Key details of the massacre at Washington's Navy Yard are just beginning to emerge, but the attack offers an unsettling reminder that many military facilities have soft underbellies when it comes to security.
Visitors to the Pentagon walk past guards armed with assault rifles and then pass through an outside building equipped with state-of-the-art metal detectors. Once they enter the Pentagon itself, the first thing they see is another booth manned by heavily armed security personnel.
The Pentagon is very much the exception, however. Washington, Maryland, and Virginia are dotted with dozens of military bases and Defense Department office buildings, and both types of facilities have significant potential security gaps, according to experts in the field.
At military posts like the sprawling Marine base in Quantico, Virginia, for instance, virtually anyone with one of the Common Access Cards (CAC) issued to troops, civilian Defense Department employees, and government contractors can enter the facility without being patted down or made to go through a metal detector.
Aaron Alexis, the primary suspect in the Navy Yard shootings, was a Navy information technology contractor, but it's not yet clear whether he had a CAC card of his own or made his way onto the Navy Yard by stealing one from a colleague. Figuring out how Alexis managed to enter the compound with at least one semiautomatic weapon is a top priority for the FBI agents leading the investigation into the shootings.
"The primary element of security is limiting access for people who don't have the need to be in a given place," said Ian Kanski, a former Marine Corps force protection officer who also worked as a private security contractor overseas. "We have an overabundance of universal access in the military. I've been out of the Marines since 2006. Should I still have a card that allows me to get onto almost any base?"
The hundreds of thousands of people with CAC cards aren't the only ones who have a relatively easy time making their way onto military posts. Many bases also allow veterans with valid military retiree ID cards to enter the posts so they can receive medical care at the facilities' hospitals and medical clinics, or shop at subsidized supermarkets.
Some bases search the veterans' cars, but the retired troops themselves are almost never patted down or asked to go through metal detectors. That would theoretically make it easy for a potential assailant to smuggle a firearm onto the base.
The Defense Department's office buildings in and around Washington present a different kind of risk. Unlike military posts, the buildings are generally protected by private security guards who are either unarmed or equipped solely with a sidearm. The entrances have metal detectors, but government employees or contractors with ID cards for the buildings are often allowed to bypass them, according to personnel who work at three of the DoD facilities.
Fred Burton, the vice president for intelligence at Stratfor and a former State Department counterterrorism agent, said human nature made it even harder to guard against insider attacks like the one that appears to have taken place at the Navy Yard. Alexis was a subcontractor for Hewlett-Packard, but it wasn't clear Monday if he had been working at the Navy Yard full-time or was simply an occasional visitor.
"Guards, even good ones, can have familiarity fatigue where they see the same guy every day and decide to just wave him through," he said.
Kanski said that preventing that type of complacency is the biggest challenge facing the security personnel charged with preventing people like Alexis from taking the lives of their friends and colleagues.
"Security is only as good as the human element implementing it," he said. "If that falls short, all the security measures in the world won't be enough to keep something like this from happening again."