Investigator Discusses Navy Yard Findings, Insider Threat
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, March 19, 2014 The most significant findings of the Navy’s own investigation into security, personnel and contracting factors related to the last year’s Navy Yard killings involved the insider threat posed by the shooter, contractor Aaron Alexis, the Navy’s lead investigator said.
Navy Secretary Ray Mabus discusses plans to implement changes following the Washington Navy Yard shooting investigations and reviews during a briefing at the Pentagon, March 18, 2014. During the Sept. 16, 2013, shooting, a civilian contractor killed 12 employees and wounded several others at the Naval Sea Systems Command headquarters building before being killed by police. DOD photo by Erin A. Kirk-Cuomo
(Click photo for screen-resolution image);high-resolution image available.
The same findings led to the conclusion that “if appropriate procedures had been followed, they would have interrupted the chain of events that led to the Washington Navy Yard shootings,” Navy Adm. John M. Richardson told American Forces Press Service during an interview yesterday.
Shortly after the tragic events that took place Sept. 16, 2013, at Naval Sea Systems Command headquarters, Navy Secretary Ray Mabus appointed Richardson to lead an official investigation in accordance with the Judge Advocate General Manual, or JAGMAN, into the shooting incident that killed 12 people and wounded four others.
Richardson delivered the final report Nov. 8, 2013.
“This report presents recommendations to improve Navy capability against all threats,” the executive summary read, “with a focus on the insider threat.”
Richardson said the report was organized along five general lines.
“One was the history of Aaron Alexis during his military service and his time as a contractor. Then there was a line of effort that described the personnel security program as it applied to him,” he explained.
Other parts of the document discussed force-protection measures at the Navy Yard, physical security and law enforcement measures, incident response and emergency management plans, and the post-incident response to minimize damage and help families of the victims, the admiral added.
Of the report’s 14 recommendations, Richardson said the most immediate involved heightening Navy and contractor workforce awareness of requirements for personnel security and physical security, and using the Washington Navy Yard incident and others as case studies in new training materials to help educate the workforce about insider threats.
“We also recommended that each command do a self-assessment of their compliance with existing recommendations. And we recommended that we ensure proper oversight of each command was in place,” Richardson said.
For the longer term, he added, the report recommended that related programs be assessed for adequacy in light of new information from the Navy Yard incident, and that JAGMAN investigation findings be sent to the defense secretary for use in Defense Department reviews.
In the report, the admiral said, findings were grouped into three categories. Category A findings were those showing that “if appropriate procedures had been followed, they would have interrupted the chain of events that led to the Washington Navy Yard shootings,” Richardson said.
Category B findings showed that if appropriate requirements had been met, it may have interrupted the chain, but it was not definitive, he added, and Category C findings, mostly associated with physical security and emergency response, would not have influenced the chain of events.
“The Category A findings primarily centered on the contractor requirement to report when they have concerns with their employees relative to their suitability to have access to our facilities and our information,” Richardson said.
“Both Hewlett Packard and The Experts Inc. were required to make those reports,” he added. “They had observed Alexis behave in ways that raised those concerns, but they did not make reports to the Navy or to the security service, and therefore, it was impossible to act on that information.”
The Navy’s lead investigator added, “Those are the … the most proximate and relevant findings that, had appropriate procedures been followed, we feel the chain of events would have been interrupted.”
The insider threat also was a focus of new actions DOD is taking to fill security gaps identified by internal and external review panels whose members also studied the Navy Yard shootings.
Defense Secretary Chuck Hagel announced the actions in a press briefing here yesterday.
“The reviews identified troubling gaps in DOD’s ability to detect, prevent and respond to instances where someone working for us -– a government employee, a member of our military or a contractor –- decides to inflict harm on this institution and its people,” Hagel said.
To close the gaps, DOD will implement a continuous evaluation program of DOD contractors and military and civilian personnel with access to DOD facilities or classified information.
The department also will establish an Insider Threat Management and Analysis Center that analyzes results of automated record checks for follow-up, centralize authority for physical and personnel security under a staff assistant in the Office of the Undersecretary of Defense for Intelligence, and accelerate development of the Defense Manpower Data Center’s identity management enterprise services architecture, called IMESA.
IMESA allows DOD security officers to share access-control information and continuously vet individuals against U.S. government databases.
“The continuous evaluation and IMESA programs have been developmental and pilot programs for some period of time,” Marcel Lettre, principal deputy undersecretary of defense for intelligence, said during an interview with American Forces Press Service, “and we recommended those be expanded into full-fledged programs.”
The goal with continuous evaluation is over time to change the way the personnel security system runs, he added, “so that it will start with pilot programs on small test pools of DOD employees and over time will encompass the full cleared population of defense employees, about 2.5 million people.”
There is a sense that such practices are something the whole of government should aspire to, Lettre said, adding that the director of national intelligence and directors of the Office of Personnel Management and the Office of Management and Budget are responsible for catalyzing that effort.
“The insider threat is complex and multifaceted,” Lettre observed. “We've seen different instances of it, … whether it's an incidence of workplace violence or of computer security or, even going back years, we've traditionally thought of the insider threat as encompassing espionage.”
He added, “The tragic events of September 2013 reminded us that the insider threat can be one where a trusted insider enacts violence on his fellow workmates, and that's a dimension that we concluded through these various reviews needs a system that is strengthened to address it in the DOD context.”
Navy and DOD reviews of the Navy Yard shootings, Lettre said, “looked at how to strengthen our response on insider threat and focused on a couple of different aspects. One is moving from a system of periodically reinvestigating cleared, trusted insiders to doing that on an appropriate continuous evaluation level.”
Second, he said, is to better integrate and consolidate information relevant to identifying an insider threat by establishing a defense insider threat management and analysis center that collects information in one place for investigators and can catalyze training and education needed for the workforce.
The third piece, Lettre said, centralizes responsibility more effectively for security programs under the undersecretary of defense for intelligence, and the fourth establishes a more robust identity management enterprise services architecture that helps force providers address the insider threat.
“What that essentially would do is ensure that databases can talk to each other more effectively,” he said, “so if you’re a police officer or a security guard at the gate of an installation and a person comes through with an identity card, you'd be able to tell if there's [derogatory] information that would prevent that individual from coming into the base.”
What the Navy’s lead investigator said he took away from his team’s probe of the Washington Navy Yard shootings is that the insider threat is a very difficult problem.
“It requires that all of us be very mindful of our responsibilities to be aware of our surroundings, be aware of the folks we're working with,” Richardson said.
“If anything we see raises suspicions or concerns with respect to the security of our colleagues, the security of our equipment, the security of our information, we need to raise those concerns and inform somebody,” he said, adding that it may be against human nature sometimes to want to take that step and report such concerns.
“But it will be a critical part of being effective against these types of threats, these insider threats,” the admiral said, “so we're going to have to figure out a way to find that balancing point so we can make these concerns more visible.”
(Follow Cheryl Pellerin on Twitter: @PellerinAFPS)