|
Thank you, Mr.
Chairman, and let me commend you for holding this very timely hearing on a topic
of such great importance to the American people – the protection of their
privacy and their private information.
Due in part to the
Internet, Americans today are paying greater attention to privacy protections.
But I don’t think that many people realize the extent to which the ongoing
debate over privacy is so closely related to the issue of computer
security. That is one reason why this Committee has been conducting an
investigation into the adequacy of Federal efforts to protect our nation’s
cyber infrastructure and the vast amounts of sensitive data stored on Federal
computers.
Last month, the
Subcommittee held a hearing that showed just how easily Federal computer systems
could be penetrated by hackers. At that hearing, we saw first hand just how
easily a team of 20-something "ethical hackers" could, in minutes,
hack into government computers, crack passwords, and escalate their privileges
to allow them to get control of entire computer networks.
Today’s hearing
continues our investigation into Federal computer security and highlights the
results of the Committee’s review of the Health Care Financing Administration,
or HCFA. Like Chairman Greenwood, I am pleased to learn that HCFA has been doing
a better job than many other agencies in working to address computer security
vulnerabilities. But HCFA is an agency that must do better than
most agencies.
The security of the
Medicare claims system is a matter that HCFA and all of us must take very
seriously -- for it is one of the most critical Federal assets, containing vast
amounts of personally identifiable private medical information. And there is no
doubt that HCFA can and must do better in this area. This hearing will explore
the very real security vulnerabilities that face HCFA, and the serious
management challenges the agency must address in order to properly secure the
computer networks that make the Medicare claims system work.
Let me highlight
just one of these issues, namely HCFA’s failure to conduct sufficient
oversight and testing of its Medicare contractors and the contractors such as
IBM and AT&T that provide critical network services to HCFA. I share
Chairman Greenwood’s concerns that HCFA has not been aggressive enough in
pushing these contractors to allow independent tests of their systems. In an
area as sensitive as this one, we simply cannot take their assurances of
security at face value -- not because they are incompetent or deceptive, but
simply because they may not be as secure as they would like to think.
I want to strongly
encourage the agency to go further in this area, not just with respect to its
contractors’ networks, but also its own. Without rigorous, independent
testing, we simply cannot assure the American people that their private medical
information is indeed protected.
Finally, I want to
congratulate Chairman Greenwood for the clear successes this investigation
already has produced in terms of pressing the Department and HCFA to make
certain improvements to the management of security at HCFA prior to this hearing
today.
I look forward to the testimony
from our witnesses today, and continuing to work with HCFA and this Committee as
it works to address these concerns.
|
