The Office of Inspector General (OIG) has found that intelligence pertaining to the U.S. Capitol attack was delivered late.
OIG initiated a review to determine the actions of the Department of Homeland Security’s (DHS) Office of Intelligence & Analysis (I&A) relating to the events at the U.S. Capitol on January 6, 2021. As a member of the U.S. Intelligence Community, I&As mission is to equip the DHS and its partners with timely intelligence and information needed to keep the homeland safe, secure, and resilient.
OIG found that I&A identified specific threat information related to the events on January 6, 2021, but did not issue any intelligence products about these threats until January 8, 2021. According to OIG, open source collectors in I&As Current and Emerging Threats Center collected open source threat information but did not produce any actionable information. The review found that this resulted from inexperienced open source collectors who received inadequate training and who did not fully consider I&A Guidelines for reporting threat information. Collectors also described hesitancy following scrutiny of I&As reporting in response to civil unrest in the summer of 2020. Although an open source collector submitted one product for review on January 5, 2021, I&A did not distribute the product until two days after the events at the U.S. Capitol. Additionally, OIG found that I&As Counterterrorism Mission Center (CTMC) identified indicators that the January 6, 2021 events might turn violent but did not issue an intelligence product outside I&A, even though it had done so for other events. Instead, CTMC identified these threat indicators for an internal I&A leadership briefing, only. Finally, the Field Operations Division (FOD) considered issuing intelligence products on at least three occasions prior to January 6, 2021, but OIG found FOD did not disseminate any such products ultimately and says it is unclear why FOD failed to disseminate these products.
In examples cited in OIG’s partially redacted report, collectors messaged each other about the threats they discovered online. These threats included individuals storming the U.S. Capitol, targeting politicians and law enforcement, and sacrificing their lives while conducting violence. Additionally, collectors said they were concerned about safety in Washington, D.C. on January 6. On January 2, 2021, after a collector learned that individuals online were sharing a map of the U.S. Capitol building, he messaged his colleague saying he thought people would try and hurt politicians. In response, the colleague agreed with this assessment. The two also noted the possibility of I&A ordering an employee surge to respond to the escalating threats but did not discuss the possibility of issuing an intelligence product.
In a further example, two collectors discussed online comments threatening to hang Democrats in Washington, D.C. but did not think the comments met the reporting threshold.
Collectors told OIG they were unsure about when information should be reported and were critical of the training they had received. I&A leadership also expressed concerns the day before the U.S. Capitol breach that suitable experienced instructors were not leading training.
In a January 25, 2021 memorandum, I&As two Deputy Under Secretaries described its open source training as incomplete and said it presents risks such as unmet collection needs and deficient collection-related skills. The memorandum identified actions that I&A needed to take to prevent these risks, such as creating standardized qualifications for the collectors and aligning training to these qualifications.
OIG’s review found that I&A did email threat information to its local partners in the Washington, D.C. area on several occasions before the events at the U.S. Capitol. But this information was not as widely disseminated as I&As typical intelligence products. As a result, OIG determined that I&A was unable to provide its many state, local, and Federal partners with timely, actionable, and predictive intelligence.
Unsurprisingly, OIG’s findings led to several recommendations including a need for enhanced training and guidance, and a process to request and receive timely reviews for open source intelligence products when they relate to upcoming events or urgent threats. In addition, OIG has called for policies, procedures, and/or guidance on the timely issuance of warning analysis, both strategic and tactical, about threats or upcoming events across I&As mission areas.
DHS concurred with each recommendation and has already undertaken work to meet them, with the remainder of the actions due to be completed by July, 2022.