This Obamacare contractor doesn’t take security seriously. That needs to change.

[Commentary] The congressional hearing on Obamacare's faulty Web site gave CGI and the other federal contractors a chance to explain themselves. Instead, we saw a lot of finger-pointing and blame-shifting.

One particularly egregious moment had QSSI Executive Vice President Andy Slavitt downplaying his company's responsibility for securing the information in his system. "Our systems don't hold data," he quibbled. "They just transport data through it." "You don't have to hold it to protect it," Rep. Mike Rogers (R-MI) fired back. In Slavitt's defense, data security may not have been an explicit feature of QSSI's federal contract. But the fact that he thought this dodge would fly says a lot about executives who work with some of the nation's most sensitive digital infrastructure. They just aren't equipped to understand the weaknesses that make their systems vulnerable to cyberattacks.