Former Cask Technologies executive Mark Larsen has finally been indicted and charged in the ongoing bribery scandal involving former SPAWAR representative James Soriano. Despite this, Cask still holds full CMMC assessment body authorization by The Cyber AB.
Larsen was arrested and released on a $20,000 secured bond. The court filings indicated that a secured bond was necessary because “an unsecured bond will not reasonably assure the defendant’s appearance as required,” suggesting the court felt Larsen could be a flight risk. The bond conditions require that Larsen not use any alcohol.
In 2021, Oxebridge had identified Cask as the company referred only to as “Contractor-1” in a case against Liberty Gutierrez, a former Cask employee who later pleaded guilty and is facing sentencing in the case. A related defendant, Dawnell Parker, also pleaded guilty, and Soriano himself was arrested and pleaded guilty, and now he also faces sentencing. Through it all, it was expected that an indictment of Larsen and/or his wife, Elizabeth Guezzale, would occur at any time.
At the time of the original Oxebridge reporting, Cask had only been granted a “candidate C3PAO” status within the CMMC scheme. Oxebridge notified The Cyber AB of the case and demanded that Cask be denied full C3PAO status. Sources within the AB reported that the accreditation body, led by Matt Travis and “ethics” chief Wayne Boline of Raytheon (RTX), simply asked Cask if the Oxebridge reporting was factual, and they denied it. Rather than verify the details, The Cyber AB accepted Cask’s statement — presumably made by President Kate Ehrle, a vocal supporter of the CMMC scheme and AB itself — at face value. The Cyber AB then approved Cask as a full C3PAO, ignoring the reporting and grave ethical concerns.
The arrest of Larsen and the probe into other Cask executives now proves The Cyber AB erred in this decision and provides more evidence of the AB’s lack of concern over corruption, conflicts of interest, and criminal activities done by parties under its watch.
It is reasonable to assume that if Cask executives were willing to bribe government officials to steer contracts its way, then it could well use its position as a CMMC assessment body to “fail” companies it perceives as competitors, leaving itself to pick up those contracts itself. This possibility was raised by stakeholders early in the CMMC scheme’s development, but the DoD ignored calls to ensure that C3PAOs only be selected from proven auditing bodies without conflicts of interest. Now, the majority of Cyber AB-approved bodies are competitors to the companies they will be assessing, and neither the DoD nor the AB has any means of mitigating this.
Other Cask Execs Likely to Be Arrested
The DoJ’s court filings include other as-yet-unnamed defendants from within Cask, suggesting that Ehrle and Guezzale — and possibly others — may still be indicted and arrested. Ehrle was Director of Sales and Business Development during the Soriano bribery activities, which included Cask hiring Soriano’s wife as a Cask employee. It seems unlikely the head of sales would not know that her department won contracts based on having hired the SPAWAR’s representative’s wife, who had allegedly been working in the Cask building. Regardless, Ehrle was promoted to President of Cask in 2019.
Larsen stepped down from Cask in January of 2024 to “focus on his family,” a sign that he knew his arrest was imminent.
The US Dept of Defense’s Office of the Chief Information Officer (CIO) oversees the CMMC scheme, and CIO representative Stacy Bostjanick has repeatedly refused to hold the Cyber AB or CMMC scheme actors accountable for ethics breaches. Bostjanick and the DoD have gone so far as to ignore violations of law by the AB and dilute accreditation requirements for the body to allow more conflicts of interest rather than mitigate them.
Other than Bostjanick, nearly every government employee related to the formation of CMMC has fled their government position, some going to work in companies that now sell CMMC services.
Oxebridge argues the entire scheme is illegal because the US government may not invent private companies without passing a law or other act of Congress. Former DoD representative Katie Arrington invented The Cyber AB out of thin air, handed control of it over to her friend and political donor Ty Schieber, and then left her position to sell CMMC services for IT firm Exiger. This creates a precedent that would allow any mid-level Federal bureaucrat the right to create private companies at will for their gain. Any Federal employee could, therefore, create a new Post Office for Transportation Security Administration (TSA) without any Congressional approval.
Larseon faces up to fifteen years in Federal prison and $250,000 in fines.
UPDATE 20 November 2024: added information about Larsen’s bond conditions, as the court docket has now been made public.