FEMA Agrees to Make Vendors Change Emergency Alert Software
FEMA concurred with both recommendations in the DHS inspector general's report but said it expects to complete its work on both on Oct. 31, 2019.
The U.S. Department of Homeland Security's inspector general has produced a report after examining FEMA's role in a false missile alert in Hawaii on Jan. 13, 2018. The report recommends that FEMA have its vendors make changes in their emergency alert software, and the agency has agreed with that recommendation.
The report, "FEMA's Oversight of the Integrated Public Alert & Warning System (IPAWS)," is dated Nov. 19. Congress asked the inspector general's office to examine FEMA's role in the alert, in which IPAWS was activated. The Hawaii Emergency Management Agency sent a text alert Jan. 13 to most cellphones in the state warning of an incoming ballistic missile attack and advising, "This is not a drill." The alert was broadcast live on TV and radio stations, resulting in "widespread panic throughout Hawaii" for about 38 minutes -- the time it took the state agency to send out an official announcement retracting the false alarm, according to the IG's report.
FEMA maintains IPAWS, but state and local alerting authorities must obtain commercially available emergency alert software, according to the report, which says FEMA does not require that the software perform some functions that are critical to the alerting process, such as the ability to preview or cancel an alert. Instead, FEMA recommends that software vendors include those capabilities as a best practice.
That's one of the recommendations, to require vendors to include critical functions, which FEMA already identified in 2015 and 2018, in their proprietary emergency alerting software. The second recommendation is that FEMA require software vendors to provide training on system functionality and capabilities to alerting authorities. FEMA concurred with both recommendations but said it expects to complete its work on both on Oct. 31, 2019.
The report includes a timeline of the Hawaii alert. It shows that the Hawaii Emergency Management Agency cancelled it seven minutes after the alert was initiated by a night-shift supervisor, but did not send out a second alert clarifying that the original was a false alarm for another 33 minutes. During that time, the state agency tried twice to contact FEMA, succeeding on the second attempt and being given correct procedures for issuing a false alarm message.