Capitol Attack: Federal Agencies Identified Some Threats, but Did Not Fully Process and Share Information Prior to January 6, 2021 [Reissued with revisions on Jul. 21, 2023]
GAO-23-106625
Published: Feb 28, 2023. Publicly Released: Feb 28, 2023.
Fast Facts
As part of our comprehensive look at the events of January 6, 2021, we examined how federal agencies identified potential threats, and how they used this information to prepare for and respond to the Capitol attack.
We found that all 10 federal agencies that we examined identified potential threats of violence before January 6, but some agencies either didn't follow their established policies or procedures for reviewing the threats, or didn't share critical information with partners responsible for planning security measures.
We made recommendations to five agencies to improve how they review and share information about potential threats.
Capitol Police Photo of January 6, 2021 Attack
On July 21, 2023 a sentence and footnote on page 1 of this report were revised to clarify the source of the estimated amount of losses and costs caused by the events.
Highlights
What GAO Found
In the weeks leading up to January 6, 2021, agencies obtained information on potential threats from various sources including investigations, open sources, and social media tips. All 10 federal agencies GAO reviewed identified potential threats of violence, and two—the FBI and the Capitol Police—identified credible threats.
However, some agencies did not fully process information or share it, preventing critical information from reaching key federal entities responsible for securing the National Capital Region against threats. For example,
- The FBI and the Department of Homeland Security (DHS) Office of Intelligence and Analysis (I&A) did not consistently follow agency policies or procedures for processing tips or potential threats because they did not have controls to ensure compliance with policies. Identifying and remediating internal control deficiencies (reasons why staff did not consistently follow policies) will help FBI and DHS I&A ensure policies are consistently followed and help ensure potential threats are developed and investigated, as appropriate.
- DHS I&A, Capitol Police, and Park Police did not consistently share all fully developed threat information with relevant stakeholders. For example, DHS I&A did not share threat products based on open sources with certain law enforcement partners. Capitol Police did not share threat products with its frontline officers. GAO found that DHS I&A did not have internal controls, and other agencies did not have policies to enable sharing of threat information.
Capitol Police photo above the Capitol Building on January 6, 2021
Most agencies generally used the same methods to identify threats related to January 6 as they did for other demonstrations in D.C., such as the racial justice demonstrations in summer 2020 and the Make America Great Again (MAGA) I and MAGA II demonstrations in fall 2020. DHS I&A officials said they were hesitant to report on January 6 threats due to scrutiny of reporting of other events in 2020.
Why GAO Did This Study
Prior to and during the events of January 6, 2021, federal, state, and local entities were responsible for identifying and sharing information on potential threats to inform security measures and ensure the safety of the U.S. Capitol.
GAO was asked to review the January 6, 2021 attack. This is the seventh in a series of reports and addresses (1) how federal agencies identified threats related to the events of January 6, 2021; (2) the extent to which federal agencies took steps to process and share threat information prior to the events of January 6, 2021; and (3) how federal agencies identified threat information for the events of January 6, 2021 compared to other large demonstrations in Washington, D.C.
To conduct this work, GAO compared agency actions to process and share threat information with policies and procedures for conducting these activities. GAO interviewed officials and reviewed agency threat products. GAO did not review certain threat information that was subject to ongoing investigations or prosecutions. GAO also interviewed officials from the social media platforms Facebook, Parler, and Twitter about information they shared with federal agencies. This report is a public version of a sensitive report issued in January 2023. Information that agencies deemed sensitive has been omitted.
Reissued with revisions on Jul. 21, 2023
On July 21, 2023 a sentence and footnote on page 1 of this report were revised to clarify the source of the estimated amount of losses and costs caused by the events.Recommendations
In the January 2023 report, GAO made 10 recommendations to five agencies to, for example, assess internal control deficiencies related to processing or sharing information. The agencies concurred with the recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Federal Bureau of Investigation | The Director of the FBI should assess the extent to which and why personnel did not process information related to the events of January 6 according to policy. (Recommendation 1) |
In July 2023, the FBI reevaluated how it processed threat information shared by social media platforms leading up to the events of January 6. As part of this reevaluation, the FBI assessed whether FBI personnel developed reports on threat information received from two social media platforms in accordance with policy. The assessment determined that the Counterterrorism Division did not process information from a social media platform according to policy because it did not receive the information until after January 6. It also found that the Austin Residence Agency did not process about 30 percent of referrals it received directly from a social media platform according to policy because it lacked defined threat intake procedures for the newly developed relationship. Specifically, the social media platform had a single point of contact with the Austin Residence Agency's Cyber Squad, which created the potential for the single point failure (e.g. some emails went to the point of contact's "junk mail"). Assessing the extent to which personnel did not process threats, and why, can help determine if the processing failures were indicative of a larger problem, or demonstrated the need for improving internal controls. We consider this recommendation closed as implemented.
|
| Federal Bureau of Investigation | The Director of the FBI should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow policies for processing information. (Recommendation 2) |
In July 2023, the FBI implemented a plan to address internal control deficiencies identified in its assessment of the extent to which personnel processed threats shared by social media platforms according to policy. Specifically, to address the internal control deficiency that resulted in the Austin Residency Agency's inconsistent processing of threat information, it implemented the FBI's National Threat Operations Center procedures for reporting tips on federal crimes and terrorist activity in place of its existing process. The National Threat Operations Center procedures centralizes information for tracking and analysis and ensures information is processed into reports. Implementing a plan to address any identified deficiencies can help ensure the FBI is processing tips in accordance with policy and increasing awareness of potential threats. We consider this recommendation closed as implemented.
|
| Office of Intelligence and Analysis |
Priority Rec.
The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel follow existing and updated policies for processing open source threat information. (Recommendation 3) |
In February 2023, we reported that DHS I&A did not process all relevant open source threat information related to the events of January 6. To help address this issue, we recommended that I&A assess the extent to which personnel did not process information. As of July 2025, I&A has taken steps to fully address this recommendation. For example, in December 2024, DHS I&A completed its 360 review and a separate intelligence collection program review to promote operational alignment with its mission. The assessments included a thorough examination of the internal controls to ensure its personnel are in compliance with policies for processing open source threat information. In addition, DHS I&A revised its policy for the Open Source Intelligence (OSINT) collection program. This policy prescribed coordination with the DHS Office of the General Counsel's Intelligence Law Division, the DHS Privacy Office, and the DHS Office for Civil Rights and Civil Liberties to ensure legal sufficiency and protection of privacy and civil liberties among other things. As a result of this action, DHS is better positioned to ensure controls are in place to guide personnel in consistently following policies for processing open source threat information to increase awareness of potential threats. We consider this recommendation closed as implemented.
|
| Office of Intelligence and Analysis | The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for processing open source threat information. (Recommendation 4) |
In February 2023, we reported that DHS I&A did not process all relevant open source threat-related information. To help address this issue, we recommended that DHS I&A implement a plan to address any internal control deficiencies identified as a result of its assessment. As of July 2025, I&A has taken steps to fully address this recommendation. For example, in December 2024, DHS I&A completed its 360 review and a separate intelligence collection program review to promote operational alignment with its mission. Following the reviews, I&A has been implementing a detailed plan to address identified internal control deficiencies. This plan is designed to ensure that personnel consistently follow the policies for processing open source threat information and enhance the efficacy of the intelligence collection program and address internal control deficiencies. DHS I&A also issued updated guidance which implements a process to document internal control deficiencies found during annual assessments and steps to take to address the deficiencies in mission action plans. It also includes collection related training and certification requirements and policies for complying with intelligence oversight guidelines and establishes accountability for non-adherence to the established guidance. As a result of these actions, DHS is better positioned to ensure controls are in place to guide personnel in consistently following policies for processing open source threat information. Such actions will help provide information to increase DHS I&A and its partners' awareness of potential threats. We consider this recommendation closed as implemented.
|
| Office of Intelligence and Analysis |
Priority Rec.
The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 5) |
In February 2023, we reported that DHS I&A did not share threat-related information with relevant agencies, such as Capitol Police. To help address this issue, we recommended that DHS I&A assess the extent to which personnel did not share information. As of July 2025, I&A has taken steps to fully address this recommendation. For example, in December 2024, DHS I&A completed its 360 review and a separate intelligence collection program review to promote operational alignment with this statutory mission and field presence. These assessments included a thorough examination of the internal controls to ensure its personnel's compliance with policies for sharing threat-related information. Following the reviews, DHS I&A issued updated guidance that prescribed the coordination with the DHS Office of the General Counsel's Intelligence Law Division, the DHS Privacy Office, and the DHS Office for Civil Rights and Civil Liberties to ensure legal sufficiency and protection of privacy and civil liberties among other things. Additionally, the guidance required development of a standardized collection planning process, and standard operating procedures to ensure compliance with the Program of Analysis and Operating Directive and mission requirements. I&A also realigned its field presence of intelligence collectors and analysts to better support consistent, timely, and relevant threat-related information with relevant agencies such as the Capitol Police and other state, local, tribal, territorial, and private sector partners. As a result of this action, DHS is better positioned to ensure that DHS I&A personnel consistently follow policies for sharing threat-related information to achieve its objectives for sharing information about threats and other potential criminal activity with relevant law enforcement agencies, such as Capitol Police, and partners in a timely manner. We consider this recommendation closed as implemented.
|
| Office of Intelligence and Analysis | The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 6) |
In February 2023, we reported that DHS I&A did not share threat-related information with relevant agencies, such as Capitol Police. To help address this issue, we recommended that DHS I&A implement a plan to address any internal control deficiencies identified as a result of the assessment. As of July 2025, I&A has taken steps to fully address this recommendation. For example, in December 2024, DHS I&A completed its 360 review and a separate intelligence collection program review to promote operational alignment with its statutory mission and field presence. These assessments included a thorough examination of the internal controls to ensure its personnel were in compliance with policies for sharing threat-related information. Following the reviews, DHS I&A issued updated guidance to provide direction on the collection practices and information sharing protocols for I&A personnel. The guidance supports the development of qualitative and quantitative metrics to assist in identifying measures of success and key performance indicators to inform the impacts of the threat-information shared with the Intelligence Community and the DHS Intelligence Enterprise. The guidance also implements a process to document internal control deficiencies found during annual assessments and steps to take to address the deficiencies in mission action plans. Further, the updated guidance emphasizes the realignment of I&A's field presence and ensures daily coordination between analysts and collectors to enhance I&A's ability to provide consistent, timely, and relevant threat-related information to agencies such as the Capitol Police and other state, local, tribal, territorial, and private sector partners. As a result of this action, DHS is better positioned to ensure that DHS I&A personnel consistently follow policies for sharing threat-related information to help DHS I&A achieve its objectives for sharing information about threats and other potential criminal activity with relevant law enforcement agencies, such as Capitol Police, and partners in a timely manner. We consider this recommendation closed as implemented.
|
| U.S. Capitol Police | The Chief of Capitol Police should establish policies for sharing threat-related information agency-wide. (Recommendation 7) |
In March 2023, U.S. Capitol Police updated its information-sharing standard operating procedures to, among other things, ensure the appropriate distribution of intelligence to officers in instances where there are potential operational or safety impacts. In addition, Capitol Police officials have implemented a process to disseminate intelligence information, such as incident action plans and intelligence reports, to all Capitol Police personnel through an application installed on all personnel's Department-issued cell phones and have provided guidance to personnel on how to use the application. Establishing these procedures for sharing threat-related information agency-wide can help ensure all relevant personnel have the information they need to perform their duties. We consider this recommendation closed as implemented.
|
| Capitol Police Board | The Capitol Police Board should update its policy to include specific roles and responsibilities for sharing information to ensure consistent and timely sharing of information amongst the Board. (Recommendation 8) |
In November 2023, the Capitol Police Board updated its information-sharing policy to, among other things, clarify roles and responsibilities for sharing information amongst Board members. Specifically, the manual directs Board members that receive or learn of threat intelligence or threat information related to security of the Capitol Buildings or Grounds, or Members of Congress or staff, to share the information in a timely and appropriate manner with other Board members. In January 2024, the Board clarified that Board members are responsible for sharing threat information within their scope as expeditiously as possible. For example, the Architect of the Capitol is to share information with other Board members related to physical infrastructure threats. Members may also share such information at Board meetings, via email, and other mechanisms. Updating this policy for sharing threat-related information among Board members can help ensure all relevant members have information to perform security duties. We consider this recommendation closed as implemented.
|
| United States Park Police | The Chief of Park Police should update its policies to clarify how it uses information from other agencies on potential threats of violence. (Recommendation 9) |
In February 2023, we reported that the Park Police did not process all relevant threat-related information, such as information from other agencies, in its threat products. We recommended that the Park Police update its policies to clarify how it uses threat-related information from other agencies. In response, in June 2023, Park Police updated its Guideline Manual to, among other things, ensure that Intelligence and Counterterrorism Branch personnel obtain information, regardless of sources, in cases where there is a reasonable suspicion that individuals or organizations may be planning or engaging in criminal activity that could impact park visitors, resources, personnel, or sponsored events. Specifically, the Guideline Manual notes that Intelligence and Counterterrorism Branch personnel may acquire information from internal sources as well as from other government agencies, including the Federal Bureau of Investigation, the Department of Homeland Security, and state and local partners. Further, the Guideline Manual notes that the branch will process information-from evaluating reliability and validity to analyzing threat priority-into reports for use by operational commanders. Clarifying these guidelines to better define the scope of information to obtain, consider, and use when developing threat products can help inform operational decisions based on the current threat environment. We consider this recommendation closed as implemented.
|
| United States Park Police | The Chief of Park Police should establish a process for determining what threat-related information it shares with National Park Service permit officials. (Recommendation 10) |
In April 2023, U.S. Park Police updated its Guideline Manual to, among other things, ensure that National Park Service personnel receive threat information efficiently and effectively. In addition, the Guideline Manual establishes an information-sharing process, coordinated by Park Police's Intelligence and Counter-terrorism Branch and identifies counterparts between the National Park Service and Park Police by division for information sharing. Establishing a process for Park Police to share information with relevant National Park Service personnel can help ensure that National Park Service personnel consider relevant threat information when approving event permits. We consider this recommendation closed as implemented.
|
Full Report
GAO Contacts
Public Inquiries
Topics
CounterterrorismCriminal investigationsDomestic terrorismFederal agenciesHomeland securityInformation sharingInteragency relationsInternal controlsLaw enforcementPoliceProtestsSecret serviceSocial media