Audit finds Navy installations still vulnerable

More than two years after the deadly Navy Yard shooting, there are still significant gaps in how officials screen entrants to Navy facilities, according to the Defense Department inspector general.

Navy officials did not properly tap the FBI's National Crime Information Center database when screening contractors who were applying for unescorted access to Navy facilities, the IG concluded in a report. The finding demonstrates a failure to implement a recommendation the IG made in September 2013.

Of a July 2014 sample of 945 applicants, just 85 -- less than 10 percent -- were vetted through NCIC, according to the report. However, 837 applicants were vetted through the Interstate Identification Index (Triple I), a database accessible via NCIC, and 52 applicants were not vetted through either method.

The IG report attributes the slack use of NCIC to the failure of the Commander, Navy Installations Command (CNIC) to "provide specific instructions on the appropriate type of queries necessary to access NCIC." The use of manual records and inadequate use of biographical information were other reasons for the shoddy screening, the IG found. A summary of the report was publicly released in November. The full report was made public on Dec. 18.

In September 2013, Aaron Alexis, a contractor who held a security clearance, shot and killed 12 people at the Washington Navy Yard. A Pentagon review of the shooting and the clearance process found that the Navy did not properly record multiple red flags during Alexis' active-duty service, and there was weak oversight of his clearance once it was granted.

The IG report published this week shows that much work is still needed to keep potential malcontents and criminals out of Navy facilities.

Part of the problem appears to be interoperability. During the audit, CNIC began implementing the OpenFox system, which creates a gateway between state law enforcement systems and national ones like NCIC.

Before adopting OpenFox, Navy officials generally used a query that accessed the Triple I system but not NCIC, according to the IG report.

In November 2014, after Navy installations began using OpenFox, the IG sampled 39 applicants. At the six installations that had OpenFox, all 34 applicants were properly vetted through NCIC. At the one installation without OpenFox, none of the five applicants were properly vetted. As of July 2015, 51 of 120 Navy sites had yet to implement OpenFox, according to the IG.

Among the IG's recommendations are that CNIC accelerate the use of the OpenFox system and prevent officials from processing registrations for those who have not been vetted through NCIC.

The federal government is working toward automating the process of maintaining security clearances, a shift that would save money and detect those at risk of losing their security clearances.

Legislators are trying to prod the executive branch along on security clearance reform. The $1.1 trillion omnibus spending bill Congress passed Dec. 18 requires agencies to implement enhanced security reviews of employees with clearances.