Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Four years after Ft. Hood, Pentagon still studying base security
Thursday - 9/19/2013, 5:52am EDT
Aaron Alexis, a recently-hired information technology contractor who gunned down 12 people at the Washington Navy Yard on Monday, had not had a formal relationship with the Navy for several years.
But his security clearance, which he gained during the period when he served in the Navy Reserve between 2007 and 2011, gained him nearly automatic access to a Common Access Card (CAC) without any new background investigation when he went to work for a private contractor. His preexisting clearance, which requires a new investigation only once every decade, sufficed.
Alexis was one of an estimated 3.6 million people in and outside of government with a current secret-level security clearance, and Defense officials acknowledged Wednesday that even if someone had concerns about his aberrant behavior, which reportedly included multiple run-ins with local law enforcement during and after his uniformed Navy service, there is no single channel to report problems to the various officials who investigate, authorize and revoke security clearances.
The Navy Yard incident bore a tragic resemblance to the 2009 rampage at Fort Hood, Texas. Then, 13 people died when an insider with access to the base fired fatal shots at colleagues.
Still, Defense officials say lessons learned from four years ago may have prevented an even worse toll at the Navy Yard.
"In terms of what we changed after some of those earlier incidents, early indications are that they actually contributed to a less-horrific outcome," said Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff. "Alert notices, coordination in advance with other agencies, training for employees and law enforcement on active shooter scenarios. Some of those things we did before actually reaped the benefits we intended. The security clearance piece of this is something we have to take another look at, and the Secretary of Defense has directed us to do so."
Procedures in place
Officials also point to the implementation of a reverse-911 system on bases to alert employees and residents of an emergency and give instructions on what to do. Additionally, they highlighted a formalized agreement with the FBI that obligates DoD and federal civilian law enforcement agencies to share information about known threats to military bases and personnel, and likewise, potential threats to others from current and former military personnel.
But what's been done to date is not good enough, said Defense Secretary Chuck Hagel. On Tuesday, he ordered new reviews of security procedures, both of which will be led by Deputy Defense Secretary Ashton Carter. The reviews will encompass the physical security and access procedures by which people get on to military bases and the department's current processes for issuing security clearances.
"This review will be closely coordinated with other federal agencies currently examining these procedures, including the [Director of National Intelligence] and the [Office of Management and Budget]," Hagel told reporters. "I've also directed that an independent panel be established. This panel will conduct its own assessment of security at DoD facilities and our security clearance procedures and practices. This panel will strengthen Secretary Carter's efforts, and they will provide their findings directly to me."
The independent panel model mirrors the department's response to the Fort Hood shooting. That study, plus a follow-on review and a separate examination by the Defense Science Board collectively produced 89 recommendations. Then-Defense Secretary Robert Gates told the department to implement them in a 2010 memo. So far, 52 of them have been implemented in their entirety, a senior Defense official said.
Continuous monitoring in the works
Those that have not yet come fully into department policy relate mostly to the science board's recommendation that DoD implement specialized, multi-disciplinary threat management units to identify patterns of behavior that might lead to violence.
A second official, who was speaking on background, said the Pentagon also is creating a system that would continuously monitor and evaluate security-cleared personnel based on records from non-Defense agencies. It would automatically push information about police encounters with clearance holders on an ongoing basis rather than waiting for a periodic background check. The official, who spoke to reporters on the condition of anonymity, said DoD still was developing the system, and did not say when it would come online.
Adm. Jonathan Greenert, the Chief of Naval Operations, said the Navy is conducting its own rapid review of base security procedures around the world and expects to have initial results within two weeks.
He testified to the House Armed Services Committee one day after the release of a DoD Inspector General report which found the Navy had implemented a base access control system for contractors that had serious flaws, and did so in order to cut costs.