Skip to main content

Capitol Attack: Federal Agencies Identified Some Threats, but Did Not Fully Process and Share Information Prior to January 6, 2021 [Reissued with revisions on Jul. 21, 2023]

GAO-23-106625 Published: Feb 28, 2023. Publicly Released: Feb 28, 2023.
Jump To:

Fast Facts

As part of our comprehensive look at the events of January 6, 2021, we examined how federal agencies identified potential threats, and how they used this information to prepare for and respond to the Capitol attack.

We found that all 10 federal agencies that we examined identified potential threats of violence before January 6, but some agencies either didn't follow their established policies or procedures for reviewing the threats, or didn't share critical information with partners responsible for planning security measures.

We made recommendations to five agencies to improve how they review and share information about potential threats.

Capitol Police Photo of January 6, 2021 Attack

police wearing body armor and responding to the attack

Reissued with Revisions Jul 21, 2023
On July 21, 2023 a sentence and footnote on page 1 of this report were revised to clarify the source of the estimated amount of losses and costs caused by the events.
Skip to Highlights

Highlights

What GAO Found

In the weeks leading up to January 6, 2021, agencies obtained information on potential threats from various sources including investigations, open sources, and social media tips. All 10 federal agencies GAO reviewed identified potential threats of violence, and two—the FBI and the Capitol Police—identified credible threats.

However, some agencies did not fully process information or share it, preventing critical information from reaching key federal entities responsible for securing the National Capital Region against threats. For example,

  • The FBI and the Department of Homeland Security (DHS) Office of Intelligence and Analysis (I&A) did not consistently follow agency policies or procedures for processing tips or potential threats because they did not have controls to ensure compliance with policies. Identifying and remediating internal control deficiencies (reasons why staff did not consistently follow policies) will help FBI and DHS I&A ensure policies are consistently followed and help ensure potential threats are developed and investigated, as appropriate.
  • DHS I&A, Capitol Police, and Park Police did not consistently share all fully developed threat information with relevant stakeholders. For example, DHS I&A did not share threat products based on open sources with certain law enforcement partners. Capitol Police did not share threat products with its frontline officers. GAO found that DHS I&A did not have internal controls, and other agencies did not have policies to enable sharing of threat information.

Capitol Police photo above the Capitol Building on January 6, 2021

HL_5 - 106625

Most agencies generally used the same methods to identify threats related to January 6 as they did for other demonstrations in D.C., such as the racial justice demonstrations in summer 2020 and the Make America Great Again (MAGA) I and MAGA II demonstrations in fall 2020. DHS I&A officials said they were hesitant to report on January 6 threats due to scrutiny of reporting of other events in 2020.

Why GAO Did This Study

Prior to and during the events of January 6, 2021, federal, state, and local entities were responsible for identifying and sharing information on potential threats to inform security measures and ensure the safety of the U.S. Capitol.

GAO was asked to review the January 6, 2021 attack. This is the seventh in a series of reports and addresses (1) how federal agencies identified threats related to the events of January 6, 2021; (2) the extent to which federal agencies took steps to process and share threat information prior to the events of January 6, 2021; and (3) how federal agencies identified threat information for the events of January 6, 2021 compared to other large demonstrations in Washington, D.C.

To conduct this work, GAO compared agency actions to process and share threat information with policies and procedures for conducting these activities. GAO interviewed officials and reviewed agency threat products. GAO did not review certain threat information that was subject to ongoing investigations or prosecutions. GAO also interviewed officials from the social media platforms Facebook, Parler, and Twitter about information they shared with federal agencies. This report is a public version of a sensitive report issued in January 2023. Information that agencies deemed sensitive has been omitted.

Reissued with revisions on Jul. 21, 2023

On July 21, 2023 a sentence and footnote on page 1 of this report were revised to clarify the source of the estimated amount of losses and costs caused by the events.

Recommendations

In the January 2023 report, GAO made 10 recommendations to five agencies to, for example, assess internal control deficiencies related to processing or sharing information. The agencies concurred with the recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Federal Bureau of Investigation The Director of the FBI should assess the extent to which and why personnel did not process information related to the events of January 6 according to policy. (Recommendation 1)
Closed – Implemented
In July 2023, the FBI reevaluated how it processed threat information shared by social media platforms leading up to the events of January 6. As part of this reevaluation, the FBI assessed whether FBI personnel developed reports on threat information received from two social media platforms in accordance with policy. The assessment determined that the Counterterrorism Division did not process information from a social media platform according to policy because it did not receive the information until after January 6. It also found that the Austin Residence Agency did not process about 30 percent of referrals it received directly from a social media platform according to policy because it lacked defined threat intake procedures for the newly developed relationship. Specifically, the social media platform had a single point of contact with the Austin Residence Agency's Cyber Squad, which created the potential for the single point failure (e.g. some emails went to the point of contact's "junk mail"). Assessing the extent to which personnel did not process threats, and why, can help determine if the processing failures were indicative of a larger problem, or demonstrated the need for improving internal controls. We consider this recommendation closed as implemented.
Federal Bureau of Investigation The Director of the FBI should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow policies for processing information. (Recommendation 2)
Closed – Implemented
In July 2023, the FBI implemented a plan to address internal control deficiencies identified in its assessment of the extent to which personnel processed threats shared by social media platforms according to policy. Specifically, to address the internal control deficiency that resulted in the Austin Residency Agency's inconsistent processing of threat information, it implemented the FBI's National Threat Operations Center procedures for reporting tips on federal crimes and terrorist activity in place of its existing process. The National Threat Operations Center procedures centralizes information for tracking and analysis and ensures information is processed into reports. Implementing a plan to address any identified deficiencies can help ensure the FBI is processing tips in accordance with policy and increasing awareness of potential threats. We consider this recommendation closed as implemented.
Office of Intelligence and Analysis
Priority Rec.
The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel follow existing and updated policies for processing open source threat information. (Recommendation 3)
Open
In February 2023, we reported that DHS I&A did not process all relevant open source threat-related information related to the events of January 6. To help address this issue, we recommended that DHS I&A assess the extent to which personnel did not process information. As of March 2024, DHS I&A offices are partnering to collaborate efforts to close out the assessments and report the findings of the I&A Secretary's 90-day review of I&A's open source intelligence program. I&A expects this review to include a deep-dive examination into the program's objectives, policies, procedures, and safeguards along with the development of potential reform recommendations, including with respect to internal controls that ensure personnel follow existing and updated policies for processing open-source threat information. I&A expects to complete the report by June 28, 2024. We will continue to monitor I&A's progress.
Office of Intelligence and Analysis The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for processing open source threat information. (Recommendation 4)
Open
In February 2023, we reported that DHS I&A did not process all relevant open source threat-related information. To help address this issue, we recommended that DHS I&A implement a plan to address any internal control deficiencies identifies as a result of the assessment. DHS I&A stated that it will work with stakeholders to develop corrective actions plans to address internal control deficiencies. The corrective action plans will include root cause analysis, remediation milestones with due dates, and follow-up actions to be reported to DHS senior leadership on a quarterly basis. As of March 2024, DHS I&A offices are partnering to collaborate efforts to close out the assessments and report the findings of the I&A Secretary's 90-day review of I&A's open source intelligence program. I&A expects this review to include a deep-dive examination into the program's objectives, policies, procedures, and safeguards along with the development of potential reform recommendations, including with respect to internal controls that ensure personnel follow existing and updated policies for processing open-source threat information. I&A expects to complete the report by June 28, 2024. We will continue to monitor I&A's progress.
Office of Intelligence and Analysis
Priority Rec.
The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 5)
Open
In February 2023, we reported that DHS I&A did not share threat-related information with relevant agencies, such as Capitol Police. To help address this issue, we recommended that DHS I&A assess the extent to which personnel did not share information. As of March 2024, DHS I&A offices are partnering to collaborate efforts to close out the assessments and report the findings of the I&A Secretary's 90-day review of I&A's open source intelligence program. I&A expects this review to include a deep-dive examination into the program's objectives, policies, procedures, and safeguards along with the development of potential reform recommendations, including with respect to internal controls that ensure personnel follow existing and updated policies for processing open-source threat information. I&A expects to complete the report by June 28, 2024. We will continue to monitor I&A's progress.
Office of Intelligence and Analysis The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 6)
Open
In February 2023, we reported that DHS I&A did not share threat-related information with relevant agencies, such as Capitol Police. To help address this issue, we recommended that DHS I&A implement a plan to address any internal control deficiencies identifies as a result of the assessment. DHS I&A stated that it will work with stakeholders to develop corrective actions plans to address internal control deficiencies. The corrective action plans will include root cause analysis, remediation milestones with due dates, and follow-up actions to be reported to DHS senior leadership on a quarterly basis. As of March 2024, DHS I&A offices are partnering to collaborate efforts to close out the assessments and report the findings of the I&A Secretary's 90-day review of I&A's open source intelligence program. I&A expects this review to include a deep-dive examination into the program's objectives, policies, procedures, and safeguards along with the development of potential reform recommendations, including with respect to internal controls that ensure personnel follow existing and updated policies for processing open-source threat information. I&A expects to complete the report by June 28, 2024. We will continue to monitor I&A's progress.
U.S. Capitol Police The Chief of Capitol Police should establish policies for sharing threat-related information agency-wide. (Recommendation 7)
Closed – Implemented
In March 2023, U.S. Capitol Police updated its information-sharing standard operating procedures to, among other things, ensure the appropriate distribution of intelligence to officers in instances where there are potential operational or safety impacts. In addition, Capitol Police officials have implemented a process to disseminate intelligence information, such as incident action plans and intelligence reports, to all Capitol Police personnel through an application installed on all personnel's Department-issued cell phones and have provided guidance to personnel on how to use the application. Establishing these procedures for sharing threat-related information agency-wide can help ensure all relevant personnel have the information they need to perform their duties. We consider this recommendation closed as implemented.
Capitol Police Board The Capitol Police Board should update its policy to include specific roles and responsibilities for sharing information to ensure consistent and timely sharing of information amongst the Board. (Recommendation 8)
Closed – Implemented
In November 2023, the Capitol Police Board updated its information-sharing policy to, among other things, clarify roles and responsibilities for sharing information amongst Board members. Specifically, the manual directs Board members that receive or learn of threat intelligence or threat information related to security of the Capitol Buildings or Grounds, or Members of Congress or staff, to share the information in a timely and appropriate manner with other Board members. In January 2024, the Board clarified that Board members are responsible for sharing threat information within their scope as expeditiously as possible. For example, the Architect of the Capitol is to share information with other Board members related to physical infrastructure threats. Members may also share such information at Board meetings, via email, and other mechanisms. Updating this policy for sharing threat-related information among Board members can help ensure all relevant members have information to perform security duties. We consider this recommendation closed as implemented.
United States Park Police The Chief of Park Police should update its policies to clarify how it uses information from other agencies on potential threats of violence. (Recommendation 9)
Closed – Implemented
In February 2023, we reported that the Park Police did not process all relevant threat-related information, such as information from other agencies, in its threat products. We recommended that the Park Police update its policies to clarify how it uses threat-related information from other agencies. In response, in June 2023, Park Police updated its Guideline Manual to, among other things, ensure that Intelligence and Counterterrorism Branch personnel obtain information, regardless of sources, in cases where there is a reasonable suspicion that individuals or organizations may be planning or engaging in criminal activity that could impact park visitors, resources, personnel, or sponsored events. Specifically, the Guideline Manual notes that Intelligence and Counterterrorism Branch personnel may acquire information from internal sources as well as from other government agencies, including the Federal Bureau of Investigation, the Department of Homeland Security, and state and local partners. Further, the Guideline Manual notes that the branch will process information-from evaluating reliability and validity to analyzing threat priority-into reports for use by operational commanders. Clarifying these guidelines to better define the scope of information to obtain, consider, and use when developing threat products can help inform operational decisions based on the current threat environment. We consider this recommendation closed as implemented.
United States Park Police The Chief of Park Police should establish a process for determining what threat-related information it shares with National Park Service permit officials. (Recommendation 10)
Closed – Implemented
In April 2023, U.S. Park Police updated its Guideline Manual to, among other things, ensure that National Park Service personnel receive threat information efficiently and effectively. In addition, the Guideline Manual establishes an information-sharing process, coordinated by Park Police's Intelligence and Counter-terrorism Branch and identifies counterparts between the National Park Service and Park Police by division for information sharing. Establishing a process for Park Police to share information with relevant National Park Service personnel can help ensure that National Park Service personnel consider relevant threat information when approving event permits. We consider this recommendation closed as implemented.

Full Report

GAO Contacts

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Topics

CounterterrorismCriminal investigationsDomestic terrorismFederal agenciesHomeland securityInformation sharingInteragency relationsInternal controlsLaw enforcementPoliceProtestsSecret serviceSocial media