Coffee & Conversation with Katie Arrington

On Thursday, May 5, INSA hosted a virtual Coffee & Conversation with Katie Arrington, Performing the Duties of CIO, Department of Defense, and Suzanne Wilson Heckenberg, President, INSA. 

View the recording, courtesy of Leidos!

Katie Arrington shared a forward-looking update on key priorities shaping the Department of Defense’s digital transformation. Arrington identified software acquisition reform as her top priority, pointing out that the complexity of current DoD acquisition networks must be addressed. She emphasized that reducing the number of disconnected systems and increasing interoperability is essential for supporting a more responsive and secure defense posture.

Arrington expressed appreciation for the strong industry engagement with the recent SWIFT RFI. With a focus on speed, automation, and new tools, the SWIFT initiative aims to enhance delivery while enabling the department to operate with agility. Acknowledging that some risk must be managed to move quickly, Arrington emphasized the importance of using the Enterprise Mission Assurance Support Service (e-MAS) as a central, evolving platform where industry should upload documentation and third-party assessments, helping both the DoD and industry partners understand and align with one another. Arrington highlighted that interoperability, especially in areas such as Identity, Credential, and Access Management (ICAM), data tagging, and data labeling, remains a key objective.

Arrington referenced recent guidance from DoD leadership encouraging more internal capability development, particularly in areas like the Risk Management Framework (RMF), to reduce dependency on external consulting and improve consistency across the department. Using a light-hearted analogy involving Mountain Dew’s “puppy monkey baby” advertisement, Arrington illustrated the challenges of disjointed program goals and the need for greater alignment across the DoD. 

She encouraged program managers to coordinate more closely before releasing new contract modifications and to leverage IT and consulting resources more strategically, giving the defense industrial base more opportunities to support the mission effectively.

On the topic of cybersecurity, Arrington underscored the continued importance of the Cybersecurity Maturity Model Certification (CMMC), describing it as ensuring everyone in the ecosystem has their “cyber seat belt” fastened. She stressed that the DoD and industry are partners in national defense, and that strong cybersecurity is a shared responsibility. She noted there are many resources available to assist small businesses with this process, including Project Spectrum, state-level grants, and support from Small Business Administration offices. Strict compliance with CMMC is essential, and thoughtful use of these tools can help contractors meet expectations.

Arrington voiced concern about ongoing supply chain vulnerabilities and the need for greater visibility and resilience. She encouraged DIB contractors to increase understanding of their supply chains and highlighted the important work being done by the Office of Strategic Capital on this issue.

In closing, Arrington shared that the DoD is currently reviewing SWIFT responses and plans to hold individual follow-up meetings with nearly all participants. A new RFI focused on key cybersecurity and monitoring principles is expected in July. She reiterated the department’s commitment to open communication and invited ongoing dialogue with industry partners.