Katie Arrington, the chief information security officer for acquisition for the Office of the Under Secretary of Defense for Acquisition and Sustainment, had her security clearance suspended, was placed on leave, and is under investigation for suspected unauthorized disclosures of classified information from a military intelligence agency, according to an official document reported by Bloomberg on Tuesday.
According to the document provided to Bloomberg, Arrington, who has been overseeing a new cybersecurity initiative for defense contractors, was informed on May 11 that her security clearance was suspended as “a result of a reported Unauthorized Disclosure of Classified Information and subsequent removal of access by the National Security Agency.”
The memo reportedly goes on to tell Arrington, “If this preliminary decision becomes final, you will not be eligible for access to classified information” or “assignments to duties that have been designated national security sensitive.”
Arrington is a former Republican state representative from South Carolina who launched an unsuccessful 2018 campaign to represent the state’s 1st congressional district in the U.S. House of Representatives. After her 2018 loss, Arrington later went to work for the Pentagon as “Highly Qualified
Expert” on cybersecurity and then competed for and attained the nonpartisan Senior Executive Service status.
Arrington’s attorney, Mark Zaid, reportedly confirmed the authenticity of the document to Bloomberg, but said, “Absolutely no decisions have been reached regarding any aspect.”
Zaid described the notice to his client as a routine procedure.
“When faced with such programmatic allegations DoD would routinely open an investigation as a matter of course,” Zaid said. “This is how the system works. Accepting an investigation, however, doesn’t prejudge the merits.”
Arrington has been placed on administrative leave as the preliminary investigation plays out and Zaid said the specifics of the investigation “have not been made known to us.”
According to her Pentagon biography, Arrington “has extensive experience in cyber strategy, policy, enablement and implementation across a wide range of business sectors and governmental levels” and “she has over 15 years of cyber experience acquired through positions at Booz Allen Hamilton, Centuria Corporation, and Dispersive Networks.”
A U.S. official familiar with the case told Bloomberg that Arrington’s politics, as a Republican under a Democrat presidency, are not a factor in the investigation and it is not an attempt to force her out at the Pentagon. The U.S. official also said the investigation is not related to Arrington’s management of the Pentagon’s Cybersecurity Maturity Model Certification system, (CMMC).
Under the CMMC cybersecurity certification system, as many as 300,000 American companies producing military materials ranging from F-35 stealth fighter jets to office supplies and plumbing equipment would have to undergo a cybersecurity audit by a third-party accreditation board about once every three years, to ensure safe cybersecurity practices.