WASHINGTON — A false missile alert that sent thousands of Hawaii residents into a panic earlier this year exposed shortcomings in oversight of the federal warning system used to inform citizens about everything from flash floods to child abductions.

The U.S. Department of Homeland Security Inspector General issued a report last week that reviewed the Federal Emergency Management Agency’s role in the Hawaii debacle, and found that improved contractor oversight and training could prevent similar mistakes in the future.

At issue is FEMA’s Integrated Public Alert Warning System, otherwise known as IPAWS, that is used by state and local agencies to alert citizens of potential hazards.

Screen shot

According to the report, FEMA is responsible for maintaining IPAWS, but it is not responsible for the third-party software that is used to a generate a warning message.

That part is left up to the local alerting authority, which in the case of Hawaii’s false missile warning was the Hawaii Emergency Management Agency.

The inspector general found that FEMA doesn’t require software vendors to include functions that it described as “critical to the alerting process,” such as the ability to preview a message before it is sent or cancel an alert after it’s been issued. FEMA only recommends that vendors include the capabilities as best practices.

Another concern, according to the inspector general, is that FEMA does not mandate that vendors provide training to the alerting authorities on how to use the software.

While neither issue was at play during the Jan. 13 false missile alert in Hawaii, the inspector general found several examples across the country in which mistaken warnings were issued or not disseminated properly.

For example, in June 2017, authorities in Florida tried to send an Amber Alert to 54 counties via IPAWS but were unaware that the software only allowed dissemination to a maximum of 31 locations at a time. That meant 23 locations were not notified.

A similar problem happened in Texas during Hurricane Harvey. Two counties were unable to send public alerts due to inadequate training and needed FEMA to issue the warnings on their behalf.

FEMA agreed with the inspector general’s findings and agreed to improve its vendor protocols to require software training and full functionality so that messages can be previewed and recalled.

The report makes clear that Hawaii officials were to blame for sending out the false missile alert in the first place. It also notes through the use of a timeline that the Hawaii Emergency Management Agency waited longer than necessary to cancel its initial warning.

At 8:07 a.m., HI-EMA officials sent out the following message: “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.” It was broadcast on radio and television stations as well as sent directly to cell phones.

Officials cancelled the alert at 8:12 a.m., which cut off the broadcast transmissions and stopped sending text messages to cell phones.

They did not immediately send out another alert saying that the warning was false. Instead, at 8:26 a.m. officials with HI-EMA tried to contact FEMA, which did not pick up.

Nick Grube/Civil Beat

Four minutes later, at 8:30 a.m. a second attempt was made to contact FEMA. An official with the federal agency then helped the state issue a new message indicating that the ballistic missile threat was not real.

That message did not go out until 8:45 a.m., nearly 38 minutes after the initial warning.

According to the report, state officials initially said they needed authorization from FEMA to issue the all-clear, which was not actually the case. State officials could have issued the false alert message without any input or guidance from FEMA if they chose.

“While the false alarm message was at the full discretion of HI-EMA, officials decided to delay sending the message until after HI-EMA employees contacted FEMA,” the report said.

“We interviewed HI-EMA personnel who indicated that while they understood they did not need FEMA’s permission to send the false alarm message, they felt it prudent to seek advice and guidance on the appropriate message type because of the severity of the original alert.”

The report added that HI-EMA officials said if they didn’t hear back from FEMA they would have issued a follow-up message on their own.

U.S. Sen. Mazie Hirono, who called for the DHS inspector general’s review after the false missile alert, said in a statement that the review provided “much needed answers,” not just for Hawaii but the nation as a whole.

“The inadequate safeguards found in the report are unacceptable and I will closely monitor FEMA’s progress in implementing the Inspector General’s recommendations to ensure such an incident never happens again in Hawaii, or in any other state that utilizes an emergency alert system,” she said.

Hirono is a co-sponsor of legislation authored by U.S. Sen. Brian Schatz to give sole authority of issuing missile alerts to the federal government.

The bill, called the ALERT Act, passed the Senate unanimously in June and is awaiting action in the House of Representatives.