Close Close

Retirement Planning > Social Security

Panel closes security hearing

Your article was successfully shared with the contacts you provided.

Top experts today gave members of the House Oversight & Government Reform Committee their thoughts about how hackers might try to attack

Members of the committee unanimously voted to close the session to the public, to avoid giving hackers a tutorial on vulnerabilities.

The witnesses were Kevin Charest, chief information security officer at the U.S. Department of Health and Human Services and Milton Shomo, a principal information systems engineer at MITRE Corp., a company that’s tested security.

The written versions of the witnesses’ testimony aren’t classified documents, but the committee gave members of Congress numbered copies and prohibited members from making their own copies or taking the documents out of the hearing room.

Rep. Darrell Issa, R-Calif., the committee chairman, said in an opening statement that his staff has been unable to get information about security from HHS. He said his staff has had to rely on documents obtained from vendors, through subpoenas.

The documents suggest HHS opened to the public before data security officials thought it was ready, Issa said.

Issa said his understanding is that, under the law, a high-level federal official can approve the launch of a website simply by agreeing to accept the risk that the site could have security problems, even if the site has failed security tests or has undergone no tests.

“There is no protection against a judgment call,” Issa said.

Rep. Elijah Cummings, D-Md., the highest-ranking Democrat on the committee, noted that the hearing was the 23rd the committee’s held on the Patient Protection and Affordable Care Act and PPACA implementation.

HHS data security officials have assured Congress that is secure and has not yet been the target of a successful attack, Cummings said.

See also:


© 2023 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.