The Hawaii Missile Warning And IT Security

It’s one of the worst things you can wake up to.

In fact, it’s one of the most terrifying things imaginable.

You’ve just gotten out of the shower in the morning, and are squeezing a line of toothpaste out of the tube. You’re making sure your hair looks good for the day, and are about to step out the door when your phone goes off.

It’s probably your spouse, or one of your kids, or an impatient co-worker, you think. But you check it anyway.

You reach into your pocket and open it up. And then you see this:


What do you do?

This is a real situation that happened to the people of Hawaii on January 13th, 2018. The alert was also broadcast over TV and radio.

38 minutes later, a second message went out informing everyone that it was a “false alarm”.

What happened? Why did this false alarm go out to the public? And what can this incident teach us about IT security?

Read on to find out.

What Happened?

Vern Miyagi, the administrator of Hawaii's Emergency Management Agency and a retired US Army Major General, told CNN in an interview that "it's my responsibility, so this would be my fault."

According to Miyagi, what happens was that an employee essentially pushed the wrong button during a shift change. "It was a procedure that occurs at the change of shift where they go through to make sure that the system [is] working."

Essentially, a simple example of human error, and not a hack or an attack from any foreign government.

The Hawaiian government has announced they are taking measures to ensure this never happens again, but one can imagine this could have gone a whole lot worse.

During those 38 minutes between the original announcement and the second, could we have gone to war with another country?

Could we have launched our own missiles at the most likely target in retaliation for an attack that didn’t exist in the first place?

Could one person’s clumsy fingers have caused untold numbers of innocent people to die for no reason?

Thankfully, this didn’t happen. We should all be thankful it didn’t.

The Reality Of Security

When it comes to security, nothing is more important than national security. And while missile defense is obviously different than IT security, there are some overlaps.

The truth is, the most common reason why cyber security breaches occur are a result of human error.

It’s just easier for most attackers to exploit a weak password or a common login name than it is to break through a layer of digital security.

To make an analogy, it’s easier to break into a house by picking a lock than it is to cut a hole in the wall beside it.

But if human error was the cause of the Hawaii missile alert, the Hawaiian government has some deeper issues with their staff.

Take, for example, the following photo. This was taken last July by the Associated Press.


Take a look at the monitors displayed, and notice the two Post-It Notes stuck to the monitors.

What’s written on them? Shockingly enough, the password to an account.


The people in charge of Hawaii’s Emergency Management Agency leave their passwords on Post-It notes attached to their monitor for anyone to find.

This should be deeply disturbing to anyone with an understanding of IT security.

What Can Your Company Learn From This?

There are a number of key lessons you can learn from the Hawaii Emergency Management Agency situation. Here are three of them.

Whether you run a small organization, a multinational corporation, a government agency, or even a one-person show, these tips can help you improve your IT security.

1. Have A Complex Password Policy

Everyone likes to set their own passwords. And everyone likes their password to be nice and simple so they can remember them.

Thing is, the easier your password is to remember, the easier it is to crack.

According to the Oxford Dictionary, there are 171,476 words in the English language currently, not including archaic words that have fallen out of use. And since the average computer can attempt millions of passwords per second, using a dictionary word leaves you incredibly vulnerable.

The longer a password is, too, the safer. There are 128 different characters on a standard English language keyboard, which means if your password is a single character, there are 128 possible combinations. If it is two characters, there are 128x128 different possible combinations, or 16384. Three characters, and it’s 128x128x128, or 2097152 possible combinations.

Take this to 12 characters, and you’ve got 19342813000000000000000000 different possibilities, or more than 19 septillion different possible passwords. To put that in perspective, it’s estimated that there are about 300 sextillion stars in the observable universe, give or take a few.

The longer, more complex, and more uncommon your passwords are, the securer they will be.

2. Store Your Passwords Securely

If you have a complex password, you’ll need to make note of it somewhere. So what better place than your computer monitor, right? After all, it’s right where you need it whenever you need it.

But that’s the thing – it’s right where anyone needs it.

You may not be taking press photos near your desk, but having your password written on a piece of paper near your desk is not secure. Essentially, it removes that password for anyone using that computer.

So where do you store your passwords? One safe option is to use a password management software, like Keeper Security or Zoho Vault. These apps are designed to keep your passwords secure behind a single password on its own. And since most people seem to have an easier time remembering a single password than they do dozens of them, these apps can be helpful.

3. Act Quickly To Fix Errors

According to a story from the New York Times, Hawaii governor David Ige was informed within two minutes after the alert was sent out that it was a false alarm. This must mean the rest of the team knew about it even before the governor.

And yet, it took them 38 minutes to alert the public that it was a false alarm.

Had the government reacted more quickly, they could have prevented a lot of the panic that gripped the state of Hawaii. They also could have saved some (but by no means all) of the embarrassment caused by this incident.

When it comes to announcing security errors, it’s best to act quickly and decisively, informing the public as soon as possible. The CEOs of many companies that experience data breaches often wait weeks or even months before announcing the breach, and that will only make things worse.

The sooner you can respond to a data breach or other security issue, the better prepared your brand will be to weather the incoming storm.

Contact 1st Secure IT

You may not be in charge of missile defense, but by applying these lessons to your own business, you can avoid being caught in a similarly embarrassing situation.

To find out how 1st Secure IT can help you improve your own level of security, contact us today and book a consultation with one of our experienced IT security specialists.

1st Secure IT

4613 N. University Drive #323
Coral Springs Florida
(866) 735-3369

Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough

How Bitcoin Is Changing The World Of IT Security
How To Recognize A Phishing Email


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 August 2019

If you need help getting started... Contact Us!