Two years after a gunman killed 12 people at the Washington Navy Yard headquarters of Naval Sea Systems Command, an internal Navy audit of security measures at the same building found stunning security lapses and concluded that the Navy had skimped on recommended safety measures to save money, according to documents obtained by Navy Times.
The findings, which come from a December 2015 briefing by Inspector General officials that was obtained by Navy Times, reveal a bewildering array of shortfalls including unqualified civilian-contract security guards and a failure to properly mitigate both insider and terror threats.
The NAVSEA building's security was so lax that guards allowed one undercover investigator from the IG's team to enter the building without being challenged, according to the report.
The report found that the guards lacked basic knowledge of Navy security procedures, including the proper configuration of their weapons or when they were authorized to use them, the assessment reads.
"Most guards did not know weapons readiness conditions, the maximum effective range of their weapons, or all the conditions under which deadly force is authorized," the report reads.
IG inspectors found that the safe where guards stored ammunition was left unlocked and open because nobody knew the combination and the door was broken and couldn't be shut anyway.
The IG also found lapses with the Navy's management of security clearances, a problem that came under a spotlight after the September 2013 shooting and that Navy officials had promised to fix.
Since the IG's investigation, NAVSEA officials stress that fixing the lapses has been and remains a top priority, and that many of the flaws cited by the IG have already been fixed. But the report raises questions about how such a lax security culture could set in so quickly after the September 2013 tragedy that drew national attention.
Concerns about security on military bases intensified after the September 2013 shooting, when Aaron Alexis, a 34-year-old civilian contractor and troubled former sailor, entered the NAVSEA building with a disassembled shotgun in a bag over his shoulder and soon began shooting indiscriminately, killing 12 people and wounding eight. Alexis was later killed by police.
Alexis had a documented pattern of disturbing behavior involving firearms and multiple run-ins with law enforcement but managed to maintain his security clearance because of his own lies and gaps in the clearance reporting process.
A Pentagon review later determined that the shooting could have been prevented "had proper procedures been followed" in vetting personnel for access to the Navy Yard and its buildings. Top Navy and Defense Department officials repeatedly said that they were implementing a long list of improved security measures at the Navy Yard and across the force.
Then-Defense Secretary Chuck Hagel vowed to improve security on military bases when the Pentagon published the findings of its initial investigation into the shooting and the security failures it revealed.
"Together we're going to do everything possible to provide our people as safe and secure a workplace as possible," Hagel said in a March 2014 press conference.
Yet serious problems remained more than two years after the shooting, when the Navy's Inspector General, the service's top internal watchdog, sent a team of investigators to the Navy Yard and to the NAVSEA headquarters to test and examine the security measures. The inspection took place seven months after the reopening of Building 197.
The report makes clear the NAVSEA building's guards had not attended a mandatory training course for Navy security guards, and a separate redacted report on the inspection obtained by Navy Times via the Freedom of Information Act makes clear the guards felt they were inadequately trained.
"Several [contracted security guards] stated they had received only minimum training to execute their responsibilities," the report reads. "Besides weapons training, other areas where only minimum training was administered include standard operating procedures, [pre-planned responses], and knowledge of command-specific rules, regulations, and policy."
On top of the physical security shortcomings, the IG's inspectors found deficiencies in numerous other areas including security clearance management that was a key concern in the wake of the shootings.
NAVSEA officials stress that they've taken the IG's review to heart and that NAVSEA top officer Vice Adm. Thomas Moore, who took command in June, has made enacting the reforms a priority. Of the 215 deficiencies identified in the IG's final report, 85 percent have been either closed out or submitted for closure, and Moore receives regular status updates on the remaining 33, said NAVSEA spokesman Rory O'Connor.
"The goal is 100 percent and Adm. Moore is not going to accept anything less than that," O'Connor said.
Navy Times provided its documents to retired Vice Adm. William Hilarides, who was in command of NAVSEA during the shooting and led the command through the aftermath, seeking comment but he declined to do so through a spokesman.
Many of the details disclosed here came from the internal document obtained by Navy Times, which was dated December 2015 and reflected the IG's initial briefing to Navy leaders about the findings from its inspection. Many of those details were redacted from the IG's final report from July, which was officially released on Jan. 5 after a Navy Times Freedom of Information Act request.
The IG's investigation raises questions about the Navy's post-shooting renovation to the building, which came with $63 million price tag and was completed shortly before the IG's inspection. The IG found that the Navy skimped on NAVSEA-recommended security enhancements to the building including turnstiles, expanded security camera coverage and metal detector wands.
The briefing report noted that those measures were not required but were recommended. Investigators found that employees who worked in the building wanted the increased security measures but the cost considerations trumped the recommendations.
"Our review found that keeping costs to a minimum while meeting minimum requirements during the renovation were the primary considerations," the report reads. "While enhancements are optional and do incur costs, the return on investment back to the workforce warrants further dialogue and consideration."
Experts say that the kind of decisions the Navy made in regards to security are common in businesses.
"Often times when companies make decisions about security measures and hardening, such as with turnstiles or magnetometers, dollars are driving those decisions," said Jim Moore, a private security consultant with the Manhattan-based security firm Kroll. Moore said other considerations include what kind of face the company wants to present to visitors and managing the flow of workers in and out of the building.
The review also noted that NAVSEA had failed to adequately address insider threats, another key focus of the post-shooting investigation.
"The September 2013 active-shooter incident highlighted the danger posed by an Insider Threat," the report reads. "NAVSEA made significant efforts to reconstitute its workforce into the refurbished headquarters building. However, it needs to establish integrated processes and procedures, and equip itself with the required tools to effectively identify and counter insider threats."
Among the discrepancies found were shortfalls in NAVSEA's handling of its security clearance program, which was a major concern raised by the initial investigation into Alexis' shooting. Notably, Alexis's coworkers had raised concerns about his increasingly bizarre behavior the same year as the shooting but that did not impact his clearance.
The Navy's initial post-shooting investigation, conducted by now-Chief of Naval Operations Adm. John Richardson, recommended a system of continuous evaluation of security clearances, which Hagel pledged to replicate across the military.
But the IG's review two years after the shooting found that 111 employees — or about three percent of NAVSEA headquarters staff —had expired background checks that needed to be updated and some employees in its information technology department were missing background checks entirely.
The IG recommended that several of NAVSEA's departments audit all the clearance data in its security clearance management program the Joint Personnel Adjudication System.
Among the study's other findings:
- NAVSEA had not conducted any self-assessment of its anti-terrorism programs in three years, a time period that included the 2013 shootings and its aftermath. The self-assessment is an annual requirement, the report said.
- Ten of the IG’s findings overlapped with at least five previous reviews of NAVSEA security programs, including the review conducted by Richardson in the wake of the 2013 shooting, though the repeat findings were redacted from the full report.
- The command hadn’t performed an inventory of its Top Secret holdings in more than 23 months and the custodian of the holdings had turned over with a relief without conducting an inventory during that same period. The inventory is required annually, and NAVSEA has since conducted the review.
NAVSEA officials say that since the IG's review, the atmosphere of security has changed notably at the headquarters building. O'Connor declined to comment on any of the individual findings in the report citing a policy of not discussing specific security measures in public, but said that many of the recommended security changes have been implemented. (O'Connor did say the defective ammunition safe was fixed during the IG's inspection.)
Even Vice Adm. Moore, on his second day as NAVSEA head, was denied access to the building when his access badge wouldn't scan in correctly, O'Connor said, even though Moore was in uniform.