Aaron Alexis, a recently-hired information technology contractor who gunned down 12 people at the Washington Navy Yard on Monday, had not had a formal relationship with the Navy for several years.
But his security clearance, which he gained during the period when he served in the Navy Reserve between 2007 and 2011, gained him nearly automatic access to a Common Access Card (CAC) without any new background investigation when he went to work for a private contractor. His preexisting clearance, which requires a new investigation only once every decade, sufficed.
Alexis was one of an estimated 3.6 million people in and outside of government with a current secret-level security clearance, and Defense officials acknowledged Wednesday that even if someone had concerns about his aberrant behavior, which reportedly included multiple run-ins with local law enforcement during and after his uniformed Navy service, there is no single channel to report problems to the various officials who investigate, authorize and revoke security clearances.
The Navy Yard incident bore a tragic resemblance to the 2009 rampage at Fort Hood, Texas. Then, 13 people died when an insider with access to the base fired fatal shots at colleagues.
Still, Defense officials say lessons learned from four years ago may have prevented an even worse toll at the Navy Yard.
“In terms of what we changed after some of those earlier incidents, early indications are that they actually contributed to a less-horrific outcome,” said Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff. “Alert notices, coordination in advance with other agencies, training for employees and law enforcement on active shooter scenarios. Some of those things we did before actually reaped the benefits we intended. The security clearance piece of this is something we have to take another look at, and the Secretary of Defense has directed us to do so.”
Procedures in place
Officials also point to the implementation of a reverse-911 system on bases to alert employees and residents of an emergency and give instructions on what to do. Additionally, they highlighted a formalized agreement with the FBI that obligates DoD and federal civilian law enforcement agencies to share information about known threats to military bases and personnel, and likewise, potential threats to others from current and former military personnel.
But what’s been done to date is not good enough, said Defense Secretary Chuck Hagel. On Tuesday, he ordered new reviews of security procedures, both of which will be led by Deputy Defense Secretary Ashton Carter. The reviews will encompass the physical security and access procedures by which people get on to military bases and the department’s current processes for issuing security clearances.
“This review will be closely coordinated with other federal agencies currently examining these procedures, including the [Director of National Intelligence] and the [Office of Management and Budget],” Hagel told reporters. “I’ve also directed that an independent panel be established. This panel will conduct its own assessment of security at DoD facilities and our security clearance procedures and practices. This panel will strengthen Secretary Carter’s efforts, and they will provide their findings directly to me.”
The independent panel model mirrors the department’s response to the Fort Hood shooting. That study, plus a follow-on review and a separate examination by the Defense Science Board collectively produced 89 recommendations. Then-Defense Secretary Robert Gates told the department to implement them in a 2010 memo. So far, 52 of them have been implemented in their entirety, a senior Defense official said.
Continuous monitoring in the works
Those that have not yet come fully into department policy relate mostly to the science board’s recommendation that DoD implement specialized, multi-disciplinary threat management units to identify patterns of behavior that might lead to violence.
A second official, who was speaking on background, said the Pentagon also is creating a system that would continuously monitor and evaluate security-cleared personnel based on records from non-Defense agencies. It would automatically push information about police encounters with clearance holders on an ongoing basis rather than waiting for a periodic background check. The official, who spoke to reporters on the condition of anonymity, said DoD still was developing the system, and did not say when it would come online.
Adm. Jonathan Greenert, the Chief of Naval Operations, said the Navy is conducting its own rapid review of base security procedures around the world and expects to have initial results within two weeks.
He testified to the House Armed Services Committee one day after the release of a DoD Inspector General report which found the Navy had implemented a base access control system for contractors that had serious flaws, and did so in order to cut costs.
“We are reviewing that report right now, and to the degree we have vulnerabilities, we’ll correct them,” he said. “I can assure you though that the cost-control measures that are mentioned in this report have nothing to do with our budget or with sequestration. We don’t cut budgetary corners for security.”
Fixing the gaps
The Navy program in question was designed to expedite military base access for contractors who did not have Common Access Cards, so it remained unclear Wednesday whether the criticisms in the IG report were directly related to the incident involving Alexis, who had a valid CAC.
After reviewing the report, several Senators wrote to Hagel Wednesday afternoon, asking him whether Alexis’ initial background investigation was handled by Office of Personnel Management staff versus contractors, and whether proper review procedures were followed.
“Obviously something went wrong,” Hagel told reporters. “We will review everything, and hopefully we will figure out how to do this better. The fact is that we don’t live in a risk-free society, and every day, all our employees come to work and help this country know that there’s some risk to that. But that’s not a good enough answer. We will find those gaps, and we will fix those gaps.”