Over the weekend, Hawaii was sent into 38 minutes of complete chaos, as residents and visitors were wrongly led to believe that a ballistic missile was en route to impact in the 50th state.
“‘I called my mom, I called my dad, I called my brother & basically said my goodbyes.’” A ghastly manifestation of the threat that actually exists every second of every day. Adversaries’ nukes are trained on us, ours on them, ready to fly in minutes. https://t.co/KVTQOqlvGG
— Dan Zak (@MrDanZak) January 14, 2018
According to the state government, a Hawaii Emergency Management employee mistakenly sent out the erroneous warning blast.
“It was a mistake made during a standard procedure at the change over of a shift, and an employee pushed the wrong button,” said Hawaii Governor David Ige. The employee has reportedly been reassigned, but his or her name has not been made public.
Just days later, on the heels of the Hawaii incident, Japan’s NHK (the largest public broadcaster in Asia) sent out a false missile alert claiming that a North Korean missile was imminently inbound. NHK apologized for the error, but has not yet explained how it came to occur.
There is no reason to doubt that both incidents could have resulted from grossly irresponsible human error. However, we can’t discount the possibility that North Korea has the capability to hack these systems in the future and use them to their benefit in terrorizing Americans, without having to test-fire one of their ballistic missiles. A combination of poor cybersecurity practices and a continually advancing North Korean cyber-warfare program may lead to a future in which such “false alarms” are initiated by U.S. adversaries.
Some have pointed out on social media that the Hawaii state emergency management system has absurdly poor information security procedures. In a July 2017 Associated Press story titled, “Hawaii Prepares for ‘Unlikely’ North Korea Missile Threat,” one of the photos of the facility shows a sticky note with what appears to be a password for one of the alert system computers.
The entire warning operations staff of Hawaii needs to be fired. Password left out in the open, photographed for news article…bad password too. Why are top gov officials so bad with passwords and e-mail servers? https://t.co/eOVx10S0Gf
— Mark Kern (@Grummz) January 16, 2018
In a one-two punch of terrible, an AP story from last year had photos, seemingly now removed, of Hawaii Emergency Management computers with passwords visibly written on sticky notes. The Gateway Pundit noticed yesterday and explicitly stated the password in their story. pic.twitter.com/tyidkSlTPa
— Kevin Collier (@kevincollier) January 16, 2018
Despite North Korea’s reputation as a Stalinist regime that uses all of its cash for kinetic military expenditures while starving its population, Pyongyang is heavily invested in the cyber realm. While the vast majority of North Koreans have zero access to basic internet technologies that are available to most of the developed world, North Korean “Supreme Leader” Kim Jong Un’s regime has quietly developed a sophisticated cyber warfare arsenal.
Over the years, North Korean cyber warriors have demonstrated the capability to launch sophisticated attacks against U.S. government agencies and private companies.
In 2014, North Korean defector Jang Se-yul told CNN that he believes North Korea has at least 1,800 military personnel dedicated to cyber warfare. According to Jang, they work at a top secret agency called Bureau 121, which is charged with conducting “cyberattacks against overseas and enemy states.” North Korea’s cyber capabilities may be “more real and more dangerous” than its nuclear weapons program, he warned at the time.
And in December, Tom Bossert, the homeland security adviser to President Trump, labeled North Korea “directly responsible” for the “WannaCry” worm that infiltrated U.S. banks, corporations, and hospital networks.
Not only is North Korea becoming more and more of a nuclear menace, the Kim regime is a difficult target to hit in cyberspace as well. While Pyongyang can continue to launch offensive cyber attacks, a U.S. cyber offensive against North Korea probably wouldn’t be effective, given the fact that most of the country’s critical infrastructure remains part of an offline network.
The Hawaii incident should serve as a warning to state governments that while this particular affair can be chalked up to an employee mishap, we must make sure to guard against adversaries infiltrating emergency warning systems, resulting in the type of mass panic seen in Hawaii over the weekend.