The CISO for Acquisition and Sustainment (A&S) to the Under Secretary of Defense for A&S (USD/AS), Katie Arrington, had her security clearance suspended pending investigation into her allegedly sharing classified information.
While details are thin, what we do know, according to Bloomberg, is that on May 11, Arrington received a memo informing her of the action from the USD/AS which noted that “Her security clearance for access to classified information is being suspended as a result of a reported Unauthorized Disclosure of Classified Information and subsequent removal of access by the National Security Agency.” The memo continued, “If this preliminary decision becomes final, you will not be eligible for access to classified information” or “assignments to duties that have been designated national security sensitive.” Her lawyer, Mark Zaid, was quoted by Bloomberg, “when faced with such programmatic allegations DoD would routinely open an investigation as a matter of course. This is how the system works. Accepting an investigation, however, doesn’t prejudge the merits.”
Arrington’s role as CISO
Arrington has been in her role as the CISO for USD/AS since August 2020 and was appointed to the DoD CISO role in January 2019. In this role, she leads the effort to address the cybersecurity of the Defense Supply Chain where she evangelized Supply Chain Risk Management (SCRM) principles designed to enhance the Defense Industrial Base security with her primary focus on the Cybersecurity Maturity Model Certification process. Both topics have been top of mind these last six months as we’ve learned of Solar Winds and other supply chain compromises affecting not only the DIB community, but global organizations including many with infrastructure responsibilities.
In September 2020, the Department issued an interim rule regarding the implementation of the CMMC which received community pushback from industry. Arrington, in her role would have been responsible for the issuance of the interim rule. In November 2020, Arrington gave Congress an update on her CMMC efforts, noting that suppliers need to “register their own assessments in the supplier risk platform.
Speculation is rampant on what it is that Arrington is alleged to have revealed, including tying her to the allegations being made by a television personality that was being targeted by NSA. According to a Tweet from her attorney Zaid, the investigation into Arrington began approximately six weeks ago and is in no way tied to the allegation associated with NSA. NSA issued a statement, also via Twitter, which categorically denies the allegation that NSA had been “monitoring our electronic communications and is planning to leak them in an attempt to take this show off the air.”
Zaid has shared, via a series of Tweets, that as of June 29, the focus on his client, is coming from the NSA and not from the DCSA. He explained that DCSA has no active investigation, nor are they involved in adjudication actions involving Arrington.
For FSOs
Administrative investigations into the unauthorized revelation or sharing of classified information is, as Zaid noted, routine. Most recently, the UK Ministry of Defence opened an investigation into how a package of 50 pages of classified materials concerning the recent transit of the HMS Defender in the Black Sea wound up in a “soggy heap behind a bus stop in Kent.”
Similarly, when The Intercept published the NSA PowerPoint which contained Top Secret codeword content, the NSA initiated an internal investigation which initially involved approximately a half-dozen individuals and was eventually whittled down to one: Reality Winner.
FSO’s should have processes and procedures designed to assist their Cognizant Security Authority in investigations involving the unauthorized storage, sharing, or inadvertent disclosure of classified information.
In addition, FSO’s should ensure their constituents understand that the U.S. Government may suspend a security clearance at any time if there is an issue warranting investigation. These type of investigations rarely move to the public forum, and may continue for many months. I can attest from personal experience having been caught up in the switches of a major counterintelligence investigation which did not involve me, but directly affected me for a sustained period of time – that of Robert Hanssen.