The emergency alert system has been hacked before. There was an incident in 2013 where several TV stations broadcast a fake zombie attack warning as the result of a cyber attack from somewhere overseas. It's not inconceivable that more sophisticated hackers could send out alerts through TV, radio, and SMS. The system's security can't be that great.
I'm not too familiar with how EAS works, but I believe it's designed so that a ballistic missile warning could only be sent out after being handed down from national level sources (i.e. USAF, MDA, or whoever is handling the missile warning satellites and radars). Messages from the federal level are received by EAS capable stations and then decoded based on an encryption protocol before being transmitted. They can't be generated internally by state or local governments, at least not for non-weather emergencies. Unless I'm misunderstanding how the system works, there's no way the alert could have been generated and sent from within Hawaii without the military/MDA initiating it or--most likely-- a hack.
The question is who did it and what their motive was.