Skip to main content

The House Oversight and Government Reform Committee, led by Chairman Darrell Issa (R-CA) (R), speaks with Representative Elijah Cummings (D-MD) at Capitol Hill in Washington June 20, 2012. The House Oversight and Government Operations Committee is conside
Reps. Darrell Issa and Elijah Cummings
Rep. Darrell Issa had yet another hearing on the non-scandal Republicans are trying to manufacture—the security of HealthCare.gov, the government's online health insurance marketplace. The problem is, not only has there not been a single instance of a security breach, the website has passed security tests.
Nearly three months after its launch, HealthCare.gov underwent end-to-end security testing and passed with flying colors, the top cybersecurity official overseeing the website told Congress today.

Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services, told the House Oversight Committee that results from the tests have alleviated her earlier concerns about risks of cyberattacks and theft of consumers’ personal information.

“This security control assessment met all industry standards, was an end-to-end test and was conducted in a stable environment that allowed for testing to be completed in the allotted time,” Fryer told the panel.

Still in question, though, is whether Darrell Issa will pass a security test. Given his habit of leaking bits of sensitive information that come into his hands as Oversight chairman, and then national media organizations running with the incomplete "scandalous" information they have, the administration has been worried about letting more information about the website's construction and its security protocols into his hands. If that kind of information were to be leaked, the security threat would be very real.

That's why Rep. Elijah Cummings, ranking member of the Oversight Committee, has demanded that the committee put a series of protections of sensitive information. Cummings has a number of concerns, including the fact that committee staff has left sensitive information in unsecured rooms, that Issa is sharing sensitive information with outside consultants who haven't been authorized by the committee, and that the committee as a whole hasn't adopted security protocols for dealing with this kind of information. Issa delegated to a staffer to blow off all of these concerns. Issa spokeswoman Caitlin Carroll said in response, “The committee is comfortable with the protocols we have utilized to prevent the release of sensitive technical information. [...] We have also told the Minority that they are welcome to consult with us on any questions they have about information they intend to release.” Welcome to consult, but don't expect us to listen.

So if there is a major security breach to HealthCare.gov in the near future, it might worth looking at Issa's communication history. Finally there might be a use for all that information the NSA is sucking up.

Originally posted to Joan McCarter on Thu Jan 16, 2014 at 12:39 PM PST.

Also republished by Daily Kos.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Tip Jar (20+ / 0-)

    "The NSA’s capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything. [...] There would be no place to hide."--Frank Church

    by Joan McCarter on Thu Jan 16, 2014 at 12:39:27 PM PST

  •  I am awaiting Issa's response (8+ / 0-)
    Washington, DC (Jan. 14, 2014)—Today, Rep. Elijah E. Cummings, Ranking Member of the House Committee on Oversight and Government Reform, sent a letter to Chairman Darrell Issa requesting that the Committee hold a bipartisan hearing with senior Target officials and security experts to investigate the cause of Target’s massive information technology breach, its implications for American consumers, and the steps Target has taken to address this breach and implement mitigation measures to ensure that similar attacks are not successful in the future.

    Cummings wrote:  “In addition to serving the interests of millions of American consumers affected by this breach, I believe the Committee could learn from these witnesses about their failures, successes, and best practices in order to better secure our federal information technology systems.”

    http://democrats.oversight.house.gov/...

     

    "I am not interested in picking up crumbs of compassion thrown from the table of someone who considers himself my master. I want the full menu of rights." (From "You Said a Mouthful" by Bishop Desmond Tutu - South African bishop & activist, b.1931)

    by FiredUpInCA on Thu Jan 16, 2014 at 01:27:47 PM PST

  •  NBC repots: Outside Experts Completely Disagree (0+ / 0-)

    Below is a link to NBC News story on the issue.

    Outside experts indicated of the 18 major security flaws pointed out in November - none had been remedied.

    http://www.nbcnews.com/...

    I wouldn't think the outsiders have any incentive to lie, not sure the same can be said for a security expert who had apparently been directly involved with the highly flawed website.

    •  A firm selected by Issa? (0+ / 0-)

      Given the way that Issa leaks for political advantage, chooses witnesses for advantage, rewrites testimony for advantage, and packs his lists, I actually do have reason to suspect the "House experts." The White House firm, on the other hand, at least can tell the difference between code that asks for and gets information from that which never does.

      Everyone's innocent of some crime.

      by The Geogre on Thu Jan 16, 2014 at 05:34:24 PM PST

      [ Parent ]

  •  Issa is a modern-day Don Quixote (1+ / 0-)
    Recommended by:
    MVH1

    Endlessly tilting at windmills, and wasting taxpayer dollars in the process. Pathetic.

  •  Who knows? Let's just help Dave Peiser defeat him (1+ / 0-)
    Recommended by:
    MVH1
  •  Is Issa REALLY concerned about data security? (2+ / 0-)
    Recommended by:
    MVH1, revsue

    If so, why are American companies, including financial institutions, allowed to relocate their data centers to foreign countries ... allowing American customer data to be accessed by any individual the foreign subsidiary chooses to employ?

    Issa and the Republicans have no sincere interest in data security.

  •  Not correct (1+ / 0-)
    Recommended by:
    dzog
    Given his habit of leaking bits of sensitive information that come into his hands as Oversight chairman, and then national media organizations running with the incomplete "scandalous" information they have, the administration has been worried about letting more information about the website's construction and its security protocols into his hands. If that kind of information were to be leaked, the security threat would be very real.
    This is wrong.

    If releasing information on the the site's security protocols creates a security threat,  then those protocols are faulty and the security review should have found this.

    This is hard for non-engineers to grasp, but the most secure systems are the ones whose designs are the most open.  Any fool can devise security arrangement that would thwart himself.  

    The source code issue perhaps is more of a security concern. That's because every large body of code contains bugs, and a certain percentage of those bugs are sure to be security related.   Even so,  the security review should have eliminated faults that would be obvious through casual inspection (e.g. sql injection, insecure access to underlying computer resources).  On the other hand, it's quite feasible to attack an insecure piece of code without being able to inspect it.

    In operating a system like this, you have to assume there are security holes, and that these will be found even if you try to hide the source code.   So most critical is all the stuff that goes around the source code;  how the data is managed  (do they keep stuff around they don't strictly need), what they are doing to detect attacks, and what they plan to do when one is (inevitably) found.    That really should be the subject of public review.

    Transparency is good medicine for government, no matter who is in power.  It's almost certain that if the source code and details of the security arrangements were revealed that there would be something embarrassing there.   And that's OK.   Trying to hide your weaknesses is worse than exposing them, because they will be found.

    I've lost my faith in nihilism

    by grumpynerd on Thu Jan 16, 2014 at 04:30:22 PM PST

  •  Re-read her comment, please (0+ / 0-)
    "We have also told the Minority that they are welcome to consult with us on any questions they have about information they intend to release"
    Translates as, "We are 'the committee,' and Cummings is welcome to get our advice on all the information he plans to leak." I.e. it's a statement that Darryl Issa is happy with himself and will tell anyone anything he wishes, but, hey, the Democratic members are welcome to have us monitor the information they have.

    You know. . . because all members of Congress are doing these things for political advantage. They're not doing anything for the service of the nation or its people. It's about winning.

    Everyone's innocent of some crime.

    by The Geogre on Thu Jan 16, 2014 at 05:31:04 PM PST

  •  Darrell Issa channels Tom DeLay (0+ / 0-)

    "I am the Federal government!"

    Light that Cuban with a fifty-dollar bill, Mr. Issa...we're fresh out of hundreds.

    "I feel a lot safer already."--Emil Sitka

    by DaddyO on Thu Jan 16, 2014 at 05:43:05 PM PST

  •  darrell issa (0+ / 0-)

    does not pass the smell test.

    save america defeat all republicans and conservatives

  •  I sure hope they can (0+ / 0-)

    get the slime from his fingers off the documents before they dissolve.

    Some days it's not even worth chewing through the restraints!

    by SpotTheCat on Thu Jan 16, 2014 at 06:46:08 PM PST

  •  Arrest Issa on charges of leaking classified ... (0+ / 0-)

    ... material, then duck-walk him into DOJ headquarters for booking.

  •  I wish Darrell Issa would go away or be fired! (0+ / 0-)

    His investigations are a complete waste of taxpayer money.

  •  what and how did they test? (0+ / 0-)

    they tested for potential e-attacks and for theft, but was that just outside theft? was it tested for omnipresent, omni-invasive Big Brother Google sending all the information to their servers from the inside or is this more proprietary BS a la Diebold's voting machines?

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site