Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bogus Security Alerts Hit National Weather Service

Posted by timothy on from the donald-normal-field-day dept.

kobee writes "The National Weather Service is adding a confirmation dialog to their system for issuing regional EAS (Emergency Alert System) warnings, after it accidently alerted parts of Florida and Georgia to a bogus radiological emergency Wednesday. Wired News reports an NWS operator 'entered the code "RHW" instead of "RWT," keying a radiological hazard warning instead of a required weekly test.' Something similiar occured in Las Vegas the day before."

35 comments

  1. there's a good idea! by LBt1st · · Score: 1

    Seriously, this stuff gets past QA?

  2. Ahh... by It+doesn't+come+easy · · Score: 1

    So that explains the extra glow after sunset...

    --
    The NSA: The only part of the US government that actually listens.
  3. Confirmation by Neon+Spiral+Injector · · Score: 1

    So now they will just key, RHW[Enter][Enter], the extra enter to say yes the the annoying confirmation dialog that pops up everytime you want to do anything--including the weekly test.

    1. Re:Confirmation by glarvat · · Score: 1
      The parent is correct. It's been shown many times that users don't read.

      This sort of change will only add non-value added time to releasing warnings while offering virtually no error proofing. Something like a drop down with the full text of the warning would be a slightly better solution.

    2. Re:Confirmation by Kelerain · · Score: 1

      Perhaps the confirmation only pops up for real emergency broadcasts, and not the weekly test? The article was unclear on this point. If it is indeed for all of them, a confirmation is useless. But if you can catch the less likely conditions only, I can see that working. And I think the overhead is worth it if it works, because false alarms really diminish the systems value.

      But you are probably right, and they are probably going make the classic 'confirm everything' mistake, making it esentially confirm nothing, as they had before.

    3. Re:Confirmation by Thalagyrt · · Score: 1

      Well they could force the user to click it by not having a default button set, or have it set to no by default. I think that might work. If they just hit enter twice either nothing will happen or it'd go back to where they were entering it from.

      --
      Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo!
    4. Re:Confirmation by DavidTC · · Score: 1
      So now the user hits Enter, Left arrow, Enter automatically?

      Yeah, that's a lot better.

      --
      If corporations are people, aren't stockholders guilty of slavery?
    5. Re:Confirmation by Thalagyrt · · Score: 1

      Eh, good point. Still, it would make it a bit more difficult.

      --
      Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo!
    6. Re:Confirmation by erlenic · · Score: 1

      When I worked in a shipping department, we had a situation like that. After entering an order, we had quite a few codes to enter and confirm, stuff like whether the order was finished, what printer to send it to, etc. The codes we entered never changed, so we had the whole key sequence memorized. Twenty keys, on five different screens, and we'd enter every one of them before the system had pulled up the second screen. Users never look at confirmation screens.

      You mention a possible alternative in your last phrase. If routine stuff such as the weekly test had no confirmation screen, but important stuff did, maybe users would notice it.

    7. Re:Confirmation by Anonymous Coward · · Score: 0

      Nah, do like Amiga Shareware Nag dialogs of yesteryear - randomize the button positions and text each time.

      1. "Are you sure you want to send RWT?" [Send RWT] [Don't send RWT]
      2. "Are you sure?" [RWT No Thanks!] [RWT Me Up, Baby!]
      etc.

      Amiga shareware apps did this all the time, as there were "request canceller" commodities [daemons] written for the Amiga that could watch a GUI and automatically dispense with the more trivial nagware.

  4. Bad UI Code by axoi · · Score: 1

    This must be bad UI code. Three letter acronyms for entry without verification? You got to be kidding me. This is just an accident waiting to happen. At least some type of pull down or grouping by category would have been better. What is wrong with the designers of this software??

    1. Re:Bad UI Code by Anonymous Coward · · Score: 0

      They're probably tasteless dweebs, not real people who care about good design.

    2. Re:Bad UI Code by Romeozulu · · Score: 1

      You're assuming it's a UI. Have you ever looked at raw weather forecasts? It's all fucking TTY shit. In this day and age it's all coded and packed for 150 Baud transmission. I doubt they are using a new-fangled GUI.

    3. Re:Bad UI Code by glarvat · · Score: 1
      Two things from the article make it relatively safe to assume that the system does, in fact, have some sort of GUI:
      • a 1997 replacement
      • another window will pop up and say, 'Do you really want to issue this radiological hazard warning?'

      But, having dealt with government systems, I can understand your point.

    4. Re:Bad UI Code by axoi · · Score: 1

      Someone may have beat me to this but I'll bite...

      What do you think a UI is?? I know a GUI is graphical but I think you making an assumption here that all UIs are GUI..Am I right?

      I have used 300 baud modems, I bought mine in 1986. That was when you could watch (litterally ) watch your programs download character by character. Aww those were the days.... I don't miss that much.

    5. Re:Bad UI Code by zerofret · · Score: 1

      I work for the NWS at a local field office and am familiar with the software involved in the warning process. The user interface really isn't the problem. The issue is that the systems are designed to get warnings out to the public as quickly as possible. As soon as a meteorologist hits the send button the product is rushed to all the places it needs to go without any additional delay. Adding a confirmation dialog may reduce false alarms, but if the forecaster is actually taking the time to read the confirmation then the product will be delayed for however long it takes to read it.

      A drop-down list isn't very feasible due to the shear number of possible products that would need to be in the list. A forecaster in a hurry to issue a tornado warning is more likely to make a mistake and/or take additional time trying to find the tornado warning in the drop down than if she just needs to type in 'TOR'. To answer the question What is wrong with the designers of this software?? I would have to say from my own dealings with the developers that the biggest thing wrong with them is that they are woefully understaffed.

    6. Re:Bad UI Code by axoi · · Score: 1

      I have to balk at that because even if you required a double entry text field that would more than likely catch those typos that the user entered. It is in fact the user interfaces fault for not assisting the user in performing his/her job effectively and efficiently. After all what is a user interface for if not that??

  5. Clippy by Deathlizard · · Score: 2, Funny

    So they are basicially going to bring clippy back from the dead?

    I can see it now. you type the letter T and Clippy comes up and says "It looks like your issuing a Tornado warning! do you need any help?"

    --
    In Soviet Russia, Trojan exploits YOU!
  6. Patterns?? by Chaotic+Spyder · · Score: 0, Offtopic

    I just got word from a cilent that the NT4.0 servers that I spent the last week and a half building for him are not actually NT4.0 but WIN2K...(Don't even bother asking why.. I spent much time discussing this with my boss)

    Haha.. Canadian Gov.. Tax money well spent....

    Now I read that Florida got a Radiation warning instead of a test... wow.. What's next??? Microsoft releases OSS that is secure and easy to use????

    --
    Losers whine about their best, Winners go home to fuck the prom queen
    1. Re:Patterns?? by bill_mcgonigle · · Score: 1

      Now I read that Florida got a Radiation warning instead of a test

      Florida needs a radiation warning - my two cans of Solarcaine with Aloe can attest to that...

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  7. Celebrate the UNIX way! by Chemisor · · Score: 1

    More than thirty five years of cryptic commands!
    Only on UNIX would you have commands like:

    unw - update national weather
    inw - initiate nuclear war

    1. Re:Celebrate the UNIX way! by Romeozulu · · Score: 1

      Come on, it would be:

      inw -f

    2. Re:Celebrate the UNIX way! by warpSpeed · · Score: 2, Funny
      Just to be real safe now, It should be

      sync;sync;sync;inw -f

      You can't be too safe, you know?

    3. Re:Celebrate the UNIX way! by torpor · · Score: 1


      inw -rfvvvvv

      you mean ...

      --
      ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
  8. Pay no attention to the mushroom cloud... by warpSpeed · · Score: 1

    It is just your regularly scheduled weekly test...

  9. Codes are part of the problem by freshmkr · · Score: 1

    I suspect that one of the causes of this incident is the use of arcane codes like RHW or what have you. Ask anyone who's had to read a METAR---these brief weather reports are short enough to fit on the teletypes for which they were originally designed, but the more obscure codes will trip you up occasionally or send you scurrying off for a list of abbreviations.

    It's 2005. There's very little cost to writing out "thunderstorm" or "mist" or "radiological alert". I bet this mistake would never have happened if these had been choices in a drop-down menu.

    --
    MAN SHOOTS ROVER!
    1. Re:Codes are part of the problem by Anonymous Coward · · Score: 0

      I bet this mistake would never have happened if these had been choices in a drop-down menu.

      Yeah, God knows no one ever makes a mistake using a GUI.

  10. Radio... by daviq · · Score: 0

    You cannot escape the EAS when you are on the radio. Even if it sounds unbelieveable, you can't just say that you "missed" it, as many devices flash at you and pop-ups florish excitably on the computer.

    --
    Go to the w3.org and put Slashdot.org through the validator.
  11. Radiation Hazard Graphic by justanyone · · Score: 1

    The user interface should pop up a window with a big orange standard Radiation Hazard Warning and ask for confirmation that is what the user wanted to do.

    Of course, this kind of interface may come with risks. In my last job the project was called 'RAD' for 'Risk Assessment Database' and we wanted our logo to be a big yellow and black radiation sign. this was at a big bank in downtown Chicago. Unfortunately, it turned out one of the neighboring departments had an employee who either had cancer or whose wife had cancer, and the radiation signs kind of freaked him a bit, so we changed our logo. Alas. It would have been cool but for the whole oops-we're-insensitive-doofuses aspect.

    --
    Unitarian Church: Freethinkers Congregate!
    1. Re:Radiation Hazard Graphic by amliebsch · · Score: 1

      You know, just thinking about that for a second...that is actually a staggeringly good UI solution to this problem. Confirm, yes - and have half or more of the dialog be a huge iconic depiction of whatever code was entered. Require a 2 second delay to play it really safe. Even if the operator habitually ignored the dialog text, the huge picture that is almost instantly recognizable by the fantastic human brain as "WRONG" and should register with even the most seasoned keystroke-memorizers.

      --
      If you don't know where you are going, you will wind up somewhere else.
  12. Radio stations, public ignored '71 nuke alert also by mbstone · · Score: 4, Interesting

    'NUCLEAR ALERT' PROVES FALSE

    By Paul L. Montgomery,
    New York Times, Feb. 21, 1971

    A "human error" yesterday put Americans on an emergency alert of the type that would be used in a nuclear attack.

    It was 40 minutes before the error was cleared up at the National Emergency Warning Center at Cheyenne Mountain, Colo.

    An employee at the center, in a confusion over punched tapes that are prepared in advance, put on the wire to the country's radio and television stations at 9:33 A.M. a message saying that the President had declared a national emergency and that normal broadcasting was to cease "immediately."

    The message contained the code word "hatefulness," which was to be used only in the event of a real alert.

    In the subsequent turmoil, a number of stations around the country went off the air after telling listeners of the "emergency." Others quickly checked and found that the transmission was an error and continued normal broadcasting.

    "I saw the authenticated message and thought, 'My God! It's Dec. 7 all over again!'" said Chuck Kelly of WWCM in Brazil, Ind., who took his station off the air for 22 minutes.

    The National Emergency Warning Center frantically tried to cancel the message several times, but it was not until 10:13 A. M. that it found the proper code word-"impish"--to indicate that the cancellation was authentic.

    The false alert did not affect any of the country's military arms because the error originated with the office charged with informing civilians of impending disaster. However, Secretary of Defense Melvin R. Laird ordered an immediate investigation.

    Louis I. Smoyer, chief of the warning center, said that the error occurred when a civilian operator at the center put on the wire a tape for a real alert instead of a test tape.

    The operator, W. S. Eberhardt, who has worked 15 years at the center, said afterward: "I can't imagine how the hell I did it."

    Because the false alert looked exactly like the real one, and because many broadcasting stations did not follow the procedures called for in a real emergency, the incident raised questions about the effectiveness of the civilian warning system.

    A spokesman for the Office of Civil Defense in Washington, asked if the system would work in a real emergency as it did yesterday, replied, "That's one of the things I've always wondered about."

    The warning center is part of the nuclear alert complex in the base of Cheyenne Mountain, 10 miles south of Colorado Springs. The center,
    protected by thick concrete and mounted on springs to allay nuclear shock, is operated by the Office of Civil Defense. Communications in the center are staffed by civilian employees of the Army Strategic Communications Command.

    In an actual nuclear alert, the warning of impending attack would come from the North American Air Defense Command (NORAD) in the mountain, which operates the radar warning systems ringing the United States and Canada.

    The warning would then be transmitted to the American and Canadian Joint Chiefs of Staff to the Governments of the two countries, to the Polaris missile fleet, to the Strategic Air Command, and to the National Emergency Warning Center, which is the link with the civilian population.

    Under Civil Defense strategy, the radio and television stations are the primary means of warning civilians that an attack is impending.

    The warning center is directly connected into the Associated Press and United Press International radio news wires, which go to the country's stations. The circuit is tested at least twice a week, and there is an elaborate system of codes so that what happened yesterday supposedly could not happen.

    Every three months, each radio station is sent a list of the code words for each day that must be included in a message from the warning cent

  13. inw -Rf by wsanders · · Score: 1

    Unfortunately, "-r" is the default.

    --
    Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
  14. Codes are the tip of the iceberg! by wsanders · · Score: 1

    I'm not going to assert very stringly that plain English WX might be useful, but the codes are not that obscure and are fairly easy to learn worldwide, even if you don't speak English or even use a Latin alphabet - and only the tip of what constitutes the offical definitions of weather observations codified in "FMH-1", the Bible of meteo observational arcana:

    http://www.nws.noaa.gov/oso/oso1/oso12/fmh1/fmh1to c.htm

    All helps ensure that weather descriptions are easy to read all round the world no matter what your native alphabet, or whether you are a machine or human.

    And just think of the "legacy" code devoted to reading METARs!

    --
    Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
    1. Re:Codes are the tip of the iceberg! by freshmkr · · Score: 1

      But some of them ARE obscure. It's impossible for two-letter codes based on a mixture of languages not to be obscure in spots---and different spots for different people, of course. "FU" makes sense for "smoke" in French but not in English. I've never learned the etymology of "BR" for mist, but "Baby Rain" makes a good mnemonic, I suppose. And so on. PO? GR? BC? MI?

      Anytime it takes an extra application of brainpower to encode or decode a message, mistakes can happen. As an example---I was flying out of Latrobe, PA a month ago and the METAR got mistyped somehow. What was "10SM" (10 statute miles visibility) got written "10SAM" instead. The briefer at Altoona AFSS read that quickly and said "Scattered 1000" when clouds everywhere else were up at 4K or so. We were still baffled and called the tower to see what they thought it meant---after they confirmed with us that there wasn't any 10 sand minus nearby they eventually figured out what went wrong.

      So the bobble made the briefer say something wildly inaccurate, made us delay to play it safe and figure out what was really up, and got the tower pestered.

      My advice: leave the code to the computers and make the decoded data an official weather product, generated from standardized decoding schema tailored to whatever languages/display types you need. The less thinking you have to do, the sooner and better you can process the info and the less likely you'll be to make mistakes.

      I will admit that two letter codes are handy for transcribing ATIS broadcasts, though.

      --
      MAN SHOOTS ROVER!
    2. Re:Codes are the tip of the iceberg! by eggstasy · · Score: 1

      Mist, in french, is Brume. Might explain the etymology of BR.