Comments
Healthcare.gov Still Insecure, Critics Tell House Panel
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/22/2014 | 8:47:26 AM
Re: The first thing to g
This is a huge project and I can't say that there is any one best place to start but I would begin with securing the transactions between the various modules since an issue could very easily snowball and it would be less obvious than a direct attack on the web facing servers.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
1/21/2014 | 12:09:55 PM
Re: The first thing to g
@SaneIT, where would you start, if it were your job to make HealthCare.gov truly secure?
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
1/20/2014 | 8:26:09 AM
Re: The first thing to g
When I first heard about the issues that they were having with healthcare.gov, I started digging because I knew that the news outlets could only be giving as much information as they understood and that meant that the technical details would be the first things to be left out.  I think it is important to look at this how it was built not just if it is working or not.  The individual pieces seem to work or most of them work.  The problem is that they hand off information between many different modules and departments and it's like playing the telephone game, when one module misbehaves the entire transaction is twisted.  Securing the site is going to be rough because one bad module will punch holes that could affect several other modules or the information that they collect.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
1/17/2014 | 9:48:31 AM
Speculation
With the help of one friendly witness, the Democrats were able to bring out the fact that a lot of the criticism is speculative in the sense that it's not based on an actual audit or penetration test.

On the other hand, I have to give HealthCare.gov security critic Kennedy credit for a comparison, which I neglected to use in the article: He said he was like a mechanic who passes a car that's blowing out big clouds of smoke -- enough evidence to suggest the vehicle is burning oil and in severe trouble, without the mechanic needing to look under the hood.
Laurianne
50%
50%
Laurianne,
User Rank: Author
1/17/2014 | 9:29:29 AM
Re: The first thing to g
SaneIT, interesting point. Thank you for bringing a thoughtful point of view to many of our discussions recently.
WKash
50%
50%
WKash,
User Rank: Author
1/17/2014 | 9:27:41 AM
Re: Who do you believe?
House committee hearings -- at least the ones I've attended -- seem to more about speaking to an audience outside the hearing room than to listening to what experts really have to share.  When Congressmen call in experts, vs the people who actually lived through HealthCare.gov's development, you have to wonder what real good comes out of these hearings besides a good show.
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
1/17/2014 | 7:45:38 AM
Re: The first thing to go
I think you're on the right track, not only are they being pressured to get to a state that they can get users through an application, the security issues take a back seat for now because the hand offs between all the modules they are using make locking it down tougher than addressing a single exchange of data.  I don't know that I'd say they see it as less important but they probably see it as a bigger longer term fix.
cbabcock
50%
50%
cbabcock,
User Rank: Strategist
1/16/2014 | 9:14:56 PM
The first thing to go
With the pressure they are under to just make it work, sound security practices have had to take a back seat, I have no doubt. If this were a well-managed project, security would have already been accounted for -- built in -- by now. But no. This is a mad scramble to get something done that looks like it works.
Sadie!
50%
50%
Sadie!,
User Rank: Strategist
1/16/2014 | 6:57:45 PM
Re: Who do you believe?
None of them are sincere, they're politicians.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/16/2014 | 5:12:39 PM
Re: Who do you believe?
People are entitled to their own opinions. They're not entitled to their own facts. There are either security flaws in the code comprising the site or there aren't. It's like manmade global warming - if 100 subject-matter experts examine the evidence, and 97 say something is so, well then ...

This seems like a similar case. Show security experts within the gov/Accenture the insecure code. Obviously, flaws are not going to be made public, nor should they be. But let's leave politics at the door and just fix it.
Page 1 / 2   >   >>


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.