Establishing Trust in the Wireless Emergency Alerts Service
The Wireless Emergency Alerts (WEA) service went online in April 2012, giving emergency management agencies such as the National Weather Service or a city's hazardous materials team a way to send messages to mobile phone users located in a geographic area in the event of an emergency. Since the launch of the WEA service, the newest addition to the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS),"trust" has emerged as a key issue for all involved. Alert originators at emergency management agencies must trust WEA to deliver alerts to the public in an accurate and timely manner. The public must also trust the WEA service before it will act on the alerts. Managing trust in WEA is a responsibility shared among many stakeholders who are engaged with WEA. This blog post, the first in a series, highlights recent research aimed at enhancing both the trust of alert originators in the WEA service and the public's trust in the alerts it receives.
The types of messages that the WEA service can issue to the public on their mobile phones include
While all of the major cell phone carriers are distributing WEA messages, the service is restricted to newer cell phones that are WEA-capable. Messages are distributed using a very low bandwidth distribution so that even if internet bandwidth is disrupted during an emergency, messages can still be distributed and received.
Establishing a Trust Model
Trust is the result of many positive and negative influencing factors and it is important to examine each of these to determine which factors are the most critical. As part of our research, we interviewed many public alerting experts, seeking information about successful strategies for establishing trust.
From the interviews we built a series of scenarios. Using those scenarios, we conducted surveys to assemble the range of positive and negative reactions to different scenarios. We then assembled these reactions into a Bayesian Belief Network. Of the approximately 80 factors identified from the interviews, we isolated the ones that were important to pay attention to - the ones with the greatest influence on trust. There were many conflicting factors, so we had to consider how these factors influenced each other, as well. For example, while the speed at which an alert is issued was identified as an important factor, members of the public are less likely to trust the alert if it contains misspellings and misplaced words. Care and review in crafting the message content must also be considered.
Understanding and accounting for trade-offs became an important facet of our work. If alert originators don't fully understand the inherent conflicts between factors they want to maximize, they might make counterproductive decisions.
As we outlined in our technical report on this topic, Maximizing Trust in the Wireless Emergency Alerts Service, there are issues affecting trust in the WEA Service for both alert originators and the public receiving the alerts.
Alert Originator Issues
Alert originators are federal, state, territorial, tribal, and local authorities approved by FEMA to issue critical public alerts and warnings. The sources of emergency alerts include police and fire protection groups, the National Weather Service, and the National Center for Missing and Exploited Children.
Since FEMA launched the WEA service, alert originators have been evaluating wireless alert distribution to determine if they will use this capability and how they would go about acquiring needed resources to integrate it with alerting capabilities they are already using (e.g. public radio and television broadcasting, highway signage). In a sense, the alert originators were struggling with issues typically seen when a software system expands.
Based on our analysis, the WEA service requires maximizing three key outcomes:
- Appropriateness - the suitability of WEA as an alerting solution within the context of a particular incident.
- Availability - the ability of alert originators to use the WEA service when needed.
- Effectiveness - the ability of the WEA service to produce outcomes desired by alert originators.
Using the alert originator's trust model, we identified several key factors that influence each of these three outcomes, including the following:
- Security and urgency. The WEA service is intended for use only in the most serious emergency events. Our trust model confirmed that the urgency of the incident must be classified as either immediate or expected, requiring action immediately or within the hour. Since these types of alerts are infrequent, emergency management agencies should have clear approval and usage procedures in place to ensure appropriateness for this distribution channel. In some cases, alert originators may access the WEA service through integrated alerting software that issues notifications simultaneously through WEA and other channels requiring further coordination of use.
- Certainty. Alerts issued using the WEA service need to be verifiable. The WEA service is intended for use only in incidents with a high degree of certainty. The certainty of the incident must either have been observed (determined to have occurred or be ongoing) or likely (the probability of occurrence is greater than 50 percent). Alert originators must receive information from their sources with sufficient timeliness to make use of WEA.
- Geographic breadth. Alerts issued using the WEA service need to be targeted to the size and location of the geographic region impacted by the emergency event. Current usage is limited to county designations, which are effective in some but not all cases, In some states, counties are huge and notifications of an emergency in one area of a county may be hundreds of miles away from many recipients. Conversely, in major metropolitan areas where the distance is smaller but population density is much higher, current WEA geographic granularity may also result in many people receiving alerts for an event that is not relevant to them. As a result, recipients may become desensitized to the alerting process increasing the likelihood that they could ignore an alert that is critical for them.
- Accessibility. System accessibility for the alert originator is a critical factor in securing the trust of alert originators. Factors that influence accessibility include security decisions which make the WEA Service accessible from only a few dedicated terminals within the alert originator's office. WEA messages are not an everyday occurrence and familiarity of the operation of these terminals will be improved if users have greater access. We found that accessibility improves if alert originators can access the WEA service through integration with other alerting and emergency management applications they use more frequently.
Several alert originators we spoke with expressed a desire for remote capabilities (e.g., issuing an alert from the scene of an incident). Although we are unaware of any software that supports this type of remote access, it is a feature that warrants investigation by suppliers of alerting software. Remote access to capabilities can provide opportunities to an attacker as well as a legitimate user and effective security will be important to preserving trust.
Securing Public Trust in the WEA Service
Ultimately, an alert originator's message can be measured on whether or not the public takes the recommended action, and this will only occur if the recipient trusts the sender. We analyzed public trust in the WEA Service by considering factors that could affect response from a recipient to a WEA alert. These included
- reading or listening to an alert
- understanding an alert
- believing an alert is credible
- acting appropriately in response to an alert
Our analysis showed that the message has to be well written so that it clearly identifies the individuals affected, the reason for action, and a recommended response. Analysis of our model for public trust identified several factors that influence each of these outcomes including the following:
- Clarity. Recipient feedback suggested that poor grammar and spelling can lead a recipient to treat an alert as spam and ignore the suggested action.
- Explanation. While alert originators have control over content, the message cannot exceed 90 characters based on the current WEA service design. A statement about where to find additional information would increase recipient trust. High-security events with short lead times could require multiple alerts to provide the necessary information.
- Timing. Public trust is also affected by the timing of messages. Our model indicated that additional lead time on an alert that provided more time for the recipient to respond significantly increased trust.
- Frequency. As expected, too many alerts that are not applicable to the recipient will reduce recipient trust. We also found that a lack of coordination among local jurisdictions can increase the frequency of alerts, lead to confusion and misinformation, and raise credibility concerns for all involved.
Within any jurisdiction, multiple agencies may all have authority to issue an alert. To avoid confusion, a clear hierarchy must be established. This understanding is best established through interagency agreements that define alerting responsibilities and regular, frequent communication among agencies. Alert originators must also establish processes and communications channels with neighboring jurisdictions to notify them when an alert is being issued so that they may also prepare, for example, by handling calls to the 911 call center. More in-depth information on this topic may be found in the WEA Governance Guide in the report Best Practices in Wireless Emergency Alerts.
Finally, our work on this project found that alert originators and public recipients are more likely to trust the WEA service if they can verify the alerts through another channel, such as Twitter. For example, Twitter provided critical information about the northeastern weather emergencies in the fall of 2012 (Hurricane Sandy). In addition, social media outlets may be able to provide insight about public reaction to an alert and enable alert originators to monitor response, tailor follow-up messages and make adjustments to future alerting strategies.
Recommendations and Future Work
As a result of our research on issues that affect trust in the WEA service, we were able to develop recommendations for alert originators to increase their trust of WEA and the public's trust in the alerts they receive.
Recommendations that improve the trust alert originators have in WEA include the following:
- Procure or create your WEA system to maximize the accessibility of the system when and where it is needed.
- Periodically verify the performance of your system to ensure reliable operation when the system is needed.
- Integrate WEA system alerting with other emergency management agency operations to maximize operator familiarity with system operation.
- Consider the time required to generate and issue an alert when acquiring your system.
- Establish a means to ensure the accuracy of the alert messages that will be issued.
- Collect and analyze feedback from prior alerts to monitor and improve effectiveness.
Recommendations that increase the public's trust in the alerts they receive include the following:
- Use WEA only for events of high urgency, severity, or certainty.
- When deciding to issue a WEA alert, consider the geographic footprint of the event relative to the footprint of the alert.
- Ensure clarity of message, spelling, and grammar.
- Include an explanation of why a specific action should be taken.
- Clearly define the action to be taken.
- Issue the alert in the primary language of the intended recipients.
- Avoid issuing too many alerts that are not applicable to recipients.
- Establish alert coordination across multiple (overlapping and/or adjacent) jurisdictions to avoid duplicate alerts.
- Avoid issuing bogus alerts following a security compromise of a WEA site.
Another phase of our research involves the development of security guidance for alert originators and their use of WEA services. This involves taking a deeper dive into security issues surrounding the WEA service. Our aim is to ensure that trust is built into the WEA capability. We can help alert originators understand their security risks so that they may make the right system implementation and integration choices.
We welcome your feedback on our work. Please leave feedback in the comments section below.
Additional Resources
To read the SEI technical report, Maximizing Trust in the Wireless Emergency Alerts (WEA) Service, please visit
https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=70004.
To read the SEI technical report, Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators, please visit
https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=70071.
To download the report, Best Practices in Wireless Emergency Alerts, please visit https://www.dhs.gov/sites/default/files/publications/Wireless%20Emergency%20Alerts%20Best%20Practices_0.pdf
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.
Subscribe Get our RSS feedGet updates on our latest work.
Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.
Subscribe Get our RSS feed