Yesterday, 13 people died at the Navy Yard in Washington, D.C., in the worst mass shooting at a military installation since the massacre at Fort Hood, Texas, in 2009.

The shooter has been identified as 34-year-old Aaron Alexis from Forth Worth, Texas, an employee of The Experts, a subcontractor on a Hewlett-Packard contract to retool the Navy's intranet. Alexis also served in the Navy Reserve from 2007 to 2011.

The shooting will surely spark debate about larger issues like gun control and the state of America's mental health system. But what about the Navy Yard itself? Alexis didn't walk into a mall or a school and start firing. He strolled into the oldest military establishment in the country.

The Navy Yard is a civilian and military complex that houses 16,000 people in 2.2 million square feet of office space. Some of it is accessible to the public. But the section where the shooting took place is not.

Entering Building 197 — which houses the Naval Sea Systems Command, responsible for the upkeep and development of many of the Navy's ships and submarines — requires two levels of security: An identification card for the larger Navy Yard complex and another for the building itself.

As a contractor for the Navy, Alexis used a valid identification card to gain access to the building, according to Valerie Parlave, assistant director in charge of the Washington FBI field office.

That raises questions about how Alexis was able to pass a background check by his employer, as well as why the Department of Defense gave him a security clearance. Alexis had previously been charged twice over firearms violations, including one incident in which he shot out the tires of a man's vehicle with a .45-caliber pistol.

This isn't a rare slip-up, according to a new audit by the Department of Defense inspector general’s office. It found that cost-cutting measures had allowed 52 felons since September 2012 to get around the Navy's security measures and gain access to military installations.

Once you have security access, bringing a concealed gun to the Navy Yard wouldn't be too difficult, because employees and contractors aren't routinely searched, according to Reuters.

Another problem, writes The Washington Post's Lydia DePillis, is that "security design in Washington has largely been oriented toward blast protection" since the Sept. 11 attacks.

While that may have deterred another 9/11 or Oklahoma City bombing, it doesn't do much against a man with a gun, argues DePillis:

The type of lone shooter who attacked the Navy Yard and Fort Hood, especially an insider who doesn't need to break in, is still among the hardest kind of threat to protect against. The federal anti-terrorism standards still focus strongly on maximizing standoff distance and preventing building collapse as the most economical way to protect people against attacks, but that doesn't do much good when a gunman's already inside the building. [Washington Post]

A lone wolf with a gun is already hard to stop. It's even harder to stop one with little regard for his or her own life, notes John Michaud, a former member of the Naval Criminal Investigative Service.

"Certainly security will be reviewed but no security precautions will protect all the people all the time," Michaud told Reuters. "If someone is willing to forfeit their life it is much more difficult to deter them."