Capitol Attack: Federal Agencies Identified Some Threats, but Did Not Fully Process and Share Information Prior to January 6, 2021
As part of our comprehensive look at the events of January 6, 2021, we examined how federal agencies identified potential threats, and how they used this information to prepare for and respond to the Capitol attack.
We found that all 10 federal agencies that we examined identified potential threats of violence before January 6, but some agencies either didn't follow their established policies or procedures for reviewing the threats, or didn't share critical information with partners responsible for planning security measures.
We made recommendations to five agencies to improve how they review and share information about potential threats.
Capitol Police Photo of January 6, 2021 Attack
What GAO Found
In the weeks leading up to January 6, 2021, agencies obtained information on potential threats from various sources including investigations, open sources, and social media tips. All 10 federal agencies GAO reviewed identified potential threats of violence, and two—the FBI and the Capitol Police—identified credible threats.
However, some agencies did not fully process information or share it, preventing critical information from reaching key federal entities responsible for securing the National Capital Region against threats. For example,
- The FBI and the Department of Homeland Security (DHS) Office of Intelligence and Analysis (I&A) did not consistently follow agency policies or procedures for processing tips or potential threats because they did not have controls to ensure compliance with policies. Identifying and remediating internal control deficiencies (reasons why staff did not consistently follow policies) will help FBI and DHS I&A ensure policies are consistently followed and help ensure potential threats are developed and investigated, as appropriate.
- DHS I&A, Capitol Police, and Park Police did not consistently share all fully developed threat information with relevant stakeholders. For example, DHS I&A did not share threat products based on open sources with certain law enforcement partners. Capitol Police did not share threat products with its frontline officers. GAO found that DHS I&A did not have internal controls, and other agencies did not have policies to enable sharing of threat information.
Capitol Police photo above the Capitol Building on January 6, 2021
Most agencies generally used the same methods to identify threats related to January 6 as they did for other demonstrations in D.C., such as the racial justice demonstrations in summer 2020 and the Make America Great Again (MAGA) I and MAGA II demonstrations in fall 2020. DHS I&A officials said they were hesitant to report on January 6 threats due to scrutiny of reporting of other events in 2020.
Why GAO Did This Study
Prior to and during the events of January 6, 2021, federal, state, and local entities were responsible for identifying and sharing information on potential threats to inform security measures and ensure the safety of the U.S. Capitol.
GAO was asked to review the January 6, 2021 attack. This is the seventh in a series of reports and addresses (1) how federal agencies identified threats related to the events of January 6, 2021; (2) the extent to which federal agencies took steps to process and share threat information prior to the events of January 6, 2021; and (3) how federal agencies identified threat information for the events of January 6, 2021 compared to other large demonstrations in Washington, D.C.
To conduct this work, GAO compared agency actions to process and share threat information with policies and procedures for conducting these activities. GAO interviewed officials and reviewed agency threat products. GAO did not review certain threat information that was subject to ongoing investigations or prosecutions. GAO also interviewed officials from the social media platforms Facebook, Parler, and Twitter about information they shared with federal agencies. This report is a public version of a sensitive report issued in January 2023. Information that agencies deemed sensitive has been omitted.
Recommendations
In the January 2023 report, GAO made 10 recommendations to five agencies to, for example, assess internal control deficiencies related to processing or sharing information. The agencies concurred with the recommendations.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Federal Bureau of Investigation | The Director of the FBI should assess the extent to which and why personnel did not process information related to the events of January 6 according to policy. (Recommendation 1) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
Federal Bureau of Investigation | The Director of the FBI should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow policies for processing information. (Recommendation 2) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
Office of Intelligence and Analysis | The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel follow existing and updated policies for processing open source threat information. (Recommendation 3) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
Office of Intelligence and Analysis | The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for processing open source threat information. (Recommendation 4) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
Office of Intelligence and Analysis | The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 5) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
Office of Intelligence and Analysis | The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 6) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
U.S. Capitol Police | The Chief of Capitol Police should establish policies for sharing threat-related information agency-wide. (Recommendation 7) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
Capitol Police Board | The Capitol Police Board should update its policy to include specific roles and responsibilities for sharing information to ensure consistent and timely sharing of information amongst the Board. (Recommendation 8) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
United States Park Police | The Chief of Park Police should update its policies to clarify how it uses information from other agencies on potential threats of violence. (Recommendation 9) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|
United States Park Police | The Chief of Park Police should establish a process for determining what threat-related information it shares with National Park Service permit officials. (Recommendation 10) |
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
|