Hawaii false alarm is a real warning: Strengthen cybersecurity now

Over the weekend, Hawaii was sent into 38 minutes of complete chaos, as residents and visitors were wrongly led to believe that a ballistic missile was en route to impact in the 50th state.

According to the state government, a Hawaii Emergency Management employee mistakenly sent out the erroneous warning blast.

"It was a mistake made during a standard procedure at the change over of a shift, and an employee pushed the wrong button," said Hawaii Governor David Ige. The employee has reportedly been reassigned, but his or her name has not been made public.

Just days later, on the heels of the Hawaii incident, Japan’s NHK (the largest public broadcaster in Asia) sent out a false missile alert claiming that a North Korean missile was imminently inbound. NHK apologized for the error, but has not yet explained how it came to occur.

There is no reason to doubt that both incidents could have resulted from grossly irresponsible human error. However, we can’t discount the possibility that North Korea has the capability to hack these systems in the future and use them to their benefit in terrorizing Americans, without having to test-fire one of their ballistic missiles. A combination of poor cybersecurity practices and a continually advancing North Korean cyber-warfare program may lead to a future in which such “false alarms” are initiated by U.S. adversaries.

Some have pointed out on social media that the Hawaii state emergency management system has absurdly poor information security procedures. In a July 2017 Associated Press story titled, “Hawaii Prepares for ‘Unlikely’ North Korea Missile Threat,” one of the photos of the facility shows a sticky note with what appears to be a password for one of the alert system computers.

Despite North Korea’s reputation as a Stalinist regime that uses all of its cash for kinetic military expenditures while starving its population, Pyongyang is heavily invested in the cyber realm. While the vast majority of North Koreans have zero access to basic internet technologies that are available to most of the developed world, North Korean “Supreme Leader” Kim Jong Un’s regime has quietly developed a sophisticated cyber warfare arsenal.

Over the years, North Korean cyber warriors have demonstrated the capability to launch sophisticated attacks against U.S. government agencies and private companies.

In 2014, North Korean defector Jang Se-yul told CNN that he believes North Korea has at least 1,800 military personnel dedicated to cyber warfare. According to Jang, they work at a top secret agency called Bureau 121, which is charged with conducting “cyberattacks against overseas and enemy states.” North Korea’s cyber capabilities may be “more real and more dangerous” than its nuclear weapons program, he warned at the time.

And in December, Tom Bossert, the homeland security adviser to President Trump, labeled North Korea “directly responsible” for the “WannaCry” worm that infiltrated U.S. banks, corporations, and hospital networks.

Not only is North Korea becoming more and more of a nuclear menace, the Kim regime is a difficult target to hit in cyberspace as well. While Pyongyang can continue to launch offensive cyber attacks, a U.S. cyber offensive against North Korea probably wouldn’t be effective, given the fact that most of the country’s critical infrastructure remains part of an offline network.

The Hawaii incident should serve as a warning to state governments that while this particular affair can be chalked up to an employee mishap, we must make sure to guard against adversaries infiltrating emergency warning systems, resulting in the type of mass panic seen in Hawaii over the weekend.

#mc_embed_signup{background:#fff; clear:left; font:14px}

/* Add your own MailChimp form style overrides in your site stylesheet or in this style block.

We recommend moving this block and the preceding CSS link to the HEAD of your HTML file. */