Posted on 11/12/2013 11:19:52 AM PST by JerseyanExile
Remember Tony Trenkle?
“[CMS Chief Information Officer]Tony [Trenkle] made a decision that he was going to move to the private sector and that is what our COO announced yesterday,” said a spokesman for the Centers for Medicare and Medicaid Services, who refused to comment whether Trenkle had been pushed out due to frustrations over the agency’s online woes.
Why was he pushed out? Initially he seemed to be a Scapegoat. But Administrations usually publicize Scapegoats -- after all, the whole point is to claim all the problems were due to the Scapegoat, and then ritually slaughter him to expiate one's sins.
But they handled Tony Trenkle's firing/resignation very quietly.
Why?
Sharyl Attkisson reported on a possible reason.
CBS News has learned that Trenkle, the Chief Information Officer for the Centers for Medicare and Medicaid Services (CMS), was originally supposed to sign off on security for the glitch-ridden website before its Oct. 1 launch, but didn't. Instead, the authorization on September 27 was given by Trenkle's boss, CMS administrator Marilyn Tavenner.As CBS News reported Monday, security assessments fell behind and the website never had the required top-to-bottom tests.
Trenkle and two other CMS officials, including Chief Operating Officer Michelle Snyder, signed an unusual "risk acknowledgement" saying that the agency's mitigation plan for rigorous monitoring and ongoing tests did "not reduce the (security) risk to the ... system itself going into operation on October 1, 2013."
But his boss, Marilyn Tavenner, certified the site as "secure" anyway.
Well that's not quite right -- what she did was certify it as belonging to the nonsensical category of secure for the interim, meaning they're going to keep checking security and working on security issues... which means it wasn't secure. And federal protocols (and maybe laws, I don't know) demand that any government site be certified as secure, not certified as "We're working on that."
But Healthcare.gov was certified as "We're working on that" as far as security and the Administration launched anyway.
Now, why did Tavenner sign the certification, rather than the man actually required to sign it? Well the Administration dealt with this question by, get this, lying:
Wednesday, an HHS spokesman said that the reason Tavenner, not Trenkle, signed the security authorization is because HealthCare.gov is "a high-profile project and CMS felt it warranted having the administrator sign the authority to operate memo."
No that's not why, Ms. Tavenner. The reason is that that the man charged with certifying the site as secure flat-out refused to do so -- possibly fearing a perjury charge for signing a false document.
Tony Trenkle then left the Administration-- and no one will say if he was fired, or he chose to resign on his own, and why.
Allah became pretty interested in Mr. Trenkle.
Memo to Darrell Issa: Subpoena this man.
And now comes this memo, which stated that the security risks in Healthcare.gov were "limitless."
The author of that memo? Tony Trenkle, the man who was either fired or chose to resign due to the Administration's demand he certify a dangerously insecure site as secure.
Did Chao lie to the committee about not having seen the Sept. 3 memo before or was there a deliberate effort within CMS to withhold the extent of the site’s problems from supervisors like him so that they’d greenlight it for launch as scheduled? If the latter, who’s responsible? As it turns out, the memo was written by — ta da — Tony Trenkle, lead tech officer for Healthcare.gov who left last week under mysteriously vague circumstances. As CBS reported, Trenkle himself never signed off on security for the site in September; it was his boss, Marilyn Tavenner, who signed the authorization, supposedly because she thought that a project this big should carry the John Hancock of the head of CMS. Is that the truth, or did Trenkle refuse to sign because he knew the site’s security was a travesty and couldn’t in good conscience authorize launching it? The fact that he wrote such a dire memo about “limitless” risk suggests that he knew the extent of the problem — and yet, if you believe Chao, that information somehow never made its way to the project manager. Why? Why are there so many unorthodox procedures related to approval of the site’s security here? Did Tavenner, at least, see Trenkle’s memo before she authorized the launch or was it withheld from her too? If she did see it, why didn’t she tell Obama and Sebelius that security was too weak to justify rolling it out now?
Allah's done a great job as a blogger in seeing this Trenkle business as a major story early. Now it becomes an even bigger one. (Sharyl Attkisson, of course, is the reporter here; but for me, personally, Allah highlighted the find.)
As he said: Subpoena his man. Based on the flow of information to Issa and Attkisson, I'm going to speculate that this man is interested in talking.
Not the first IT guy who was forced out because his boss wanted something certified as secure, but he could not in good conscience do it.
Glad to see we still have them out there.
precisely....
I would hire him as CFO. He proves he can handle pressure.
When the Kool-Aid drinkers have taken over the leadership, shining the cold light of reality on their folly usually gets you a trip the the exit door. ‘Tis the same in every field of endeavor.
“category of secure for the interim, meaning” ... it’s secure until anyone actually uses it.
I worked with Tony Trenkle years ago. He’s a good man and I am not surprised he refused. Very honest man and you could always trust him. I wish him well.
“made a decision that he was going to move to the private sector”
The part that really bothers me is he will land a $200K+ plush job somewhere while there are others that cannot find a job in the Obamaconomy.
He’s lucky he didn’t get Fosterized.
Not sure why this would bother you. He has a highly useful skill set. In addition, he’s clearly got a conscience and has no compunction about being honest or principled. He knew the risk when he refused to sign the memo. My guess is that they wanted to fire him, but that he has a strong case against them so publicly scapegoating him would net a nasty, publicly aired lawsuit. Could you imagine the scene? He’s in court rattling-off the list of security flaws he refused to “certify” while Anonymous bashes away at the web-site? So I’m guessing they gave him a couple of months of pay and said go find something nice. This guy clearly deserves a private-sector job.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
