Posted on by Handheld Devicesin
The Wireless Emergency Alerts (WEA) service went online in April 2012, giving emergency management agencies such as the National Weather Service or a city's hazardous materials team a way to send messages to mobile phone users located in a geographic area in the event of an emergency. Since the launch of the WEA service, the newest addition to the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS),"trust" has emerged as a key issue for all involved. Alert originators at emergency management agencies must trust WEA to deliver alerts to the public in an accurate and timely manner. The public must also trust the WEA service before it will act on the alerts. Managing trust in WEA is a responsibility shared among many stakeholders who are engaged with WEA. This blog post, the first in a series, highlights recent research aimed at enhancing both the trust of alert originators in the WEA service and the public's trust in the alerts it receives.
The types of messages that the WEA service can issue to the public on their mobile phones include
While all of the major cell phone carriers are distributing WEA messages, the service is restricted to newer cell phones which are WEA-capable (see http://www.ctia.org/your-wireless-life/consumer-tips/wireless-emergency-alerts for more specific device details). Messages are distributed using a very low bandwidth distribution so that even if internet bandwidth is disrupted during an emergency, messages can still be distributed and received.
Establishing a Trust Model
Trust is the result of many positive and negative influencing factors and it is important to examine each of these to determine which factors are the most critical. As part of our research, we interviewed many public alerting experts, seeking information about successful strategies for establishing trust.
From the interviews we built a series of scenarios. Using those scenarios, we conducted surveys to assemble the range of positive and negative reactions to different scenarios. We then assembled these reactions into a Bayesian Belief Network. Of the approximately 80 factors identified from the interviews, we isolated the ones that were important to pay attention to - the ones with the greatest influence on trust. There were many conflicting factors, so we had to consider how these factors influenced each other, as well. For example, while the speed at which an alert is issued was identified as an important factor, members of the public are less likely to trust the alert if it contains misspellings and misplaced words. Care and review in crafting the message content must also be considered.
Understanding and accounting for trade-offs became an important facet of our work. If alert originators don't fully understand the inherent conflicts between factors they want to maximize, they might make counterproductive decisions.
As we outlined in our technical report on this topic, Maximizing Trust in the Wireless Emergency Alerts Service, there are issues affecting trust in the WEA Service for both alert originators and the public receiving the alerts.
Alert Originator Issues
Alert originators are federal, state, territorial, tribal, and local authorities approved by FEMA to issue critical public alerts and warnings. The sources of emergency alerts include police and fire protection groups, the National Weather Service, and the National Center for Missing and Exploited Children.
Since FEMA launched the WEA service, alert originators have been evaluating wireless alert distribution to determine if they will use this capability and how they would go about acquiring needed resources to integrate it with alerting capabilities they are already using (e.g. public radio and television broadcasting, highway signage). In a sense, the alert originators were struggling with issues typically seen when a software system expands.
Based on our analysis, the WEA service requires maximizing three key outcomes:
Using the alert originator's trust model, we identified several key factors that influence each of these three outcomes, including the following:
Several alert originators we spoke with expressed a desire for remote capabilities (e.g., issuing an alert from the scene of an incident). Although we are unaware of any software that supports this type of remote access, it is a feature that warrants investigation by suppliers of alerting software. Remote access to capabilities can provide opportunities to an attacker as well as a legitimate user and effective security will be important to preserving trust.
Securing Public Trust in the WEA Service
Ultimately, an alert originator's message can be measured on whether or not the public takes the recommended action, and this will only occur if the recipient trusts the sender. We analyzed public trust in the WEA Service by considering factors that could affect response from a recipient to a WEA alert. These included
Our analysis showed that the message has to be well written so that it clearly identifies the individuals affected, the reason for action, and a recommended response. Analysis of our model for public trust identified several factors that influence each of these outcomes including the following:
Within any jurisdiction, multiple agencies may all have authority to issue an alert. To avoid confusion, a clear hierarchy must be established. This understanding is best established through interagency agreements that define alerting responsibilities and regular, frequent communication among agencies. Alert originators must also establish processes and communications channels with neighboring jurisdictions to notify them when an alert is being issued so that they may also prepare, for example, by handling calls to the 911 call center. More in-depth information on this topic may be found in the WEA Governance Guide in the report Best Practices in Wireless Emergency Alerts.
Finally, our work on this project found that alert originators and public recipients are more likely to trust the WEA service if they can verify the alerts through another channel, such as Twitter. For example, Twitter provided critical information about the northeastern weather emergencies in the fall of 2012 (Hurricane Sandy). In addition, social media outlets may be able to provide insight about public reaction to an alert and enable alert originators to monitor response, tailor follow-up messages and make adjustments to future alerting strategies.
Recommendations and Future Work
As a result of our research on issues that affect trust in the WEA service, we were able to develop recommendations for alert originators to increase their trust of WEA and the public's trust in the alerts they receive.
Recommendations that improve the trust alert originators have in WEA include the following:
Recommendations that increase the public's trust in the alerts they receive include the following:
Another phase of our research involves the development of security guidance for alert originators and their use of WEA services. This involves taking a deeper dive into security issues surrounding the WEA service. Our aim is to ensure that trust is built into the WEA capability. We can help alert originators understand their security risks so that they may make the right system implementation and integration choices.
We welcome your feedback on our work. Please leave feedback in the comments section below.
To read the SEI technical report, Maximizing Trust in the Wireless Emergency Alerts (WEA) Service, please visit
To read the SEI technical report, Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators, please visit
To download the report, Best Practices in Wireless Emergency Alerts, please visit
Visit the SEI Digital Library for other publications by Carol