CBS: Obama admin ducked final HealthCare.Gov security requirements; problems rolling in
posted at 10:01 am on November 5, 2013 by Erika Johnsen
The confidence in their big-government agenda that the Obama administration daily instills in me is truly overwhelming. Via CBS News:
As HealthCare.gov was being developed, crucial tests to ensure the security and privacy of customer information fell behind schedule.
CBS News analysis found that the deadline for final security plans slipped three times from May 6 to July 16. Security assessments to be finished June 7 slid to August 16 and then August 23. The final, required top-to-bottom security tests never got done.
The House Oversight Committee released an Obama administration memo that shows four days before the launch, the government took an unusual step. It granted itself a waiver to launch the website with “a level of uncertainty … deemed as a high (security) risk.”
Agency head Marilyn Tavenner accepted the risk and “mitigation” measures like frequent testing and a dedicated security team. But three other officials signed a statement saying that “does not reduce the risk” of launching October 1.
And in a follow-up this morning, CBS reports on still more technology experts’ concerns over the lack of adequate testing of the website before its launch, and the real-time examples already cropping up even with HealthCare.Gov moving at only partially operational speed. Via the WFB:
As a test, CBS gave one technology expert the real healthcare.gov username of a CBS employee, and within seconds, he identified the specific security question she used to reset her password.
Sean Henry, the former assistant director of the FBI’s cyber division, said the security issues need to be taken seriously.
“If somebody’s got the ability to look at a source code and able to reverse-engineer that and identify what somebody’s personal questions are, that should be of concern,” Henry said.
And the hits just keep on coming.