separate live environments from test environments, including clearer prompting language distinguishing live and test messages; ? Developing and memorializing standard operating procedures for responding to false alerts within their jurisdictions, including specifying that corrections to false 3alerts must be issued over the same systems used to issue the false alert, including the EAS and WEA, as well as other available means; and ? Consulting with state emergency communications committees (SECCs) on a regular basis—at least annually—to ensure that EAS procedures, including initiation and cancellation of actual alerts and tests, are mutually understood, agreed upon, and documented in the State EAS Plan. The final report will also make recommendations addressing the incorporation of social media within standard operating procedures, notifying the media of false alerts, establishing redundant lines of communications, and use of priority communications tools. The Bureau intends to follow up on these recommendations by engaging in additional outreach, in coordination with our partners at FEMA, to encourage the use of these best practices, including a planned webinar and roundtable. Finally, the Commission continues to work to improve EAS and WEA. For example, the Commission recently adopted new rules that require State EAS Plans be updated annually and be filed in a streamlined electronic database, the Alert Reporting System. By replacing paper-based filing requirements and coordinating State EAS Plan information in this manner, administering the EAS at the state level will be more clear and consistent. We hope to release that item soon. Again, I thank you for the opportunity to testify before you today and look forward to any questions you may have.