recommended reading

Navy Yard Shooter Adhered to ID Protocol to Access Military Bases

Jacquelyn Martin/AP

The man who allegedly opened fire at the Navy Yard in Washington underwent proper background checks to gain entry to sensitive military facilities, according to government regulations and company officials. It was the evaluators who apparently missed warning signs in suspect Aaron Alexis’s personal history.

Alexis was required to carry authentic identification for accessing Defense Department facilities and computers. He submitted to two background checks while employed for about half a year with The Experts, a government consulting firm, according to the company. "The latest background check and security clearance confirmation were in late June of 2013 and revealed no issues other than one minor traffic violation," Experts officials said in a statement on Tuesday. 

Employee access to naval commands, using a biometric common access card, known as a CAC card, is written into the contract between the Navy and the civilian company, a Navy official said. 

Alexis would have had to possess a CAC card to do his job, former government officials said. He was working on a key $10 billion information technology project to upgrade systems on the Navy Marine Corps Intranet.

According to Pentagon policy, a contractor obtains a CAC card by undergoing a two-step screening process that is typical for military personnel. 

After an employer vouches for an individual contractor's need for a card, there is an FBI fingerprint check and a "national agency check," which searches the Office of Personnel Management's security investigations index, Defense's clearance and investigation index, and includes questionnaires sent to the hire's past employers, schools, references and local law enforcement agencies. 

Human error?

On Tuesday, some defense policy specialists faulted the screeners who conducted these checks.  

With Alexis, "there were some disturbing incidents that should have raised a red flag in any security investigation," said Sterling DeRamus, a military law attorney at Tully Rinckey, who is a U.S. Navy Reserve captain and former submariner. Alexis was discharged from the Navy after several misconduct citations, reportedly suffered from post-traumatic stress disorder, and was arrested multiple times for gunfire incidents -- though not convicted. "While some of the charges were dropped in his case, the investigator should still have picked up on them, that there were issues related to use of guns associated with mental illness," DeRamus said. 

No one yet has come up with a way to eliminate background check mistakes.

Just recently, personnel screening problems emerged after former National Security Agency contractor Edward Snowden leaked domestic surveillance secrets. Examiners failed to verify his story about a past security violation and his work for the Central Intelligence Agency, and they didn't obtain significant information from acquaintances besides his mother and girlfriend, the newspaper reported.

But some former federal officials, who now are in private industry, are wary of grouping together any screening errors involving Alexis and Snowden to condemn contracting in general."CAC cards are basically issued to people who have a legitimate reason to be on an installation and have access to various locations and to the computer systems.  It looks to me as though since he was a contractor working on NMCI that he had a legitimate reason to be on the installation," said Ret. Air Force Major General John P. Casciano, now chairman of the board at intelligence contractor OneAlpha Corporation. 

The constitutional right to be innocent until proven guilty was invoked on Tuesday to explain why accusations against Alexis were not considered during his background checks.

"Over the years the fact that someone has been arrested or accused of something has been removed by the process because people have successfully challenged such queries as being prejudicial -- no matter what the reason.  The questions during the screening process ask if someone has been convicted," said Ret. Air Force Maj. General Dale Meyerrose, the intelligence community’s former chief information officer. 

Similarly, Casciano said, "The whole system is based on trust.  I'm not sure we could ever construct a system that would prevent this from happening ever again.  If we did I'm not sure I'd like to live in that society."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.