Skip to main content

Insider Threats: DOD Should Improve Information Sharing and Oversight to Protect U.S. Installations

GAO-15-543 Published: Jul 16, 2015. Publicly Released: Jul 16, 2015.
Jump To:
Skip to Highlights

Highlights

What GAO Found

Since the 2009 Fort Hood shooting, the Department of Defense (DOD) has made efforts to update 7 of 10 key force protection–related policy and guidance documents and is taking steps to revise the remaining 3 to incorporate insider threat considerations. DOD's Fort Hood independent review recommended that the department develop policy and procedures to integrate disparate efforts to protect DOD resources and people against internal threats. GAO also found that DOD does not have a policy for when it would be appropriate for DOD military and contractor personnel to report to DOD base security officials when an individual is observed carrying a weapon on an installation, especially into a work environment. Senior DOD officials acknowledged this policy gap and agreed to take steps to address the issue.

Officials from the eight U.S. installations GAO visited identified actions taken to protect against insider threats. However, DOD has not consistently shared information across the department about the actions it has taken. DOD has issued guidance and recommendations addressing the 2009 Fort Hood shooting stating that DOD should identify and share leading practices to enhance the department's ability to protect the force. For example, installation officials have trained response personnel on active shooter training and piloted a workplace violence risk assessment program. However, DOD is not sharing all the information about such actions because DOD officials are not consistently using existing mechanisms to share information, such as lessons-learned information systems and antiterrorism web portals. Unless the military services consistently use existing mechanisms to share information on insider threats, U.S. installations may miss opportunities to enhance the department's ability to protect the force against such threats.

DOD has taken actions to implement the recommendations from the official reviews of the 2009 Fort Hood and 2013 Washington Navy Yard shootings. However, GAO was unable to identify the number of the 79 Fort Hood recommendations that were fully implemented because DOD has received inconsistent information from the military services and has conducted limited monitoring of recommendation implementation. For example, DOD and military service officials provided differing responses to a questionnaire on the implementation status of some Fort Hood recommendations. In addition, officials from three military services stated that they generally do not monitor the implementation of the recommendations from the Fort Hood independent review at the installation level. Until DOD and the military services improve the consistency of reporting and monitoring of the implementation of recommendations, DOD will be unable to know whether the deficiencies identified in the official review of the 2009 Fort Hood shooting have been addressed. With regard to the official reviews from the 2013 Washington Navy Yard shooting, DOD has taken initial actions towards implementing the four recommendations prioritized by the Secretary of Defense. For example, DOD issued an implementation plan that identifies milestones, timelines, and resource requirements needed to address the four recommendations.

Why GAO Did This Study

The attacks at Fort Hood, Texas, on November 5, 2009, and at the Washington Navy Yard, D.C., on September 16, 2013, drew nationwide attention to insider threats at DOD installations. DOD defines an insider threat as the threat that an insider will use her or his authorized access, wittingly or unwittingly, to do harm to the security of the United States.

House report 113-446 included a provision that GAO review DOD's antiterrorism and force protection efforts to address insider threats. This report evaluates the extent to which DOD has (1) reflected insider threat considerations in its force protection policies and other guidance, (2) shared actions that U.S. installations have taken to protect against insider threats, and (3) implemented recommendations from the official reviews of the 2009 Fort Hood and 2013 Washington Navy Yard shootings. GAO reviewed official reviews from the shootings, DOD force protection–related policies, interviewed agency officials, and visited eight nongeneralizable U.S. installations representing all four military services, a joint base, and different geographic locations.

Recommendations

GAO recommends that DOD consistently use existing mechanisms to share information about actions taken to protect against threats, and take steps to improve the consistency of reporting and monitoring of the implementation of the recommendations from the 2009 Fort Hood review. DOD concurred with GAO's recommendations and cited related actions planned or under way.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Defense To assist U.S. installations in protecting against insider threats, the Secretary of Defense should direct the military services to share information about actions U.S. installations have taken to address insider threats by consistently using existing mechanisms--such as working groups, lessons-learned information systems, and antiterrorism web portals.
Closed – Implemented
DOD concurred with our recommendation, and in response to our draft report stated that the department has working groups in place within the Office of the Under Secretary of Defense for Intelligence and the Mission Assurance Senior Steering Group, conducted a series of site visits to installations in order to share best practices and lessons learned, and established a DOD insider threat website. In July 2018, DOD provided additional documentation that showed the department had used multiple mechanisms to share information on insider threats across the department with installation-level personnel, such as a monthly counter insider threat newsletter, conferences, and a DOD insider threat program sharepoint-which is a web-based collaborative platform to share information. The use of these mechanisms by DOD to share information on insider threats across the department shows that DOD is sharing information using various mechanisms and we believe meets the intent of our recommendation.
Department of Defense To assist DOD leadership in their oversight and decision-making process, the Secretary of Defense should direct the DOD leaders on the Mission Assurance Coordination Boards and the military services to take steps to improve the consistency of reporting and monitoring of the implementation of recommendations from the independent review of the 2009 Fort Hood shooting. Such steps could include DOD and the military services developing criteria for consistent reporting on the progress of recommendations and the military services providing periodic reports to the Mission Assurance Coordination Boards on the status of Fort Hood recommendations at the service level and installation level.
Closed – Implemented
DOD concurred with our recommendation and in response to our draft report stated that the Mission Assurance Senior Steering Group would monitor the status of Fort Hood recommendations at the military service level to ensure full implementation. In January 2017 DOD issued a memo that recommended close out of the remaining recommendations from the independent review of the 2009 Fort Hood shooting and in a February 2017 memo tasked the DOD components with combining Prevention, Assistance, and Response (PAR) capabilities with the DOD Insider Threat Program. According to the memos, the Mission Assurance Coordination Board (MACB) would continue to monitor implementation of the new capabilities and directed the DOD components to report to the MACB any progress made and resources required for implementation. In addition a memo issued in April 2017 reiterated MACB monitoring of progress and established implementation metrics and a quarterly reporting requirement for DOD component reporting on development of PAR capabilities . We believe these collective actions demonstrate that the department has improved its ability to monitor and track implementation of insider threat recommendations.

Full Report

Office of Public Affairs

Topics

AntiterrorismAuthorized accessBest practicesEmployee trainingEmployeesFacility securityInformation disclosureInternal controlsLessons learnedMilitary communicationMilitary facilitiesMilitary forcesMilitary operationsMilitary personnelMilitary policiesMilitary trainingMonitoringReporting requirementsSecurity threatsTraining utilizationWorkplace violenceInformation sharingPolicies and procedures