Trump’s DoD CISO pick previously faced security clearance suspension – Source: go.theregister.com

Donald Trump’s nominee for a critical DoD cybersecurity role sports a resume that outshines many of his past picks, despite previously suspended security clearance.

Katie Arrington served a single two-year term in the South Carolina state House of Representatives from 2017 to 2019. She said in a LinkedIn post yesterday that she had been appointed to serve as the Chief Information Security Officer at the Department of Defense, giving her a key role in protecting the US government’s military secrets. 

Arrington’s appointment this week marks the second time she’s held a CISO role in the Defense Department under Trump. During his first term, she served as the CISO for the Pentagon’s Office of Acquisition and Sustainment, where she helped develop the Cybersecurity Maturity Model Certification (CMMC) for contractors and vendors. 

CMMC requires that companies within the Defense Industrial Base doing business with the Pentagon adhere to specific cybersecurity standards and undergo regular assessments to verify compliance.

While the rollout of CMMC has bolstered defense contractor security, it was during Arrington’s tenure that she became embroiled in a personnel dispute with the DoD.

In 2021, after Trump’s term had ended and President Biden’s team had taken over, the NSA suspended her security clearance following allegations that she disclosed classified information. The following day, she was placed on paid administrative leave from her role as the Pentagon’s A&S CISO due to the clearance freeze.

Subsequently, Arrington sued [PDF] the DoD, arguing that she had not been provided a clear explanation for the clearance suspension, according to court documents.

“Upon information and belief, the NSA’s action to allege [Arrington] committed any type of security violation is baseless or exaggerated and normally would not serve as the grounds to immediately suspend an individual’s clearance access,” her lawyer argued in the complaint. “The decision was designed to interfere with the cyber security activities that Plaintiff was running through DoD, which NSA did not support.” 

• You probably have more CIO experience than the incoming White House CIO
• Trump teases 25 percent semiconductor tariffs that will go ‘substantially higher’
• Trump’s cyber chief pick has little experience in The Cyber
• Trump admin seeks to reclassify federal CIOs, opening door to political appointees

The complaint further alleged that “unknown individuals within DoD” leaked “false and defamatory” information about Arrington. It also claimed that the DoD and NSA were purposefully delaying the investigation into her alleged unauthorized disclosure of classified information.

The case was settled in late January 2022, and Arrington officially resigned from her position the following month. In her resignation letter, Arrington accused the DoD’s actions of being politically motivated.

Two months later, Arrington’s lawyers filed a second complaint [PDF] against the DoD to force it to disclose records related to her clearance and job suspensions. The complaint generally echoes the first one, with the addition of further claims that the DoD and NSA’s actions were unjustified, and that an Air Force Office of Special Investigations review of the matter “could not identify any nefarious intent which would warrant a criminal or counterintelligence investigation at this time.” 

It’s unclear whether Arrington’s security clearance has been reinstated. But without it, fulfilling the requirements of the DoD CISO role would be challenging. Attempts to find out more about the matter from Arrington, her attorneys, the DoD, NSA and DoJ have been unsuccessful. ®