- A false alarm was broadcast to Hawaii on Saturday warning of an inbound missile.
- In the days following the alert, people discovered that a photo taken in Hawaii’s Emergency Management Agency for a newspaper article in July includes a sticky note with a password on it.
- Hawaii says the false alarm was because an employee “pushed the wrong button,” not because it was hacked, but the photo sparked criticsm from the security industry about the general level of security at the agency.
Over the weekend, people who lived in Hawaii were awakened by a terrifying false missile alert1 . It turned out that it was a “mistake2,” according to Hawaii’s Emergency Management Agency, which said that the emergency system had not been hacked . Instead, the agency said a worker had clicked the wrong item in a drop-down menu3.
“It was a mistake made during a standard procedure at the change over of a shift, and an employee pushed the wrong button,” Hawaii Gov .
David Ige said.
But a photo from July4 recently resurfaced on Twitter raises questions about the agency’s cybersecurity practices . In it, Hawaii EMA’s current operations officer poses in front of a battery of screens.
Attached to one of the screens is a password written on a post-it note.
Jeffrey Wong, the Hawaii Emergency Management Agency’s current operations officer, shows computer screens monitoring hazards at the agency’s headquarters in Honolulu on Friday, July 21, 2017 . Hawaii is the first state to prepare the public for the possibility of a ballistic missile strike from North Korea. AP
Hawaii’s EMA didn’t immediately respond to a request for more information.
While these computers are likely different from the system that sent the false missile alert, the photo does raise questions about the general approach to security at the agency that may have led to the scary situation on Saturday. (On the other screen, a post-it note reminds the user to “SIGN OUT.”)
Writing down passwords isn’t a strict security no-no, with some security experts suggesting that keeping a hard copy of a password in your wallet is a defensible decision if you can keep the piece of paper secure5 . Obviously, a post-it note on a monitor is not secure, especially if it’s protecting computer systems dedicated to keeping people safe.
Here’s what the Hawaii EMA system that sent the false alert on Saturday looks like:
- ^ a terrifying false missile alert (www.businessinsider.com)
- ^ mistake (www.businessinsider.com)
- ^ in a drop-down menu (www.washingtonpost.com)
- ^ a photo from July (www.apimages.com)
- ^ you can keep the piece of paper secure (www.schneier.com)
- ^ already drawn (twitter.com)
- ^ some ridicule (twitter.com)
Pope Francis walks with Chilean President Michelle Bachelet as he arrives at the international airport in Santiago, Chile (CNS photo/Paul Haring)
Multiple churches were firebombed days before the Pope’s arrival
Pope Francis arrived in Santiago, the first stop on a seven-day, six-city visit to Peru and Chile. Arriving in Santiago after more than 15 hours in the air, Pope Francis was greeted by Chilean President Michelle Bachelet and a young Chilean girl . He told the crowd he was happy to be in Chile, and he blessed the workers at the airport before being transported to the papal nunciature, where he will stay the three nights he is in Chile. On January 17, the Pope will travel to Temuco and meet with residents of the Mapuche indigenous community . Members of the Mapuche have called for the government to return lands confiscated prior to the country s return to democracy in the late 1980s.
Chile won t be too difficult for me because I studied there for a year and I have many friends there and I know it well, or rather, well enough .
Peru, however, I know less . I have gone maybe two, three times for conferences and meetings, the Pope told journalists aboard the papal flight.
There was no mention of the increased security for the Chilean visit . Three days earlier, several Chilean churches were firebombed, and police found other, unexploded devices at two other churches in Santiago . Some of the pamphlets included the phrase, The next bombs will be in your cassock and spoke of the Mapuche cause. Before flying to Peru January 18, Pope Francis will visit Iquique, where he will celebrate Mass on Lobito beach.
In Peru January 18-21, he will visit Lima, Puerto Maldonado and Trujillo. He will also meet with the indigenous people of the Amazon during his visit to Puerto Maldonado . The Amazon rainforest includes territory belonging to nine countries in South America and has experienced significant deforestation, negatively impacting the indigenous populations in the area and leading to a loss of biodiversity. In both countries, he will work to restore trust and encourage healing after scandals left many wounded and angry at the Catholic Church.
Shortly after take-off from Rome, Greg Burke, Vatican spokesman, distributed a photo card the Pope wished to share with journalists aboard his flight from Rome. The photo depicted a young Japanese boy shortly after the bombing in Nagasaki, waiting in line, carrying his dead baby brother on his back to the crematorium . On the back of the card, the words The fruit of war were written along with Pope Francis signature. Before greeting each of the 70 journalists, the pope said that he found the photo by chance and was very moved when I saw this.
I could only write the fruit of war .
I wanted to print it and give it to you because such an image is more moving than a thousand words, he said. Responding to a journalist s question about nuclear war, Pope Francis said: I think we are at the very limit . I am really afraid of this . One accident is enough to precipitate things. The Peru-Chile trip is Pope Francis fourth to South America .
In July 2013, he visited Brazil for World Youth Day . In July 2015, he travelled to Ecuador, Bolivia and Paraguay . His trip to Colombia in September was his third visit to the continent as Pope.
Announced in the summer of 2017, the UK government s National Security Capabilities Review1 (NSCR) led by the National Security Adviser Mark Sedwill is supposed to examine the policy and plans across government to deliver the national security strategy and to ensure that investment in the necessary capabilities is efficient and effective. The Review includes thirteen strands, but it is the defence strand that has received the most media attention . In part, this reflects the very real challenge of managing the defence budget which, while the details are disputed, remains unaffordable.
A raft of new capabilities is planned to be brought into service, including advanced armoured fighting vehicles, frigates, fast jets and maritime patrol aircraft the costs of some of which have been negatively affected by changes in the sterling dollar exchange rate. While there are some calls for an increase in defence spending to reflect the new range of threats, given the position of the Conservative government on public spending and other priorities, such as health and education, an increase seems extremely unlikely. Inevitably when resources are limited, this sparks competition between the individual services and this has been reflected in the leaking of developing plans from the Ministry of Defence (MoD) and interventions by recently retired senior ex-service personnel.
What appears to be absent is any meaningful conversation around the defence contribution to the homeland Part of the problem is that the MoD and government have kept the review close to their chest, which provides a space for both speculation and advocacy . The baseline remains that established in the 2015 National Security Strategy and Strategic Defence and Security Review (NSS and SDSR), which recognises threats including terrorism both overseas at home and the resurgence of state-based threats, most notably that from Russia.2
Thus, it might be argued that UK defence needs to focus on capabilities that are expeditionary in nature, whether that is to contribute to international efforts to counter terrorism in Africa, the greater Middle East and elsewhere or to participate in deterrent efforts in Europe alongside NATO allies. Indeed, much of the public debate has been around these sorts of capabilities, whether it is the necessity to maintain a fleet of amphibious shipping to allow the UK to deliver a force across a beach or the future of 3 Commando Brigade and 16 Air Assault Brigade, the primary elements of an early-entry capability. However, what appears to be absent is any meaningful conversation around the defence contribution to the homeland.
Over the past two decades, the UK armed forces have largely been involved in counterinsurgency and related counter-piracy and counter-proliferation operations . These have had an impact in the home base in the form of a series of terrorist attacks. However, apart from the temporary deployment of armed personnel on UK city streets to protect key facilities under Operation Temperer3, the criminalisation of domestic terrorism means this is largely distanced from the military effort.
More routinely, Royal Air Force Typhoons and Royal Navy ships maintain the integrity of the UK s airspace and territorial waters, with the latter also making a substantial contribution to fishery protection . This last task is likely to become even more challenging with Brexit. In addition, the armed forces are often called upon to assist the civilian authorities in the event of crises, whether strike action by fire fighters or fuel tanker drivers, or flooding or other natural disasters, such as the outbreak of foot and mouth disease . However, despite these significant contributions, the apparent focus remains substantially on the need for expeditionary capabilities. The risks extend beyond cyber attacks to acts of sabotage, as well as the threat from ballistic and cruise missiles While the current tension with Russia is not a repeat of the Cold War, it is worth reflecting that the military role in homeland defence was much more explicit at that time . The UK had a key role as a base for US forces operating in support of NATO, and as an entry point for reinforcements coming from North America. There was a very effective system in place that understood the key points in the critical national infrastructure and the role for the military in protecting those, and which integrated national and local government with the military and civilian agencies. Understandably, given the lack of a substantive threat to the homeland, much of this system has become moribund and defining what comprises the critical national infrastructure has changed substantially since the end of the Cold War with the advent of the information age.
While not a full-scale security and defence review, the NSCR would seem a heaven-sent opportunity for the UK to rediscover the importance of homeland defence In her Mansion House speech in November 2017, Prime Minister Theresa May reflected on Russia s and others challenge to the UK . She noted the way in which the information age had provided opportunities for those who wished to destabilise the UK to do so at a distance whether through interfering in political processes or indeed threatening that critical national infrastructure through malicious activity in cyberspace.4
This was also reflected in a speech at RUSI by Chief of the Defence Staff Air Chief Marshal Sir Stuart Peach last month, and the risk to the UK in the event of a major confrontation between Russia and NATO was highlighted at RUSI s Warfare in the Information Age Conference in September.56 This risk extends beyond cyber attacks to acts of sabotage, as well as the threat from ballistic and cruise missiles . With the focus in NATO being on the application of modern deterrence to reduce the risk of conflict, a credible defence of the UK is an essential element.7
Elsewhere in Europe, states are rediscovering the necessity and benefits of an integrated approach to defence . In 2016, Sweden reopened its policy of total defence seeking to bring more cohesive planning to its military and civilian defence effort at both the national and local levels.8 Denmark also espouses a total defence approach and in the Home Guard9 has a part-time, unpaid volunteer force .
In the UK, recent suggestions that the Border Force could be complemented by an auxiliary force of volunteers was met with derision in the media10. However, while not a full-scale security and defence review, the NSCR would seem a heaven-sent opportunity for the UK to rediscover the importance of homeland defence . This would be a vital balance to the focus on expeditionary military capabilities, and would provide an opportunity to redevelop a more integrated approach across the military and civilian sectors.
This might open the door to more creative ways of thinking about how necessary capabilities are organised and delivered, recognising that some of our allies may have valuable examples for us to follow. Lastly, it might also engage the public in thinking about its role in protecting the UK in contrast to perceiving the military as primarily for going far away to fight foreign wars. Banner image: A Russian Bear bomber is escorted by a Royal Air Force Quick Reaction Alert (QRA) Typhoon from RAF Lossiemouth .
Courtesy of Ministry of Defence
The views expressed in this Commentary are the author s, and do not necessarily reflect those of RUSI or any other institution.
- ^ National Security Capabilities Review (www.gov.uk)
- ^ 2015 National Security Strategy and Strategic Defence and Security Review (www.gov.uk)
- ^ Operation Temperer (www.telegraph.co.uk)
- ^ speech (www.gov.uk)
- ^ speech at RUSI (rusi.org)
- ^ Warfare in the Information Age Conference (rusi.org)
- ^ modern deterrence (www.europeanleadershipnetwork.org)
- ^ Sweden reopened its policy (www.government.se)
- ^ Home Guard (www.hjv.dk)
- ^ derision in the media (www.telegraph.co.uk)