Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 4 MINUTES AGO.
You are here: Home / Disaster Recovery / Bad UI Blamed for Fake Missile Alert
Lousy User Interface at Fault for Hawaii Missile False Alarm
Lousy User Interface at Fault for Hawaii Missile False Alarm
By Alex Hern Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
15
2018
A false alarm warning Hawaiians of an incoming ballistic missile on Saturday, was reportedly issued because of a "terribly designed" user interface.

The computer system that allows the Hawaiian Emergency Management Agency (HEMA) to send emergency alerts asks employees to select the type of alert that they are sending from a drop-down menu.

Among the options available are two for missile alerts, according to the Washington Post. One is labelled "test missile alert," which will test the notification system is working without actually sending an alert to the public.

The other is labelled "missile alert." Selecting that option will send an alert to every mobile phone in Hawaii, warning recipients to "seek immediate shelter" -- and specifically noting that "this is not a drill." That was the option the HEMA employee mistakenly selected.

It was, in fact, a drill. The one-word difference between the two menu options was easily overlooked, and there is only one other difference in the system between the test alert and the real thing: a confirmation prompt, which the employee also clicked through.

"This sounds like terrible user interface design to me," said computer security expert Graham Cluley. "Why have the genuine 'Jeez Louise! Freak out everybody!' option slap-bang next to one the harmless 'Test the brown alert' option?

"Even though the menu option still required confirmation that the user really wanted to send an alert, that wasn’t enough, on this occasion, to prevent the worker from robotically clicking onwards."

In the days since the alert, HEMA has made a number of tweaks to the computer system to prevent a repeat of the error. It has added a "cancellation button," allowing users to send a second alert over the same system that notifies recipients that the first was a false alarm. On Saturday, sending that second "false alarm" alert required extraordinary permission, delaying it for 38 minutes.

HEMA has also added a requirement for a second person to confirm the message to be sent, hopefully preventing the first from simply clicking through mistakenly.

"It was too easy -- for anyone -- to make such a big mistake," HEMA spokesman Richard Rapoza told the Post.

© 2018 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DISASTER RECOVERY

NETWORK SECURITY SPOTLIGHT
Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.