Make your home page

Watchdog finds DHS identified threats prior to January 6 but did not widely share intelligence until after attack

WASHINGTON, DC - JANUARY 06: Pro-Trump supporters storm the U.S. Capitol following a rally with President Donald Trump on January 6, 2021 in Washington, DC. Trump supporters gathered in the nation's capital today to protest the ratification of President-elect Joe Biden's Electoral College victory over President Trump in the 2020 election. (Photo by Samuel Corum/Getty Images)

(CNN) — The Department of Homeland Security intelligence division had identified “specific” threats related to January 6, 2021, prior to the attack on the US Capitol, but did not widely share any intelligence it had gathered until two days after the riot, according to a new watchdog report.

The DHS Office of Inspector General found that three different divisions within the Trump-era DHS Office of Intelligence and Analysis had either collected intelligence or identified potential violent threats and did not release that information in in reports outside the department prior to January 6 — instead emailing threat information to local Washington, DC, partners before the attack in a way that was “not as widely disseminated” as its usual intelligence products. Such threats, the report said, included storming the Capitol, targeting politicians and law enforcement and “sacrificing their lives while conducting violence.”

Because of the lapse in information sharing, DHS “was unable to provide its many state, local and Federal partners with timely, actionable and predictive intelligence,” the report found.

The Inspector General report released Tuesday marks the first of three DHS watchdog reports related to the attack on the Capitol. The findings come a day after it was revealed that dozens more US Capitol Police officers had been injured during the insurrection than previously known, according to a report from the Government Accountability Office.

The DHS intelligence office is the only member of the federal intelligence community that is required by law to share information with state, local and other non-federal officials. The office is also tasked with collecting and analyzing open-source information.

Intelligence sharing breakdowns were rife in the run-up to the attack on the US Capitol and law enforcement officials have since pointed the finger at DHS, along with other agencies.

CNN previously reported that the DHS intelligence division did not issue a specific warning about the possibility of violence on January 6, according to two DHS officials, but did author and disseminate several assessments highlighting potential threats surrounding election season.

The watchdog found that within the Open Source Collection Operations branch, staff collected threat information but did “not produce any actionable information.” This was, in part, because of “inexperienced” collectors that did not receive adequate training, according to the IG.

Hesitancy to report after Portland

Collectors in that office described feeling “hesitancy” after criticism of the way the office handled intelligence during the protests in Portland, Oregon, in the summer of 2020. An earlier DHS review found that the intel office had gathered and disseminated intelligence on US journalists there, in part, because an unprepared and ill-trained workforce had been thrown into assisting with intelligence collection.

The events in Portland led to a shakeup in the office’s top ranks and caused lasting damage to its reputation. The office has not had a Senate-confirmed leader since May 2020, and President Joe Biden’s nominee, Kenneth Wainstein, has been awaiting a vote in the Senate.

While Tuesday’s report does not review Portland, it notes that the circumstances provide “important context” for the decisions and actions taken prior to January 6.

On several occasions leading up to January 6, collectors messaged each other about threats they had discovered online.

In one case, on January 2, “after a collector learned that individuals online were sharing a map of the US Capitol building, he messaged his colleague saying he thought people would ‘try and hurt politicians,’” the report says. Two employees discussed a possible employee “surge” to respond to the escalating threats but did not discuss issuing an intelligence product.

On the same day, two collectors discussed online comments threatening to hang Democrats in Washington, DC, but did not think the comments met the reporting threshold. The following morning the collectors noted discussion about hanging politicians, storming Congress and sacrificing lives, but no reports were drafted.

Despite receiving tips from colleagues in other divisions of the intelligence office and expressing concerns internally, no open source reports were issued to “inform its partners of possible threats for January 6,” the IG wrote.

The watchdog found three main reasons for the lapse: inadequate training related to open source collection, a lack of understanding about the guidelines for reporting and hesitancy to report following scrutiny of the office’s actions surround the Portland protests.

“Overall, open source collectors explained to us that they did not think storming the U.S. Capitol was possible, and, therefore, they dismissed this specific type of threat as hyperbole,” the report states.

The Inspector General found one instance in which an intelligence product was issued related to January 6, but it was not disseminated until two days later, “rendering it useless” for an advanced warning.

Information sent via email

The watchdog found that “on at least five occasions” the intelligence office did email threat information about January 6 events to state and local partners prior to the Capitol breach, but sharing information by email does not disseminate information as widely as publishing intelligence products, according to the report.

Staff at the intelligence office disagree about whether an intelligence product would have changed the outcome on January 6, the report found, but the Inspector General said that “nevertheless” the issues identified in the review “demonstrate the need for essential changes” to ensure a better response in the future.

The watchdog issued five recommendations, including providing enhanced annual training and implementing a process to request and receive timely reviews for open source intelligence products when they are related to upcoming events.

DHS agreed with all five recommendations and described actions it was taking to address the issues in the report, including developing tools to effectively collect information and ensue that the information is efficiently shared.

“Since the events of January 6, 2021, I&A has taken many actions to improve its ability to effectively identify, collect and share threat information, including publicly-available information identified online,” John Cohen, who has been leading the office since July, wrote to Inspector General Joseph Cuffari in response to a draft of the report.