Tightening Security After Navy Yard Tragedy Becomes a Balancing Act

“In the aftermath, it is only natural that we wonder if all people entering a federal facility -- even employees -- should be screened in some way,” said Sen. Tom Carper, D-Del. “In the aftermath, it is only natural that we wonder if all people entering a federal facility -- even employees -- should be screened in some way,” said Sen. Tom Carper, D-Del. Susan Walsh/AP

The lessons from September’s Washington Navy Yard shootings should not include expanding metal-detector searches of federal employees, building security specialists said on Tuesday. But next steps ought to involve improved training of guards and heightened monitoring of agency compliance with recommended risk-mitigation procedures.

Officials from the Homeland Security and Defense departments defended the progress that’s been made on building security governmentwide since the incident, in which mentally troubled contractor Aaron Alexis brought weapons into Navy Yard Building 197 and murdered 12 co-workers.

“In the aftermath, it is only natural that we wonder if all people entering a federal facility -- even employees -- should be screened in some way,” said Sen. Tom Carper, D-Del., chairman of the Senate Homeland Security and Governmental Affairs Committee. “Should we -- to borrow a phrase from Ronald Reagan -- ‘trust, but verify?’ ”

Carper framed the hearing by asking how agencies determine the threats to their specific facilities; whether agencies are properly assessing and prioritizing the vulnerabilities; and how they are responding to threats as they evolve.

Tough questioning came from Sen. Heidi Heitkamp, D-N.D., who faulted both the intergovernmental body advising agencies on improving security and the quality of training of primarily contract guards in confronting active shooters. “There doesn’t seem to be a lot of coordination and when there is, there's not much follow-up,” she said. “When the public sees a uniformed security guard sitting at a desk, there’s an aura of power” except that the guard’s capabilities and role are not clear. “It sends the wrong message to the public.”

Though local commanders have the option of requiring random screening of people entering a facility, “the drawback to screening is a negative impact on mission,” said Stephen Lewis, deputy director for personnel, industrial and physical security policy at the Office of the Undersecretary of Defense for Intelligence. “With 10,000 people coming in the same window, there’s a disincentive to getting the work done.”

Once background checks are performed, “you have to trust the system,” said Caitlin A. Durkovich, Homeland Security’s assistant secretary for infrastructure protection. “There are opportunity costs and resource implications” to checking everyone.

Some agencies, such as the Transportation Department, already screen all employees, said L. Eric Patterson, director of the Federal Protective Service. “But after a background check, people are trustworthy, so I would think this through carefully.”

In discussing solutions, witnesses said all agencies are studying responses to active shooters. They pointed to the limits on training of guards, who, during a crisis, focus on shielding and evacuating employees but depend on local law enforcement under varying state laws to pursue an attacker. They are permitted to confront a live shooter on sight but cannot leave their posts in pursuit, which requires finding “a happy medium” between responding and keeping security officers safe, Patterson said. “There are thousands of buildings, and we don’t have resources to put law enforcement in every building.”

Durkovich said governmentwide protection is a “risk-based process.” Not all buildings are the same, she said, noting that strategies differ for urban versus rural buildings and, for example, for buildings that have child care centers or historic designations.

She acknowledged under questioning that compliance with recommendations of the intergovernmental panel set up after the 1993 bombing of the federal building in Oklahoma City has been left to the agencies themselves.

Patterson said his agency has met six of 13 Government Accountability Office recommendations for improvements in training and communication with staff. GAO analyst Mark Goldstein, however, testified that FPS “continues to lack effective management controls to ensure its guards have met its training and certification requirements.”

Lewis said since the Navy Yard attack, the Pentagon has conducted “internal reviews of gaps and deficiencies and shared other agency best practices.” He expressed promise in a new “enterprise-wide” tool called the Identity Management Enterprise Services Architecture that provides real-time vetting of individuals requiring unescorted access against multiple databases.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.