National Security

Watchdog finds DHS failed to act on alarming intel ahead of Jan. 6

The Department of Homeland Security’s (DHS) various intelligence components had multiple warning signs about threats related to Jan. 6, 2021, but largely failed to forward its intelligence, acting only on one piece, and even then two days after the deadly riot.

A lengthy 57-page report from DHS’s Office of Inspector General found that as department employees messaged one another about disturbing content they found online, they failed to advance or disseminate it — a result due to staff inexperience, pushback to aggressive intelligence-sharing during protests in Portland the summer before and a general belief that aggrieved Trump supporters wouldn’t be successful in overtaking the Capitol.

“Overall, open source collectors explained to us that they did not think storming the U.S. Capitol was possible, and, therefore, they dismissed this specific type of threat as hyperbole,” the report said.

“As a result, despite several collectors documenting threats to storm the U.S. Capitol building, they concluded that they could not report it to I&A state and local partners,” it said, referencing DHS’s Office of Intelligence and Analysis.

The report details a number of startling threats found by I&A employees: maps of the Capitol, comments referencing using weapons and targeting law enforcement, threats against both lawmakers and the capitol and people saying they would sacrifice their lives while conducting violence. 

It’s clear employees were alarmed by the content, with the report relaying messages between colleagues.

“I feel like people are actually going to try and hurt politicians. Jan 6th is gonna be crazy,” one said.

“I mean people are talking about storming Congress, bringing guns, willing to die for the cause, hanging politicians with ropes,” one writes in another message.

Other messages show employees encouraging each other to stay safe that week.

The office that reviews open source threats had experienced massive turnover under the Trump administration after switching to 24-hour shift work.

As of Jan. 6, 16 out of 21 employees hired to review open source threats had less than one year on the job, and rather than initially provide formal training, employees were instead paired with more experienced employees for informal guidance.

“Several collectors described this approach as insufficient, with one collector calling it haphazard and not organized, and another saying it should not have been considered training at all. This informal training was even more limited during the COVID-19 pandemic, when new collectors could only come to the office part time,” the report stated.

Even after receiving more formal training later on, many employees said they were under the impression that they were to use a high threshold for evaluating threats, and said pushback on the agency following its high level of information-sharing about the summer protests in Portland had left many wary about what information to forward.

The one piece of information that I&A did seek to share was about “an individual arriving in the Washington, D.C. area and searching for a location for armed individuals to park their cars.”

Even after an initial clearance, a second clearance wasn’t requested until 15 hours later 5:22 p.m. on Jan. 6., with OIG noting it was unclear why the office waited until after the Capitol breach to push for final review. The report notes that on Jan. 8, the Intelligence Law Division “expressed confusion at … repeated requests to review the product before dissemination.”

DHS has since sought to reform the Office of Intelligence and Analysis under the Biden administration.

“DHS has renewed its commitment to share timely and actionable information and intelligence to the broadest audience possible,” the department said in a statement.

“Since January 2021, DHS’s Office of Intelligence and Analysis (I&A) has convened more than 70 engagements with partners across every level of government, in the private sector, and local communities regarding emerging threats.”