Healthcare.gov Still Insecure, Critics Tell House Panel - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Healthcare.gov Still Insecure, Critics Tell House Panel
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/22/2014 | 8:47:26 AM
Re: The first thing to g
This is a huge project and I can't say that there is any one best place to start but I would begin with securing the transactions between the various modules since an issue could very easily snowball and it would be less obvious than a direct attack on the web facing servers.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
1/21/2014 | 12:09:55 PM
Re: The first thing to g
@SaneIT, where would you start, if it were your job to make HealthCare.gov truly secure?
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
1/20/2014 | 8:26:09 AM
Re: The first thing to g
When I first heard about the issues that they were having with healthcare.gov, I started digging because I knew that the news outlets could only be giving as much information as they understood and that meant that the technical details would be the first things to be left out.  I think it is important to look at this how it was built not just if it is working or not.  The individual pieces seem to work or most of them work.  The problem is that they hand off information between many different modules and departments and it's like playing the telephone game, when one module misbehaves the entire transaction is twisted.  Securing the site is going to be rough because one bad module will punch holes that could affect several other modules or the information that they collect.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
1/17/2014 | 9:48:31 AM
Speculation
With the help of one friendly witness, the Democrats were able to bring out the fact that a lot of the criticism is speculative in the sense that it's not based on an actual audit or penetration test.

On the other hand, I have to give HealthCare.gov security critic Kennedy credit for a comparison, which I neglected to use in the article: He said he was like a mechanic who passes a car that's blowing out big clouds of smoke -- enough evidence to suggest the vehicle is burning oil and in severe trouble, without the mechanic needing to look under the hood.
Laurianne
50%
50%
Laurianne,
User Rank: Author
1/17/2014 | 9:29:29 AM
Re: The first thing to g
SaneIT, interesting point. Thank you for bringing a thoughtful point of view to many of our discussions recently.
WKash
50%
50%
WKash,
User Rank: Author
1/17/2014 | 9:27:41 AM
Re: Who do you believe?
House committee hearings -- at least the ones I've attended -- seem to more about speaking to an audience outside the hearing room than to listening to what experts really have to share.  When Congressmen call in experts, vs the people who actually lived through HealthCare.gov's development, you have to wonder what real good comes out of these hearings besides a good show.
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
1/17/2014 | 7:45:38 AM
Re: The first thing to go
I think you're on the right track, not only are they being pressured to get to a state that they can get users through an application, the security issues take a back seat for now because the hand offs between all the modules they are using make locking it down tougher than addressing a single exchange of data.  I don't know that I'd say they see it as less important but they probably see it as a bigger longer term fix.
cbabcock
50%
50%
cbabcock,
User Rank: Strategist
1/16/2014 | 9:14:56 PM
The first thing to go
With the pressure they are under to just make it work, sound security practices have had to take a back seat, I have no doubt. If this were a well-managed project, security would have already been accounted for -- built in -- by now. But no. This is a mad scramble to get something done that looks like it works.
Sadie!
50%
50%
Sadie!,
User Rank: Strategist
1/16/2014 | 6:57:45 PM
Re: Who do you believe?
None of them are sincere, they're politicians.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/16/2014 | 5:12:39 PM
Re: Who do you believe?
People are entitled to their own opinions. They're not entitled to their own facts. There are either security flaws in the code comprising the site or there aren't. It's like manmade global warming - if 100 subject-matter experts examine the evidence, and 97 say something is so, well then ...

This seems like a similar case. Show security experts within the gov/Accenture the insecure code. Obviously, flaws are not going to be made public, nor should they be. But let's leave politics at the door and just fix it.
Page 1 / 2   >   >>


State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll