Comments
Healthcare.gov Still Insecure, Critics Tell House Panel
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/22/2014 | 8:47:26 AM
Re: The first thing to g
This is a huge project and I can't say that there is any one best place to start but I would begin with securing the transactions between the various modules since an issue could very easily snowball and it would be less obvious than a direct attack on the web facing servers.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
1/21/2014 | 12:09:55 PM
Re: The first thing to g
@SaneIT, where would you start, if it were your job to make HealthCare.gov truly secure?
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
1/20/2014 | 8:26:09 AM
Re: The first thing to g
When I first heard about the issues that they were having with healthcare.gov, I started digging because I knew that the news outlets could only be giving as much information as they understood and that meant that the technical details would be the first things to be left out.  I think it is important to look at this how it was built not just if it is working or not.  The individual pieces seem to work or most of them work.  The problem is that they hand off information between many different modules and departments and it's like playing the telephone game, when one module misbehaves the entire transaction is twisted.  Securing the site is going to be rough because one bad module will punch holes that could affect several other modules or the information that they collect.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
1/17/2014 | 9:48:31 AM
Speculation
With the help of one friendly witness, the Democrats were able to bring out the fact that a lot of the criticism is speculative in the sense that it's not based on an actual audit or penetration test.

On the other hand, I have to give HealthCare.gov security critic Kennedy credit for a comparison, which I neglected to use in the article: He said he was like a mechanic who passes a car that's blowing out big clouds of smoke -- enough evidence to suggest the vehicle is burning oil and in severe trouble, without the mechanic needing to look under the hood.
Laurianne
50%
50%
Laurianne,
User Rank: Author
1/17/2014 | 9:29:29 AM
Re: The first thing to g
SaneIT, interesting point. Thank you for bringing a thoughtful point of view to many of our discussions recently.
WKash
50%
50%
WKash,
User Rank: Author
1/17/2014 | 9:27:41 AM
Re: Who do you believe?
House committee hearings -- at least the ones I've attended -- seem to more about speaking to an audience outside the hearing room than to listening to what experts really have to share.  When Congressmen call in experts, vs the people who actually lived through HealthCare.gov's development, you have to wonder what real good comes out of these hearings besides a good show.
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
1/17/2014 | 7:45:38 AM
Re: The first thing to go
I think you're on the right track, not only are they being pressured to get to a state that they can get users through an application, the security issues take a back seat for now because the hand offs between all the modules they are using make locking it down tougher than addressing a single exchange of data.  I don't know that I'd say they see it as less important but they probably see it as a bigger longer term fix.
cbabcock
50%
50%
cbabcock,
User Rank: Strategist
1/16/2014 | 9:14:56 PM
The first thing to go
With the pressure they are under to just make it work, sound security practices have had to take a back seat, I have no doubt. If this were a well-managed project, security would have already been accounted for -- built in -- by now. But no. This is a mad scramble to get something done that looks like it works.
Sadie!
50%
50%
Sadie!,
User Rank: Strategist
1/16/2014 | 6:57:45 PM
Re: Who do you believe?
None of them are sincere, they're politicians.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/16/2014 | 5:12:39 PM
Re: Who do you believe?
People are entitled to their own opinions. They're not entitled to their own facts. There are either security flaws in the code comprising the site or there aren't. It's like manmade global warming - if 100 subject-matter experts examine the evidence, and 97 say something is so, well then ...

This seems like a similar case. Show security experts within the gov/Accenture the insecure code. Obviously, flaws are not going to be made public, nor should they be. But let's leave politics at the door and just fix it.
Page 1 / 2   >   >>


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.