Hawaii Scare Was Bad But Be Prepared For More False Alerts Stating You’re About To Die
Adversaries will exploit vulnerabilities in U.S. emergency broadcasting systems and citizens will become less likely to trust messages from them.
As I am sure you have noticed by now, on Saturday, January 13th, 2017 Hawaii fell victim to a false alert of an incoming ballistic missile attack—you may even have found out about it from a push notification from a news site on your smart phone. Roughly 40 excruciating minutes passed between the horrifying blanket dispatch and one that rescinded it. In that time, an entire state sat comprehending their potential doom, waiting for the nuclear fire to arrive, and contemplating the reality of their own vulnerability.
What followed was absolute outrage over the incident and an avalanche of questions as to how this could have happened. It turns out it was caused by a simple shift change mistake at the Hawaii Emergency Management Agency, but the cold hard truth is that it isn't likely to be the last time something like this happens. In fact, it is probably only the beginning of a new age of such occurrences, and they won't necessarily come from our own government.
The emergency alert cascaded across Hawaii in an instant, and couldn't have been more on cue. The standoff between the U.S. and North Korea over the rogue state's nuclear and missile programs has reached a crescendo in recent months, and Pyongyang has proven that Hawaii is well within its reach if it decides to strike. Just six weeks ago, Hawaii tested its air raid sirens to warn of such attack for the first time in decades—the exercise acting as a harsh reminder of a new threatening and uncertain age. Meanwhile, there has been great buzz around the CDC's upcoming public brief on what to do during a nuclear attack—another sign of changing times—and relations with Russia, a country with thousands of nuclear weapons still in its inventory, continues to erode.
It's also worth noting that nowhere in the United States is the attack on Pearl Harbor less forgotten, and the idea that another surprise strike could occur, but this time by via a single or handful of ballistic missiles able to inflict the incredible destruction of nuclear blasts, is palpable.
Making things worse is that the Emergency Broadcasting System of yesteryear has given way to progressively more invasive emergency alert systems. Before the advent of the smartphone, one had to be actually engaged with broadcast media in order to be impacted by an alert. Nowadays these messages are pushed in an instant to our phones, which have become an extension of our anatomy, rarely within an arm's reach away. The widespread impact of such an alert messaging system is instantaneous, and because of the limited capabilities of the system as it sits today, it is also incredibly blunt.
In 2013 the Wireless Emergency Alert System (WEAS) was introduced, and by its very design it is incredibly rigid. The absolute best summation of WEAS and how it came to be was posted today by the Atlantic, I would highly suggest you give it a read, but basically this system relies of carefully worded, pre-formatted, and pre-approved messages that are 90 characters or less and have to be generated by specific equipment and software. So we are talking about getting across the basic nature of an emergency event quickly, not giving meaningful instructions on how to react to that event or anything in addition.
Those who preside over this clunky system can't just type in a new message on the fly, like "false alarm, there is no ballistic missile this way, that message was an internal error," the best they can do is stop the process of sending out more messages once it has begun. We got an idea of just how slow the process of generating a retraction is in this case, and that was under nominal conditions.
The fact that social media, which acts at lightning speed, exists among such a slow moving public messaging system only made things worse. This seemed to be a normal exchange during the event:
The fallout from the mistake has been severe, and rightfully so. For the average person living on the mainland who has never experienced something like this, it is simply hard to relate to the terror stirred-up by such an event. Governor David Ige stated the following:
“What happened today was totally unacceptable... Many in our community were deeply affected by this. I am sorry for that pain and confusion that anyone might have experienced.”
Shockwaves from this huge mistake are likely to ripple outward for months, but for now it serves as a stark reminder that false information and its relation to our smartphones doesn't just stop at "fake news" on Facebook.
America's enemies understand this very well and are very likely to take advantages in weaknesses in America's mobile networks to inject fear, mistrust, and confusion into the populace in the future. These are the lynchpins of Russia's "hybrid warfare" playbook and their campaign to affect America's political process during the 2016 election also sticks to these underlying tenets. Smartphones in particular are a ripe target for foreign actors, and especially Russia.
American troops operating in Eastern Europe during recent military exercises had their smartphones repeatedly broken into and jammed with all sorts outcomes being witnessed. Other allied troops had constant messages sent to their phones.
The War Zone reported recently:
These reports match up almost word for word with information the Asymmetric Warfare Group collected regarding the ongoing conflict in Ukraine. The unit explained in its December 2016 handbook on Russian New Generation Warfare that the hybrid strategy had effectively blended electronic and cyber warfare with psychological operations to disrupt Ukrainian military activities.
“Electronic warfare devices allow Russian Forces to broadcast … messages directly against opposing Ukrainian forces as discussed earlier with cellular text messages,” the manual explained. “These can be very specific and directed at individuals, such as by threatening their wives and children by name, or generic and sent to entire units as was the case in Ukraine.”
Kremlin-backed forces in Ukraine even coupled these unconventional assaults with conventional military operations. The Asymmetric Warfare Group described one instance where separatists, undoubtedly with Russian support, zeroed in on a Ukrainian position possibly by pinpointing its radio transmissions, hit it with artillery, then sent texts asking to their opponents “asking how they liked” the barrage.
Off the battlefield, armed with information scraped from phones and social media, Russia could make things especially personal, sending Ukrainian soldiers “text messages on their phone with threats against their families and accurate information of family locations,” according to the handbook. “Tactics such as this can have a tremendously negative psychological impact on young soldiers that are out of direct contact with their loved ones.”
The Asymmetric Warfare Group warned in the handbook that the potential for these problem was only likely to increase given that the incoming generation of American military personnel were “truly ‘digital natives’” who have spent their entire lives interaction with the internet and social media. The U.S. military would have to learn to balance this reality with the obvious need for operational security.
“Digital operational security violations now have strategic-level implications,” the unit’s handbook noted. “Never before has the actions of one lone individual been so visible and prone to manipulation by the adversary.”
The blending of electronic warfare and psychological warfare operations is clearly on the rise, and we are made vulnerable to it via our own reliance and misplaced confidence in the technology we rely on a daily basis—namely our smartphones and social media. And it's not just our devices that are vulnerable to cyber attack, the networks they operate on are also at risk. Making things worse, the public is woefully uneducated on the nature of the various federal alert systems or even how to discern the difference between an official message and a fake. Simply sending an official looking text to hundreds of thousands of people warning of an impending attack or disaster would likely have a similar effect as sending out an official message.
With this in mind, it's only a matter of time until these vulnerabilities are exploited in a grandiose fashion, and this is only more likely to happen as tensions with potential foes around the globe ratchet up.
It's also worth noting that these manipulations can also emanate from non-state actors and extremist groups. By their very nature they represent an asymmetric and low-cost way for an enemy to spread fear. Some would even argue that such a capability represents a near ideal terror weapon of the future—one where plausible deniability is far more obtainable than with a kinetic attack, and because nobody actually dies, a major response is unlikely. In other words, such an action is more likely to prompt a law-enforcement action than a traditional military one.
What's most concerning is that there have been countless examples in recent years of emergency broadcasting systems being hijacked or hacked by entities with nowhere near the power or the sophistication of a peer-state opponent or even a major international non-state actor. Many vectors exist for these attacks, and thankfully they have mainly been pranks, such as alerting certain regions to a potential zombie virus outbreak or the end of the world. Even setting off air raid sirens for hours at a time in a major metropolitan area has occurred. But the risk of far more harmful operations executed by international actors remains.
As we discussed in-depth over a year ago, voting days in American in particular are likely to be targeted for cyber attacks in the future. Sewing confusion and distrust, or capturing as many people's eyeballs on a day when everyone is already engaged with the media wouldn't be the only objective of such an operation. It isn't hard to imagine a capable and highly nefarious actor sending out a bogus emergency alerts to key counties on voting day in an attempt to sway an election.
The events over the last 36 hours in Hawaii have also spurred a lot of talk about past false alarms of impending nuclear attack. These have occurred on a military command and control level, and were horrifyingly prevalent during the Cold War, especially as computer technology was in its infancy and more was being demanded of it to support early warning systems than it was ready to provide. I highly recommend that your read Garrett Graff's outstanding book Raven Rock, which gives the complete story of America's emergency alert, early warning, command and control, and continuity of government systems. It also details some of the most egregious early warning errors that almost brought on doomsday without real cause. Fast forward to today and computer and remote sensing technology is far more up to the task of providing more reliable early warning capabilities. But even this seems to be on the cusp of changing as well.
The officially proposed changes to America's nuclear posture is a sign of a more dangerous world to come—one in which the average person will be far more susceptible to believing that a nuclear attack of some sort is possible or even underway at any given moment. Traditional forms of nuclear attack—submarine-launched and ground-launched ballistic missiles and strategic bombers carrying cruise missiles or bombs—are what America's early warning systems have been designed to detect in the post Cold War era. But new methods of nuclear weapons delivery stand to overcome established methods of detection, not to mention existing missile defense systems, and America's potential enemies are well on their way to fielding these capabilities.
These including hypersonic weapons of various types, which can fly at very high-speed within earth's atmosphere, and even maneuver dramatically on their way towards their targets. The reintroduction of road-mobile nuclear land attack cruise missiles is another major issue to contend with as they exhibit very little infrared plume during their boost phase, before continuing onto their target at low altitude. Even far more exotic weapons, like Russia's supposed "Kanyon" ultra long-range nuclear armed torpedo, which is a real thing based on the Pentagon's own analysis, shatters America's traditional strategic early warning systems mold.
As these weapon systems mature and become better known, they too will have a chilling effect on people's confidence in the emergency broadcast system's ability to reliably inform them of an incoming attack. And that's really what's at stake here—the public's trust in their government's ability to accurately communicate with them when it matters most. Considering these systems are how the President is suppose to address the nation during a major emergency situation (not just video or audio, but even using texts!), if the zombie alerts or false missile attacks can pop up at any given time, what's to say that what they are even hearing from President is real?
And this is why undermining American's emergency broadcasting capabilities will be an increasingly attractive target to enemy states and actors—by breaking the public's faith in this most basic form of communication, it helps erode their greater confidence in their government as a whole.
It's sad to say but times are changing in many negative ways. The technology we rely so heavily upon is rife with vulnerabilities and its exploitation will become a growing feature of everyday life. When also considering the changing global strategic equation, it's probably time the federal government start fresh with a new emergency alert system that takes social media and the fact that time and space has been "shrunk" by instant communication to virtually anywhere in the world on a individual level into account. And above all else, the system needs to be flexible enough to rapidly respond to changing situations, while also being firewalled from external tampering—especially the type that a teenage hacker can do from their parent's basement.
With all this in mind, maybe bringing in the best brains in social media product development together to find better solutions to this problem than what would come out of the clumsy federal government coming up with something on their own that is likely to be immediately obsolete, hard to evolve, and hugely expensive.
If anything else, what happened in Hawaii this weekend should serve as a dire warning that our government's ability to quickly communicate with the populace during a major crisis is woefully inadequate, and that needs to change, especially because the people's trust in what they are being told will become increasingly at stake.
Contact the author: Tyler@thedrive.com