CBS: Top ObamaCare official wanted site shut down over security risks — and was overruled

posted at 9:41 am on December 20, 2013 by Ed Morrissey

It’s not as if HHS wasn’t aware of concerns over security for the ObamaCare exchange they launched.  Dozens of Attorneys General issued public warnings over the summer about the lack of security in a system that would contain the most private identity information of any web portal ever. Their own Inspector General blasted the contractors working on the site in June for their performance on security.

Still, HHS rolled out the site even with those gaps unaddressed, putting millions of Americans at risk for identity theft — but the news gets worse.  CBS News’ Sharyl Attkisson reports this morning that a top official in the ObamaCare exchange told Congress on Tuesday that HHS discovered two more big security issues that no one detected before the rollout:

A top HealthCare.gov security officer told Congress there have been two, serious high-risk findings since the website’s launch, including one on Monday of this week, CBS News has learned.

Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS), revealed the findings when she was interviewed Tuesday behind closed doors by House Oversight Committee officials. The security risks were not previously disclosed to members of Congress or the public. Obama administration officials have firmly insisted there’s no reason for any concern regarding the website’s security. …

Details are not being made public for security reasons but Fryer testified that one vulnerability in the system was discovered during testing last week related to an incident reported in November. She says that as a result, the government has shut down functionality in the vulnerable part of the system. Fryer said the other high-risk finding was discovered Monday.

Fryer then told Congress that she recommended the site be shut down to address the security gaps — and was overruled:

“My recommendation was a denial of ATO [Authority to Operate -- allowing the website to go live],” Fryer told Democrats and Republicans who sat in on the day-long interview. According to Fryer, she first recommended denying the ATO to CMS chief information officer Tony Trenkle based on the many outstanding security concerns after pre-launch testing.

“I had discussions with him on this and told him that my evaluation of this was a high risk,” Fryer told the committee. Trenkle retired from his CMS job on Nov. 13. He has not responded to CBS News interview requests.

That must have been news to Congress.  As Attkisson recounts, Kathleen Sebelius testified before Congress on October 30th that “no senior official reporting to me ever advised me that we should delay.” While Sebelius may be able to claim that Fryer didn’t report to her and that her statement was technically accurate, Congress may want to know why Sebelius went forward with the launch without Fryer’s signature on the letter recommending the ATO. Fryer also told Congress that she personally briefed Sebelius’ advisers on her recommendation to withhold the ATO on September 20th, six weeks before her testimony to Congress.

Once again, we have the spectacle of another high-ranking Obama administration official misrespresenting — at best — the operations of agencies to Congress in areas of legitimate oversight.  The question is beginning to change from who’s being dishonest to whether anyone on Barack Obama’s team has ever been honest in testimony to Congress.  I’d expect House Oversight chair Darrell Issa to start issuing subpoenas to everyone briefed by Fryer, so that the question of obstruction of Congress by Kathleen Sebelius can be answered.  (Those names include the already-discredited Henry Chao, by the way.)  It’s clear that the dishonesty of this administration extends far and wide.

Update (Allahpundit): Fryer’s not the only techie at CMS whose signature was mysteriously missing from the Authority to Operate. Remember Tony Trenkle? He was the project manager who left the agency in November — an unusual move given the all-hands-on-deck attitude to fixing Healthcare.gov at the time. Trenkle also didn’t sign the ATO. I speculated at the time that he refused for the same reasons that Fryer did, namely, that no tech specialist with a conscience would greenlight a site this vulnerable, but the official explanation was that CMS chief Marilyn Tavenner wanted to sign the ATO herself because this project was super-important and should be formally endorsed by the head of the agency or whatever. Sure looks like Tavenner was fully aware of how dangerous Healthcare.gov could be to users who entered their private information but insisted that the site be launched anyway, over the objections of her own team. It’s subpoena time.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

Comment pages: 1 2

You don’t think that Chuck U Schumer has aspirations as well?

Actually, there might be some entertainment value in watching Chuck and Dickie slug it out.

bofh on December 20, 2013 at 10:29 AM

Sheila Jackson Lee has already ordered new furniture and drapes for the office and changed the locks on the doors. (yes I know she’s in the House but this is SJL I’m talking about)

Oldnuke on December 20, 2013 at 12:12 PM

obama exempts any group he wants.

I have the same right.

DO NOT COMPLY, if you are still free.

The USA is still not Adolf’s Germany.

“still” is the key word.

Schadenfreude on December 20, 2013 at 12:16 PM

I’m torn about Reid. I’m not supposed to wish ill on anyone, but the man is evil to the core.

22044 on December 20, 2013 at 10:01 AM

Not torn anymore. There comes a point when one must take leave of safe harbor and make the call on evil. This is the first time in my life I wished for what I feel that I am wishing for.

Tsar of Earth on December 20, 2013 at 12:18 PM

LE OOPS!!!!!!!!!!!!!!!!!!!!!:

Massachusetts, US
2m
==

Massachusetts State troopers found 1,250 bags of heroin labeled with ‘Obamacare’ during a traffic stop in Hatfield, Mass. – @MassStatePolice
read more on facebook.com
=========================

https://twitter.com/MassStatePolice

canopfor on December 20, 2013 at 12:19 PM

We don’t need more subpoenas. We need arrest warrants! Frog marching time! (actually past due.)

TerryW on December 20, 2013 at 12:19 PM

Breaking news….dear leader pivoting to military sexual assaults investigation.

cmsinaz on December 20, 2013 at 10:07 AM

Everyone deserves a little R&R.

Tsar of Earth on December 20, 2013 at 12:20 PM

1. The individual mandate includes a “hardship exemption.” People who qualify can either ignore the individual mandate altogether or purchase a cheap, bare-bones catastrophic insurance plan that’s typically only available to people under 30.

Schadenfreude on December 20, 2013 at 12:21 PM

canopfor on December 20, 2013 at 12:19 PM

ok i lol’ed on that

cmsinaz on December 20, 2013 at 12:22 PM

Everyone deserves a little R&R.

Tsar of Earth on December 20, 2013 at 12:20 PM

smh

cmsinaz on December 20, 2013 at 12:22 PM

10. This puts the first crack in the individual mandate. The question is whether it’s the last. If Democratic members of Congress see this as solving their political problem with people whose plans have been canceled, it could help them stand against Republican efforts to delay the individual mandate. But if congressional Democrats use this ruling as an excuse to delay or otherwise de-fang the individual mandate for anyone who doesn’t want to pay for insurance under Obamacare, then it’ll be a very big problem for the law.

Schadenfreude on December 20, 2013 at 12:23 PM

Obama health care law
3m
====

Healthcare.gov down before President Obama’s year-end news conference – @washingtonpost
read more on washingtonpost.com
===============================

HealthCare.gov goes down before Obama’s news conference

By Aaron Blake
December 20 at 12:15 pm
****************************

With less than two hours to go before President Obama is scheduled to give his year-end news conference, people are not able to apply for health insurance on HealthCare.gov.
===========================

http://www.washingtonpost.com/blogs/post-politics/wp/2013/12/20/healthcare-gov-goes-down-before-obamas-news-conference/

canopfor on December 20, 2013 at 12:24 PM

…Either way, it’s hard to believe that both sets of articles are written by the same person. One set is incredibly well thought out and logical. The other set is neither of those things.

Chris of Rights on December 20, 2013 at 10:08 AM

Necrosis of the Right Hemisphere ?

Tsar of Earth on December 20, 2013 at 12:28 PM

canopfor on December 20, 2013 at 12:19 PM

ok i lol’ed on that

cmsinaz on December 20, 2013 at 12:22 PM

cmsinaz:Tee-hee, …priceless:)
===============================

http://www.breakingnews.com/topic/us-military-sexual-assault-legislation/

US military sexual assault legislation
***************************************

Chuck Hagel
29m
Defense Secretary Chuck Hagel on military sexual assault: ‘Eliminating sexual assault in the military is one of DoD’s highest priorities’ – via @NBCNews
end of bulletin
Barack Obama
2h
President Obama orders 1-year review of military’s handling of sexual assault to measure progress – @AP
end of bulletin
Barack Obama
12h
Senate passes defense bill addressing sexual assault in military 84-15; measure heads to Obama – @AP
end of bulletin

canopfor on December 20, 2013 at 12:32 PM

C’mon man. You’re being a little hard on Malaria and Sausage.

bofh on December 20, 2013 at 10:13 AM

Was just a matter of time before someone dropped the Little Cosby’s and stunk up the place, huh.

Tsar of Earth on December 20, 2013 at 12:34 PM

1. The individual mandate includes a “hardship exemption.” People who qualify can either ignore the individual mandate altogether or purchase a cheap, bare-bones catastrophic insurance plan that’s typically only available to people under 30.

Schadenfreude on December 20, 2013 at 12:21 PM

Schadenfreude:Yup:0
===================

Mark Knoller ‏@markknoller 3h

Explanation for “hardship exemption” eligibility at https://www.healthcare.gov/blog/cancelled-plan-you-ve-got-coverage-options/
===========

https://www.healthcare.gov/exemptions/

canopfor on December 20, 2013 at 12:35 PM

Ah. Another benefit to hiring the Microsoft flunky:
He will integrate Windows(tm) Automatic Security Updates.
Downloaded and installed hourly. Forever and ever and ever.

Tsar of Earth on December 20, 2013 at 12:01 PM

NOOOOOOOOO! I’ve already rebooted so many times my reboot button is wore smooth assed out.

lfwest on December 20, 2013 at 12:37 PM

Canada, you are a US treasure.

Schadenfreude on December 20, 2013 at 12:37 PM

Senior Obama Administration officials lied to Congress and the American people….

…sad to say, but this is not a surprise. Rather it’s SOP for this Administration. Where are the perjury indictments from Congress?

Athos on December 20, 2013 at 12:41 PM

The question is beginning to change from who’s being dishonest to whether anyone on Barack Obama’s team has ever been honest in testimony to Congress.

No, but since most of the media lies too no one’s doing anything about it.

talkingpoints on December 20, 2013 at 12:47 PM

That woman in the pic to the Left behind Seb is only there
because she wants some free Chicken Tenders..

ToddPA on December 20, 2013 at 12:48 PM

With less than two hours to go before President Obama is scheduled to give his year-end news conference, people are not able to apply for health insurance on HealthCare.gov.

Awesome.

talkingpoints on December 20, 2013 at 12:49 PM

I’ve come to the realization that Ms. McArdle is a bit of a dim bulb.

NotCoach on December 20, 2013 at 9:58 AM

She has a very good understanding of economics and fiscal policies. Her articles on those things are near the best you will find anywhere.

Chris of Rights on December 20, 2013 at 10:08 AM

That’s why it’s so surprising to me that she can’t immediately see that the ACA is not workable. You can’t depend on people just starting in the labor market to heavily subsidize people that are in their peak earning years or just beyond which is exactly the way the bill is set up. The young people don’t make enough money or have enough disposable income to do this. Add to this high student loan burdens and horrible unemployment among recent college graduates and it’s an economic disaster. It’s very obvious. And that doesn’t even begin to address all the other problems with the act.

talkingpoints on December 20, 2013 at 1:02 PM

I prefer not to listen or watch anyone from this administration. I can enjoy my food without having to worry about throwing up. Fill me in later on what the liar said today.

crosshugger on December 20, 2013 at 1:10 PM

Until Obama, I think every president since Reagan, including Clinton, spent Christmas at the White House or Camp David. Why? It meant that support staff such as the Secret Service would be able to spend some part of Christmas day with their own families.

INC on December 20, 2013 at 1:33 PM

And the Republicans will do nothing but continue their war against Conservatives.

RJL on December 20, 2013 at 7:07 PM

I think I saw those faces in an early Twilight Zone episode about alien plastic surgeons or something.

claudius on December 20, 2013 at 10:52 PM

What if Democrats put up an Obamacare ™ web-site and no one came?

This is what happened. Democrats enacted an impossible law, and the public largely ignored it.

Anyone who did sign up should probably invest the money they would have spent on the fine to buy a subscription to an ID theft protection service. (You will still owe the fine because the site won’t be able to tell the IRS that you signed up).

This is just as well, considering the security issues – nobody should enter any personal information into this site until it is proven to be secure.

virgo on December 21, 2013 at 2:37 AM

Kathy, did you lie to congress too?

Amazingoly on December 22, 2013 at 2:57 PM

Comment pages: 1 2