And as with the Snowden debacle, we’re left wondering just how subcontractors are vetted for access to sensitive sites. The Navy Yard shooter was supposedly vetted for security access, and yet earlier incidents that should have raised red flags either didn’t show, or didn’t raise those red flags.

Some of this is the result of outsourcing programs/projects that were previously done in house - in the name of cost cutting. But the companies that are doing the vetting may not be getting the job done. Two high profile incidents don’t mean the entire system is broken, but it could signify that there are serious lapses or areas of concern that need to be fixed.