The Department of Defense does know how to create spaces between buildings to protect against car bombs. That doesn't help when the shooter's already inside. (DoD)

Details are still coming out about the horrific shootings Monday morning at the Navy Yard in Southeast Washington, and we likely won't know the whole story for weeks. Still, one thing is clear: It was all too easy for the suspected gunman, Aaron Alexis, who had a security clearance and someone else's I.D. card, to, reportedly, walk into the gated, secured complex with an assault rifle and a handgun and kill 12 people.

Part of the reason for the weaker security may be budget-related. A forthcoming Defense Department inspector general's report found that the Navy Yard and other Navy facilities had relaxed some of their access control systems to try to cut costs, allowing 52 felons access to the grounds.

But over the past decade, the Navy has been anything but lax about security issues. After Sept. 11, 2001, new anti-terrorism standards required an 82-foot distance between barracks and an open road, which meant that the Navy would have to find a new location for its bachelor enlisted quarters somewhere within walking distance of the Navy Yard itself. In 2010, it finally embarked on the search, telling community members there was no other way to protect our service members from truck bombs speeding along the highway.

It's not that easy to find big chunks of space in crowded Capitol Hill, and the search has limped along; the last anyone heard, they were still trying to figure out what land to acquire. The fact that they're willing to undertake it at all, at tremendous expense of both money and attention, speaks to their seriousness about security, even if the effort might seem misplaced.

They wouldn't be the only ones. Security design in Washington has largely been oriented toward blast protection, through such measures as putting bollards around security perimeters, restricting vehicle access, and "building hardening," or making exterior walls essentially bomb-proof. Few buildings exemplify the post-9/11 approach more than the one that houses the Department of Transportation, a few blocks from the Navy Yard on M Street SE, with its large setbacks from the street, disguised vehicle barriers and nearly complete lack of street level retail (the District's local city planners pushed hard to have even a Starbucks on the corner, and it's still just attached to the outside of the building's impregnable shell). These days, almost all new federal facilities have defensive design baked into them, and a visitor wouldn't necessarily notice it.

But those defenses haven't been tested: There haven't been any 9/11-style attacks since, or the the kind of deadly attack on the federal building in Oklahoma City. And it's possible all the fortification has had a deterrent effect.

These days, with less than infinite funds available for security, the federal government takes a more critical approach to what actually needs protecting.

"The pendulum swings," says Richard Paradis, a security expert at the National Institute of Building Sciences. "Once you get away from an event, people begin to question how much money is being spent."

Protections are higher for military installations than for civilian office buildings, but those go through risk assessments, too. The Department of Defense's 2008 Unified Facilities Criteria and 2007 Minimum Anti-terrorism Standards for Buildings contain extensive metrics for evaluating how much protection a given facility needs.

"Given what we know about terrorism, all DoD decision makers must commit to making smarter investments with our scarce resources and stop investing money in inadequate buildings that DoD personnel will have to occupy for decades, regardless of the threat environment," reads the introduction to the latter.

The problem is, the type of lone shooter who attacked the Navy Yard and Fort Hood, especially an insider who doesn't need to break in, is still among the hardest kind of threat to protect against. The federal anti-terrorism standards still focus strongly on maximizing standoff distance and preventing building collapse as the most economical way to protect people against attacks, but that doesn't do much good when a gunman's already inside the building.

"As with equipment, there are no practical applications of manpower and procedures in mitigating these attacks other than ensuring that people know to take cover immediately after detecting an incoming round and in some environments, firing back at the aggressors," says the Unified Facilities Criteria manual.

Experts also don't know quite what to do with someone like Alexis -- an ex-employee or contractor with some sort of grievance (no conclusions have been reached about a motive for the Navy Yard rampage). While the Unified Facilities Criteria discuss all kinds of criminals, protestors and terrorists, this category is something of a mystery.

"This manual does not address the commonly referenced aggressor category of disaffected persons, which includes disoriented persons and disgruntled employees," it says. "Those aggressors are not covered separately in this manual because they may exhibit similar characteristics to any of the four categories included or they generally do not present a predictable threat."

The more effective way to save lives from "active shooters" is to prevent them from arising in the first place. And there has been a more intense focus on insider threats and mental health among enlisted personnel since the 2009 shooting at Fort Hood. Testifying at a 2011 House committee hearing on homegrown terrorist threats to military communities, a Pentagon official explained a program called eGuardian, used to identify and share information about potentially threatening employees. They've also worked with the FBI to beef up security at military bases.

Sometimes, though, there just aren't any warning signs. For that, it's almost impossible to prepare.