From the U.S. Government Accountability Office, www.gao.gov Transcript for: Insider Threats to DOD Installations Description: Audio Interview by GAO staff with Joseph Kirschbaum, Director, Defense Capabilities and Management Related GAO Work: GAO-15-543: Insider Threats: DOD Should Improve Information Sharing and Oversight to Protect U.S. Installations Released: July 2015 [ Background Music ] [ Narrator: ] Welcome to GAO's Watchdog Report, your source for news and information from the U.S. Government Accountability Office. It’s July, 2015. The attacks at Fort Hood Texas Military Base in November 2009, and at the Washington Navy Yard in September 2013, were tragic events. In both cases, the shooters had authorized access to these locations. The events drew nationwide attention to insider threats at Department of Defense installations. A team led by Joe Kirschbaum, a director in GAO’s Defense Capabilities and Management team, recently reviewed the DOD’s anti-terrorism and force protection efforts to address insider threats. GAO’s Jacques Arsenault sat down with Joe to talk about what they found. [ Jacques Arsenault: ] The shootings at Fort Hood and the Navy Yard were a tragic and shocking to Americans. What did they tell us about the threats facing military bases in the US? [ Joe Kirschbaum: ] Those attacks told us that on the one hand insider threats is nothing new. On the other hand, those kinds of things are much more publicized and they're happening much more frequently. Traditionally the, the US military has looked at this as what they call force protection, looking at outside the fence line and protecting military personnel installations from attacks happening from the outside and indeed the Department of Defense has a fairly robust set of guidance, policies, procedures, and techniques to do this over the years. But even then it's a difficult prospect, not knowing when an attack is going to occur, from where it's going to come from, and trying to defend against it. Now, imagine how difficult it is when the attack comes from inside the wire, inside the fence line and from a source that, by default, you've given access to and has a clearance in such. So that makes the problem vastly more complex. [ Jacques Arsenault: ] Now, both of these shootings led to official reviews that had many recommendations. How did you find that the Department of Defense is doing at implementing these recommendations? [ Joe Kirschbaum: ] The department is making significant progress. The numbers of the recommendations are large and there are lots of complications with how many recommendations there are and how many sub recommendations are nested. The bottom line is they are making progress on all of the recommendations, even the ones that are relatively new. Where we are concerned with, in particular is tracking what the progress is on fulfilling all of the recommendations; where they're being fulfilled at the military service level and most importantly at the installation level. So we found discrepancies in the Department of Defense's tracking for those recommendations and we're recommending in particular that they pay close attention to whether or not the individual recommendations and actions are being executed at all installations. [ Jacques Arsenault: ] And can you give me a few examples of what some of these recommendations are? [ Joe Kirschbaum: ] All of the recommendations are more general in nature to establish policies and plans. So in and of themselves, that's a large recommendation, but there are sub elements in each of those. So in some ways the department already has procedures and policies in place to do a lot of these things. Now, we looked at a lot of those policies and procedures. We found gaps in those. Once again, the problems from our perspective are ensuring that individual actions that are required from those policies, whether it's training, whether it's individual infrastructure actions, take place at the installation level, that's where the rubber meets the road, that's where these attacks were occurring, and that's where there have been some questions about the department's ability to know what final actions have been taken. [ Jacques Arsenault: ] Now, your team also visited eight different bases in the course of your review. What were some of the things that you found on your visits? [ Joe Kirschbaum: ] We found a fairly broad variety of examples of actions that implement specific recommendations that were made in the independent reviews for both Fort Hood and Washington Navy Yard, but we also found actions that related to some of that broader guidance that I had mentioned before, that are related to things like counter intelligence and force protection and general physical security. And these actions were fairly broad, but we found some good examples of use of training facilities, for example. Two of the installations we visited, they had used vacant buildings and used them for training for active shooter; literally had office mock ups and cubes so that both security inside the base and local law enforcement could practice on these. Another example was a large number of the facilities we visited had agreements with local law enforcement to share information in advance, in preparation for an incident. Those kind of things go a long way to solidify both training and response planning and once again, those were examples of really proactive measures. One of the things we wanted to ensure in particular was that that information is shared across installations and up down the military services chain and we didn't find that that was always the case. [ Jacques Arsenault: ] Finally, what would you say is the bottom line of this report? [ Joe Kirschbaum: ] The bottom line is that insider threats aren't going away. In order to protect the lives of our servicemen, whether they’re overseas or in the United States, particularly those that have been in service and active service in places like in Iraq and Afghanistan and come home to installations where previously they have felt themselves safe. In order to maintain that protection, some concerted effort is in order. The good news is the Department of Defense recognizes and is making great progress in helping protect installations from insider threats. To ensure that that momentum is carrying forward will require constant vigilance, planning, testing of the efforts that are underway, learning those lessons, and making sure they are implemented throughout the Department of Defense and particularly at the installation level. [ Background Music ] [ Narrator: ] To learn more, visit GAO.gov and be sure to tune in to the next episode of GAO's Watchdog Report for more from the congressional watchdog, the U.S. Government Accountability Office.