Following the false missile alert in Hawaii on Jan. 13, Congress requested the inspector general (OIG) examine the Federal Emergency Management Agency’s (FEMA) role in the incident. As part of this review, OIG sought to determine whether FEMA exercises appropriate oversight of the Integrated Public Alert and Warning System (IPAWS) used to send alerts to the public.
Originally designed so the president could alert and warn the American people within 10 minutes of a national emergency, FEMA further expanded IPAWS so other federal, state, local, tribal, and territorial authorities could send alerts and warnings to the people within their specific jurisdictions. The IPAWS Modernization Act of 2015 (Modernization Act) further defined FEMA’s role as the federal agency responsible for the public alert system. Specifically, the act directed FEMA to, among other things, establish common alerting and warning protocols, standards, terminology, and operating procedures; and conduct training, tests, and exercises for the system.
IPAWS aggregates alert and warning messages from federal, state, local, tribal, and territorial authorities – known as alerting authorities – and delivers them to the American public through various communication methods, such as radio and television broadcasts, cellular phone messages, and Internet applications. As of February, 1,030 alerting authorities, including city and county governments, sheriff’s offices, emergency management offices, and police departments, could send alerts to the public. Alerts are sent for various reasons, including law enforcement situations; evacuation or shelter-in-place circumstances; extreme weather conditions; child abductions; or natural disasters, like earthquakes or wildfires. From April 2012 through Jan. 17, 2018, authorities sent more than 36,000 alerts to cell phones and radio and televisions stations. Ninety-six percent of the messages were weather alerts.
On Jan. 13, the Hawaii Emergency Management Agency (HI-EMA) mistakenly issued an alert through IPAWS to individuals in Hawaii warning them of an inbound ballistic missile. The alert displayed on cell phones and was broadcast live on television and radio, resulting in widespread panic throughout Hawaii for 38 minutes, until HI-EMA sent out a notice that the alert was a false alarm.
After examining FEMA’s roles and responsibilities in the public alert and warning process, OIG concluded that FEMA has limited responsibility for the sending and canceling of state and local alerts. Although FEMA maintains IPAWS as a messaging platform, state and local alerting authorities must obtain commercially-available emergency alert software to generate a message which passes through IPAWS for authentication and delivery. However, OIG found that FEMA does not require that this software perform functions critical to the alerting process, such as the ability to preview or cancel an alert. Instead, FEMA only recommends that software vendors include these capabilities as “best practices.” FEMA also does not require that software vendors provide training to alerting authorities on how to use their chosen software. As a result, alerting authorities have experienced difficulties in various aspects of the alerting process.
To strengthen its oversight role, OIG recommends that FEMA requires software vendors to include critical functions in their proprietary emergency alerting software. In addition, software vendors should provide training on system functionality and capabilities to alerting authorities. FEMA has formally concurred with both recommendations and the estimated completion date for the new measures is Oct. 31, 2019.