Audit finds Navy installations still vulnerable

DOD IG logo

More than two years after the deadly Navy Yard shooting, there are still significant gaps in how officials screen entrants to Navy facilities, according to the Defense Department inspector general.

Navy officials did not properly tap the FBI's National Crime Information Center database when screening contractors who were applying for unescorted access to Navy facilities, the IG concluded in a report. The finding demonstrates a failure to implement a recommendation the IG made in September 2013.

Of a July 2014 sample of 945 applicants, just 85 -- less than 10 percent -- were vetted through NCIC, according to the report. However, 837 applicants were vetted through the Interstate Identification Index (Triple I), a database accessible via NCIC, and 52 applicants were not vetted through either method.

The IG report attributes the slack use of NCIC to the failure of the Commander, Navy Installations Command (CNIC) to "provide specific instructions on the appropriate type of queries necessary to access NCIC." The use of manual records and inadequate use of biographical information were other reasons for the shoddy screening, the IG found. A summary of the report was publicly released in November. The full report was made public on Dec. 18.

In September 2013, Aaron Alexis, a contractor who held a security clearance, shot and killed 12 people at the Washington Navy Yard. A Pentagon review of the shooting and the clearance process found that the Navy did not properly record multiple red flags during Alexis' active-duty service, and there was weak oversight of his clearance once it was granted.

The IG report published this week shows that much work is still needed to keep potential malcontents and criminals out of Navy facilities.

Part of the problem appears to be interoperability. During the audit, CNIC began implementing the OpenFox system, which creates a gateway between state law enforcement systems and national ones like NCIC.

Before adopting OpenFox, Navy officials generally used a query that accessed the Triple I system but not NCIC, according to the IG report.

In November 2014, after Navy installations began using OpenFox, the IG sampled 39 applicants. At the six installations that had OpenFox, all 34 applicants were properly vetted through NCIC. At the one installation without OpenFox, none of the five applicants were properly vetted. As of July 2015, 51 of 120 Navy sites had yet to implement OpenFox, according to the IG.

Among the IG's recommendations are that CNIC accelerate the use of the OpenFox system and prevent officials from processing registrations for those who have not been vetted through NCIC.

The federal government is working toward automating the process of maintaining security clearances, a shift that would save money and detect those at risk of losing their security clearances.

Legislators are trying to prod the executive branch along on security clearance reform. The $1.1 trillion omnibus spending bill Congress passed Dec. 18 requires agencies to implement enhanced security reviews of employees with clearances.

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.