Capitol Attack: Federal Agencies Identified Some Threats, but Did Not Fully Process and Share Information Prior to January 6, 2021 [Reissued with revisions on Jul. 21, 2023]
Fast Facts
As part of our comprehensive look at the events of January 6, 2021, we examined how federal agencies identified potential threats, and how they used this information to prepare for and respond to the Capitol attack.
We found that all 10 federal agencies that we examined identified potential threats of violence before January 6, but some agencies either didn't follow their established policies or procedures for reviewing the threats, or didn't share critical information with partners responsible for planning security measures.
We made recommendations to five agencies to improve how they review and share information about potential threats.
Capitol Police Photo of January 6, 2021 Attack
On July 21, 2023 a sentence and footnote on page 1 of this report were revised to clarify the source of the estimated amount of losses and costs caused by the events.
Highlights
What GAO Found
In the weeks leading up to January 6, 2021, agencies obtained information on potential threats from various sources including investigations, open sources, and social media tips. All 10 federal agencies GAO reviewed identified potential threats of violence, and two—the FBI and the Capitol Police—identified credible threats.
However, some agencies did not fully process information or share it, preventing critical information from reaching key federal entities responsible for securing the National Capital Region against threats. For example,
- The FBI and the Department of Homeland Security (DHS) Office of Intelligence and Analysis (I&A) did not consistently follow agency policies or procedures for processing tips or potential threats because they did not have controls to ensure compliance with policies. Identifying and remediating internal control deficiencies (reasons why staff did not consistently follow policies) will help FBI and DHS I&A ensure policies are consistently followed and help ensure potential threats are developed and investigated, as appropriate.
- DHS I&A, Capitol Police, and Park Police did not consistently share all fully developed threat information with relevant stakeholders. For example, DHS I&A did not share threat products based on open sources with certain law enforcement partners. Capitol Police did not share threat products with its frontline officers. GAO found that DHS I&A did not have internal controls, and other agencies did not have policies to enable sharing of threat information.
Capitol Police photo above the Capitol Building on January 6, 2021
Most agencies generally used the same methods to identify threats related to January 6 as they did for other demonstrations in D.C., such as the racial justice demonstrations in summer 2020 and the Make America Great Again (MAGA) I and MAGA II demonstrations in fall 2020. DHS I&A officials said they were hesitant to report on January 6 threats due to scrutiny of reporting of other events in 2020.
Why GAO Did This Study
Prior to and during the events of January 6, 2021, federal, state, and local entities were responsible for identifying and sharing information on potential threats to inform security measures and ensure the safety of the U.S. Capitol.
GAO was asked to review the January 6, 2021 attack. This is the seventh in a series of reports and addresses (1) how federal agencies identified threats related to the events of January 6, 2021; (2) the extent to which federal agencies took steps to process and share threat information prior to the events of January 6, 2021; and (3) how federal agencies identified threat information for the events of January 6, 2021 compared to other large demonstrations in Washington, D.C.
To conduct this work, GAO compared agency actions to process and share threat information with policies and procedures for conducting these activities. GAO interviewed officials and reviewed agency threat products. GAO did not review certain threat information that was subject to ongoing investigations or prosecutions. GAO also interviewed officials from the social media platforms Facebook, Parler, and Twitter about information they shared with federal agencies. This report is a public version of a sensitive report issued in January 2023. Information that agencies deemed sensitive has been omitted.
Reissued with revisions on Jul. 21, 2023
On July 21, 2023 a sentence and footnote on page 1 of this report were revised to clarify the source of the estimated amount of losses and costs caused by the events.Recommendations
In the January 2023 report, GAO made 10 recommendations to five agencies to, for example, assess internal control deficiencies related to processing or sharing information. The agencies concurred with the recommendations.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Federal Bureau of Investigation | The Director of the FBI should assess the extent to which and why personnel did not process information related to the events of January 6 according to policy. (Recommendation 1) |
Closed – Implemented
In July 2023, the FBI reevaluated how it processed threat information shared by social media platforms leading up to the events of January 6. As part of this reevaluation, the FBI assessed whether FBI personnel developed reports on threat information received from two social media platforms in accordance with policy. The assessment determined that the Counterterrorism Division did not process information from a social media platform according to policy because it did not receive the information until after January 6. It also found that the Austin Residence Agency did not process about 30 percent of referrals it received directly from a social media platform according to policy because it lacked defined threat intake procedures for the newly developed relationship. Specifically, the social media platform had a single point of contact with the Austin Residence Agency's Cyber Squad, which created the potential for the single point failure (e.g. some emails went to the point of contact's "junk mail"). Assessing the extent to which personnel did not process threats, and why, can help determine if the processing failures were indicative of a larger problem, or demonstrated the need for improving internal controls. We consider this recommendation closed as implemented.
|
Federal Bureau of Investigation | The Director of the FBI should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow policies for processing information. (Recommendation 2) |
Closed – Implemented
In July 2023, the FBI implemented a plan to address internal control deficiencies identified in its assessment of the extent to which personnel processed threats shared by social media platforms according to policy. Specifically, to address the internal control deficiency that resulted in the Austin Residency Agency's inconsistent processing of threat information, it implemented the FBI's National Threat Operations Center procedures for reporting tips on federal crimes and terrorist activity in place of its existing process. The National Threat Operations Center procedures centralizes information for tracking and analysis and ensures information is processed into reports. Implementing a plan to address any identified deficiencies can help ensure the FBI is processing tips in accordance with policy and increasing awareness of potential threats. We consider this recommendation closed as implemented.
|
Office of Intelligence and Analysis |
Priority Rec.
The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel follow existing and updated policies for processing open source threat information. (Recommendation 3)
|
Open
In February 2023, we reported that DHS I&A did not process all relevant open source threat-related information related to the events of January 6. To help address this issue, we recommended that DHS I&A assess the extent to which personnel did not process information. DHS I&A noted that it is establishing a process for assessing internal controls and expects to complete the recommended assessments by October 31, 2023.
|
Office of Intelligence and Analysis | The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for processing open source threat information. (Recommendation 4) |
Open
In February 2023, we reported that DHS I&A did not process all relevant open source threat-related information. To help address this issue, we recommended that DHS I&A implement a plan to address any internal control deficiencies identifies as a result of the assessment. DHS I&A stated that it will work with stakeholders to develop corrective actions plans to address internal control deficiencies. The corrective action plans will include root cause analysis, remediation milestones with due dates, and follow-up actions to be reported to DHS senior leadership on a quarterly basis. DHS expects to complete the corrective action plans by December 29, 2023.
|
Office of Intelligence and Analysis |
Priority Rec.
The DHS I&A Under Secretary should assess the extent to which its internal controls ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 5)
|
Open
In February 2023, we reported that DHS I&A did not share threat-related information with relevant agencies, such as Capitol Police. To help address this issue, we recommended that DHS I&A assess the extent to which personnel did not share information. DHS I&A noted that it is establishing a process for assessing internal controls and expects to complete the recommended assessments by October 31, 2023.
|
Office of Intelligence and Analysis | The DHS I&A Under Secretary should, following its assessment, implement a plan to address any internal control deficiencies identified to ensure personnel consistently follow the policies for sharing threat-related information with relevant agencies such as Capitol Police. (Recommendation 6) |
Open
In February 2023, we reported that DHS I&A did not share threat-related information with relevant agencies, such as Capitol Police. To help address this issue, we recommended that DHS I&A implement a plan to address any internal control deficiencies identifies as a result of the assessment. DHS I&A stated that it will work with stakeholders to develop corrective actions plans to address internal control deficiencies. The corrective action plans will include root cause analysis, remediation milestones with due dates, and follow-up actions to be reported to DHS senior leadership on a quarterly basis. DHS expects to complete the corrective action plans by December 29, 2023.
|
U.S. Capitol Police | The Chief of Capitol Police should establish policies for sharing threat-related information agency-wide. (Recommendation 7) |
Closed – Implemented
In March 2023, U.S. Capitol Police updated its information-sharing standard operating procedures to, among other things, ensure the appropriate distribution of intelligence to officers in instances where there are potential operational or safety impacts. In addition, Capitol Police officials have implemented a process to disseminate intelligence information, such as incident action plans and intelligence reports, to all Capitol Police personnel through an application installed on all personnel's Department-issued cell phones and have provided guidance to personnel on how to use the application. Establishing these procedures for sharing threat-related information agency-wide can help ensure all relevant personnel have the information they need to perform their duties. We consider this recommendation closed as implemented.
|
Capitol Police Board | The Capitol Police Board should update its policy to include specific roles and responsibilities for sharing information to ensure consistent and timely sharing of information amongst the Board. (Recommendation 8) |
Open
In February 2023, we reported that the Capitol Police Board members did not share all threat-related information with all members of the Board in a consistent and timely manner because the Board's policy does not clarify roles and responsibilities for doing so. We recommended that the Capitol Police Board update its policy to include specific roles and responsibilities for sharing information among its members. In April 2023, the Capitol Police Board confirmed that it plans to address the recommendation as it updates its Manual of Procedures by June 2023. We will review these updates when they occur.
|
United States Park Police | The Chief of Park Police should update its policies to clarify how it uses information from other agencies on potential threats of violence. (Recommendation 9) |
Open
In April 2023, U.S. Park Police updated its Guideline Manual to, among other things, ensure that personnel obtain information on individuals and groups planning any type of criminal behaviors to safeguard the public and those resources the Park Police is charged to protect. We are reviewing the manual to determine if it addresses the recommendation.
|
United States Park Police | The Chief of Park Police should establish a process for determining what threat-related information it shares with National Park Service permit officials. (Recommendation 10) |
Closed – Implemented
In April 2023, U.S. Park Police updated its Guideline Manual to, among other things, ensure that National Park Service personnel receive threat information efficiently and effectively. In addition, the Guideline Manual establishes an information-sharing process, coordinated by Park Police's Intelligence and Counter-terrorism Branch and identifies counterparts between the National Park Service and Park Police by division for information sharing. Establishing a process for Park Police to share information with relevant National Park Service personnel can help ensure that National Park Service personnel consider relevant threat information when approving event permits. We consider this recommendation closed as implemented.
|