The Department of Homeland Security’s Office of Intelligence and Analysis failed to widely share specific, open-sourced threats observed ahead of the January 6 assault on the U.S. Capitol, a new watchdog report released Tuesday found.
Trump administration analysts failed to “produce any actionable information” or issue intelligence bulletins to their network of law enforcement partners until two days after the Capitol insurrection, though they had observed online comments from individuals threatening to hang politicians, vowing to storm Congress and in one case, “shoot and kill protesters at the upcoming rallies related to the presidential election.”
The 54-page report by DHS’ Office of the Inspector General found the department “was unable to provide its many state, local and federal partners with timely, actionable and predictive intelligence,” even though it was the only member of the federal intelligence community required by law to share such information with state, local and other non-federal officials.
The inspector general found that DHS fell short due to “inadequate training related to open-source collection” resulting in “inexperienced collectors” who didn’t follow department guidelines for reporting threat information and were “hesitant” to share information. Instead, DHS officials emailed threat information to local Washington D.C. partners before the attack, opting not to issue widespread intelligence alerts.
Messages exchanged between collectors on January 2 and January 3 reveal that DHS employees observed an array of open-source threats on social media and message boards, but ultimately decided they did not meet the reporting threshold.
“People are actually going to try and hurt politicians,” one collector wrote to his colleague on January 2, after finding a map that was circulated online of all the exits and entrances to the Capitol building. “January 6 is gonna be crazy.”
In a different message exchange the following day, DHS analysts called threats unlikely, though one suggested he had some doubts. “I mean people are talking about storming Congress, bringing guns, willing to die for the cause, hanging politicians with ropes,” the collector wrote in a message to a colleague.
Messages from another chat appeared to show two collectors joking about potential threats to lawmakers. “Like there’s these people talking about hanging Democrats from ropes like wtf,” one DHS staff member wrote.
“They’d need a lot of rope, I think DC is pretty much all democrat haha,” another responded.
One collector authored a draft of an open-source intelligence report or “OSIR” warning of threats to the U.S. Capitol on January 5, the watchdog found.
During the required peer-review process, the inspector general discovered that another collector concluded the draft report outlining threats to lawmakers and the U.S. Capitol didn’t meet the reporting threshold because it “contained hyperbolic information.”
“Overall, open source collectors explained to us that they did not think storming the U.S. Capitol was possible, and, therefore, they dismissed this specific type of threat as hyperbole,” the watchdog found.
Ultimately, the bulletin “was not finalized and disseminated until January 8, two days after the breach,” which “render[ed] it useless.”
When asked about the delay, leadership at the Department of Intelligence and Analysis told the inspector general that officials were not instructed to issue a bulletin before the January 6 events “because there was not enough time.” Instead, the Counterterrorism Mission Center relayed threats only in a briefing with department leadership.
But for weeks, three divisions within DHS’ intelligence arm ping-ponged tips back and forth, failing to produce useful guidance to its network of state and local enforcement partners.
On December 21, 2020, the agency’s Field Operations Division (FOD) shared information with the Open Source Collection Operations (OSCO) team “about an individual who threatened to shoot and kill protesters at the upcoming rallies related to the presidential election,” after the individual told members of an online discussion group that he planned to kill at least 50 people. An FOD staff member later acknowledged to a colleague that a follow-up request from OSCO had “slipped away from her,” and no report was written, based on the tip.
On December 29, DHS’ Counterterrorism Mission Center requested evidence of open-source intelligence on January 6 that could be used to advise U.S. Capitol Police, the U.S. Secret Service, and other federal, state, and local partners of existing threats. Over the next week, five DHS collectors from OSCO detailed “comments referencing using weapons and targeting law enforcement and the U.S. Capitol building,” in a shared document. Analysts found some individuals online claimed they would sacrifice themselves in the ensuing violence.
But according to the inspector general, “we did not locate any evidence that the five collectors drafted a [report] about any of the threats recorded in their document.”
During its investigation, the watchdog found collectors were “hesitant” to issue intelligence products, given earlier scrutiny of DHS’ Office of Intelligence and Analysis’ controversial response to the protests in Portland, Oregon, in the summer of 2020.
An internal DHS review found personnel gathered and disseminated intelligence on US journalists there, after poorly trained members of its workforce assisted in intelligence collection.
The DHS’ inspector general found the Office of Intelligence and Analysis “hired inexperienced open source collectors in the months leading up to January 6, 2021,” then failed to provide appropriate training courses.
“As of January 6, 2021, 16 out of 21 collectors had less than 1 year of experience, and some of these new collectors said they did not receive adequate training to help determine when threat information should be reported,” the report read.
“Instead, collectors trained informally by working alongside colleagues with more experience,” the inspector general noted, an impromptu set-up made more difficult by remote work during the pandemic.
At the conclusion of its report, the inspector general issued five recommendations, including providing enhanced training annually and creating a process to request and receive timely open source intelligence bulletins when they are related to upcoming events.
DHS agreed with all five recommendations.
In a memo to the workforce on Tuesday, John Cohen, head of the Office of Intelligence and Analysis since July, told staff he “fully concurred” with suggestions and had worked with staff to ensure the recommendations were being implemented.
In a statement to CBS News, a DHS spokesperson said that “over the past fourteen months, [DHS] has strengthened intelligence analysis, information sharing, and operational preparedness to help prevent acts of violence and keep our communities safe.”
Tuesday’s report followed the Government Accountability’s Office’s 115-page review of U.S. Capitol Police that found law enforcement failed to provide appropriate intelligence to officers on the ground, ahead of January 6.