Civil ballistic missile warning needs federal leadership

Civil ballistic missile warning needs federal leadership
© Getty Images

Without a near-term course correction, the investigation of Hawaii’s false ballistic missile alert will not produce useful insights or badly needed reforms. The Federal Communications Commission is the wrong agency to lead the investigation. First, the agency has no expertise in ballistic missile warning and no authority to address the shortfalls demonstrated in Hawaii on Jan. 13. Second, the Federal Emergency Management Agency, with Department of Defense support, is statutorily charged with responsibility for missile warnings to the public. Third, and most damning, is that the FCC is preparing to gut upgrades in the wireless emergency alert system — with a vote scheduled for Jan. 30.

I make four recommendations, based on perspectives gained over more than 30 years of military and civilian service as a flag officer in the U.S. Navy, including service with communication support roles for Nuclear Command and Control and as chief of the FCC’s Public Safety and Homeland Security Bureau.

ADVERTISEMENT
The panic from Hawaii’s false alarm underscores the need for an end-to-end review and plan of action to improve the nation’s capabilities and readiness to warn the public of an impending ballistic missile attack. The issue extends beyond Hawaii. North Korea is assessed to be capable of hitting any state or U.S. territory. If FEMA continues the model it allowed in Hawaii, that means 56 systems, protocols and staffs to conduct ballistic missile warning.

 

The FCC has a narrowly defined statutory role for oversight of the commercial elements of the emergency alert system and wireless emergency alerts. Detection, tracking, attack assessment and alert originator policies, procedures and proficiency are executive branch responsibilities, split between Defense and Department of Homeland Security.  

Recommendation 1: Congress must direct an executive branch review of federal, state and local roles, responsibilities, current implementation and future objectives for ballistic missile alerts to fully address shortfalls.

The Integrated Public Alert and Warning System, or  IPAWS, connects government alert originators with over 25,000 commercial communications companies that disseminate warnings. The IPAWS Modernization Act of 2016 made clear the FEMA administrator’s responsibility to establish operating procedures, train, test and exercise state and local governments in its use.

Emergency alerts have evolved since their establishment in the 1950s but they always have been a public-private partnership. Federal, state and local governments can detect indications of an impending disaster, create warning messages and provide status and direction for disasters. The FCC sets technical rules for commercial carriers, and the executive branch establishes the systems, protocols and readiness requirements for alert originators. At the highest level, the system supports attack notification from the president or his combatant commanders, and continuity of government assurance to the public after an attack through IPAWS.

This part of the system has physical and logical redundancy, strong cybersecurity, survivability for the full range of threats and assured availability to the commander in chief. Presidential public warning is an important part of nuclear defense, but over time it became clear that states and communities would benefit from the means to communicate in times of disaster. As FEMA developed IPAWS, it intentionally allowed states and communities to select their user interface programs. This meant that state and local applications would not require new IT networks, but also meant that state systems would not undergo intense testing and evaluation, and their implementations would not necessarily address high-end cyber threats.

Recommendation 2: We must reconsider whether we should have 56 highly variable programs to warn the public (more if major municipalities are given approval to warn for inbound ballistic missiles).  

The “trigger” for Hawaii to send an alert is the DHS/FEMA-run secure, survivable, phone conference that communicates a missile warning over the phone. Importantly, the states have no organic capability to detect an inbound missile; they are entirely dependent on DoD and DHS to provide situational awareness. The FEMA National Warning Systems Operations Manual, last updated in 2001, makes clear that FEMA operations centers are the activation point for attack warning and that only the FEMA director or his/her authorized representative can terminate an attack warning.

In Hawaii, although the state mistakenly transmitted the false alarm, the transmission passed right through the IPAWS system. Once aware of the mistaken alert, DoD and FEMA centers rapidly determined there was no attack, saw the ongoing public panic — and could have taken steps to immediately intercede.

An inbound ballistic missile warning, even one transmitted by a subordinate echelon in our national defense structure, inherently becomes a national security matter. Remember, DoD has the only definitive means of determining that missiles aren’t inbound. It may be better for ballistic missile warnings in all areas be controlled from the national level; tornado warnings are a great example of such federal-initiated local alerts.

Recommendation 3: The executive branch should evaluate FEMA training, test and exercise provisions, along with federal and state roles, and determine if there are missing authorities requiring a legislative fix.

In a move that predates the Hawaii false alarm, the FCC chairman took steps to gut proposed improvements to the wireless emergency alert system that would save lives in the event of a ballistic missile attack. The U.S. Conference of Mayors, Big City Emergency Managers, the National Emergency Management Association and the National 9-1-1 Association asked for four items to be included in modernization of wireless alerts. The full commission in 2016 voted to propose their adoption after finding each item to be technically feasible, available in related commercial apps, and relatively low cost when compared to their lifesaving potential.  

Specifically, the emergency managers want the FCC to establish a location accuracy standard of one-tenth of a mile to support the granular geo-targeting of alerts. They want to include “polling links” in alert messages to get near-instantaneous feedback from the population on the extent of damage from a disaster, allowing rapid triage. They want the ability to send multimedia alerts (e.g., a map of evacuation routes and shelters, a graphic showing predicted radiation fallout, or picture of missing children). Finally, they want support for multiple languages. The FCC chairman dismissed their input and circulated an order to be voted on Jan. 30 that made the geo-targeting standards optional and completely removed the other three items.  

Recommendation 4: The wireless emergency alert modernization scheduled for FCC vote on Jan. 30 should be reconsidered, in light of the Hawaii false alert, with provisions sought by the nation’s emergency managers restored.

In sum, the armed services, homeland security and commerce committees have equities in ballistic missile warning and alerts. They should work together to charter investigations by the FCC and FEMA, by DoD and DHS, and consider directing an independent GAO assessment.

David G. Simpson, a retired rear admiral with the U.S. Navy, leads Pelorus Consulting Services, specializing in public safety, telecommunications and cyber security. He was chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau (2013 to 2017); vice director of the Defense Information Systems Agency (2011 to 2013); and director of Communications and Information Services for U.S. Forces Iraq in Baghdad (2009 to 2010). Follow him on Twitter @SimpsonGrey.