Services Failing to Track Base Access Years After Mass Shootings, GAO Finds

FacebookXPinterestEmailEmailEmailShare
Senior Airman Clifton Giles, 11th security support squadron military working dog handler, and his dog, Jerry, stand at the main gate as a show of force on Joint Base Andrews, Maryland, March 12, 2019. Giles and Jerry occasionally stand at the front gate to deter possible threats to the base. (Noah Sudolcan/U.S. Air Force)
Senior Airman Clifton Giles, 11th security support squadron military working dog handler, and his dog, Jerry, stand at the main gate as a show of force on Joint Base Andrews, Maryland, March 12, 2019. Giles and Jerry occasionally stand at the front gate to deter possible threats to the base. (Noah Sudolcan/U.S. Air Force)

The U.S. Army, Navy and Marine Corps could do a better job monitoring access to their installations as a way of preventing mass shootings like the one that devastated Fort Hood, Texas, according to a new Government Accountability Office report.

In November 2009, then-Army Maj. Nidal Hasan shot and killed 13 people and wounded another 42 on Fort Hood before being apprehended.

In 2013, Navy contractor Aaron Alexis shot 16 people, killing 12 in a mass shooting at the Navy Yard in Washington, D.C.

All branches of the U.S. military rely on physical access control systems (PACS) to screen people who want to enter installations, checking their identities with FBI and other government databases.

But the GAO found that the Pentagon "didn't know the extent to which its installations were using these systems because the Army, Navy and Marine Corps have not monitored their use," the report states.

"The Air Force and [Defense Logistics Agency] monitor their installations' use of PACS, and the Army, the Navy, and the Marine Corps do not," the report states.

The GAO conducted numerous site visits to domestic installations to observe each component's use of the access systems as part of the effort and found that Air Force and DLA officials routinely collect data on their use and the number of credentials scanned at their installations, according to the report.

Air Force officials use the data to brief installation commanders on the risks associated with not using Defense Biometric Identification Systems (DBIDS) at their bases, the report states.

DBIDS is used by the Air Force, Navy, Marine Corps and DLA to control access to their respective installations. The system uses hardware and software to electronically connect databases using the Defense Department's Identity Matching Engine for Security and Analysis to determine an individual's fitness for access, according to the GAO.

The Defense Manpower Data Center has collected data on the biometric ID system’s technical issues -- ranging from frozen computer screens to faulty equipment in need of replacement -- but has not been able to assess its performance due to a lack of performance measures and associated goals, the GAO found.

The Army uses Automated Installation Entry (AIE) to control access to its installations. The system employs hardware and software to connect to authoritative government databases using the DoD’s identity-matching engine.

Army, Navy and Marine Corps officials stated they do not monitor physical access control system use at their installations because the DoD does not require it, according to the report.

"DoD component officials emphasized the importance of installation commanders having discretion to make risk-based decisions regarding access control in general, and in deciding when or when not to use PACS," the report states. "Nevertheless, [Office of the Under Secretary of Defense for Intelligence], Army, Navy and Marine Corps officials agreed that monitoring installations' use of PACS would be beneficial and could be readily accomplished without significant cost using existing technology."

The Pentagon's lack of a requirement to monitor the use of the access-control systems means that the Army, Navy and Marine Corps "do not know the extent to which PACS are being used at more than 100 installations," according to the GAO. "Consequently, the military services do not have the data they need to evaluate the effectiveness of PACS and inform risk-based decisions to safeguard personnel and mission-critical, high-value installation assets."

As a result of its findings, the GAO made the following five recommendations the Pentagon:

1. The DoD should ensure that the under secretary of defense for Intelligence requires that all components and military departments monitor the use of PACS at their installations.

2. The DoD should ensure that the Army direct that the Office of Provost Marshal General monitors the use of PACS at Army installations.

3. The secretary of the Navy should ensure that the commander of Navy Installations Command monitors the use of PACS at Navy installations.

4. The secretary of the Navy, in coordination with the commandant of the Marine Corps, should ensure that the commander of Marine Corps Installations Command monitors the use of PACS at Marine Corps installations.

5. The secretary of defense should ensure that the under secretary of defense for Personnel and Readiness develops appropriate performance measures and associated goals for the timely resolution of DBIDS technical issues to facilitate improved PACS performance.

The GAO provided a draft of the report to the Pentagon for review, the report states.

"In its written comments ... DoD concurred with our five recommendations and identified actions that it was taking or planned to take to implement our recommendations," the report states.

-- Matthew Cox can be reached at matthew.cox@military.com.

Story Continues