Katie Arrington, the former Chief Information Security Officer for the Office of the Undersecretary for Defense for Acquisitions & Sustainment, has resigned.
Arrington was dogged by allegations and a criminal investigation into whether she had leaked top-secret information during her tenure as CISO, ironically as she was tasked with shoring up the defense industry’s supply chain via the Cybersecurity Maturity Model Certification program. She attempted to sue the Dept. of Defense, but eventually voluntarily dismissed the case with prejudice, denying her the ability to re-file the suit. Two days later, the DoD eliminated the CISO position, leaving it impossible for her to return to her prior job.
As a Senior Executive Services (SES) hire, Arrington could only be fired for extreme misbehavior. Instead, sources reported to Oxebridge over the past year that the DoD was hoping Arrington would resign so that they did not have to pursue the investigations into her conduct, and thus avoid the appearance that the probes were a partisan witch hunt.
That delay had little effect, as Arrington has framed her departure exactly as the result of a partisan conspiracy against her. Arrington’s resignation announcement came as a post on LinkedIn, ironically the same social media platform where her posts had earned her multiple complaints to various Federal agencies. In her post, she painted herself as the victim of “false accusations.”
Arrington’s resignation was a foregone conclusion, as her security clearance remained suspended, multiple investigations and ethics probes continued, and a formal whistleblower retaliation complaint had been lodged by Oxebridge.
Yesterday, the DoD Inspector General reported it had closed a criminal probe into Arrington, one which involved the Defense Criminal Investigative Services branch. DoDIG did not explain the reason for dropping the complaint, but sources told Oxebridge that DoD had begun “clearing their desks” of Arrington-related filings in anticipation of her resignation.
It is unlikely any probes will continue now that she has resigned.
Last week, the DoD announced that it had already moved the CMMC program to the office of the Chief Information Officer.
To date, nearly every person subject to filings through Oxebridge’s ISO Whistleblower Reporting System, which was expanded to include CMMC, has been fired, resigned, or ousted from their position in the scheme. These include Arrington, as well as CMMC-AB Board Members Ty Schieber, Mark Berman, Regan Edens, Ben Tchoubineh, and Karlton Johnson.
Stacy Bostjanick remains at the head of the CMMC Program Management Office, having transitioned to the Office of the CIO. She and current CMMC-AB Board Chair Jeff Dalton remain the last two players in the scheme whom Oxebridge has called on to resign. Bostjanick was named in multiple complaints filed under the ISO Whistleblower program, including allegations that she enabled widespread fraud by the CMMC-AB and refused to launch ethics investigations as required. Bostjanick first claimed she had “active investigations” underway for the CMMC-AB, then later admitted she had allowed the AB to conduct its own investigation. The AB cleared itself on nearly all allegations, allowing multiple conflicts of interest to remain.
Both Arrington and Bostjanick made frequent public appearances to promote the credentials sold by the CMMC-AB, even as they knew the program was undergoing major changes. The eventual “CMMC 2.0” undid much of Arrington’s prior work, and made many of the AB credentials obsolete. Oxebridge has argued that Arrington and Bostjanick used their official office to promote the products of the AB in order to enrich its Board. The AB’s first Chair, Ty Schieber, was a friend and political donor of Arrington, as well as her superior at her prior employer, Dispersive Technologies. Bostjanick claimed it was simply a coincidence that Arrington ended up heading the DoD’s CMMC program, and Schieber the CMMC Accreditation body, saying “it’s a small world.”
Oxebridge still has multiple FOIAs filed related to CMMC, including one to unmask Arrington’s original hiring process, which appears to have bypassed more qualified candidates. The CISO job posting stripped requirements for higher education, presumably to align with Arrington, who only has a High School diploma. After her hiring at DoD, Arrington claimed on social media she was going to “night school” to obtain a degree, but her constant media appearances raised questions about how she would have had the time to accomplish this. To date, there is no evidence that she obtained that degree.
Arrington inspired an online store called “Cooey Shop,” which began selling “Free Katie” t-shirts after she was put on paid leave pending her clearance investigation. The owners recently indicated on LinkedIn that the move was satire, aimed at poking fun at Arrington. She did not get the joke, however, and praised the shop for supporting her. “Cooey” became an instant meme in cybersecurity circles, after Arrington used the word in place of the abbreviation “CUI,” meant to stand for Controlled Unclassified Information. The word means “fried guinea pig” in Peru.
It is expected that Arrington will announce a run for Congress, and use her CMMC experience as a way to position herself as a Trumpian figure who was the victim of the Biden “Deep State.”
UPDATE 7 February 2022: Arrington’s official resignation letter was sent to SC Media, and reveals that she was preparing to file a “hostile work environment” complaint against Jesse Salazar, who took over for Ellen Lord. Salazar is the highest-ranking Latino gay civilian working at the DoD, creating an awkward position for Arrington as she prepares to announce her coming political ambitions.
Arrington also claims the DoD paid her attorneys fees, but no such arrangement was entered into the court docket. If so, it likely came with strings attached, which may point to why Arrington resigned only a few days later.
UPDATE 8 February 2022: Hours after her resignation announcement, Arrington announced her run for Congress in South Carolina. A slickly produced campaign video suggests this was planned for some time, and that her lawsuit against DoD and resignation were likely timed to boost her campaign. Arrington is branding herself a pro-Trump Republican, aligning her position with those who mounted the insurrection attempt on January 6th, 2021. She is seeking to primary Nancy Mace.
UPDATE 15 June 2022: Arrington has lost her bid for Congress.
Separately, Arrington has filed a new FOIA lawsuit against the US government, on many of the same issues. The government has responded by saying that Arrington waived key rights as part of the settlement agreement from the first suit.