More stolen fingerprints, an Einstein contract, an invisibility cloak and more
News and notes from around the federal IT community.
(Vectors: nrey & rudall30 / Shutterstock)
OPM: 5.6 million fingerprints stolen
The Office of Personnel Management revealed Sept. 23 that the agency's massive breach leaked five times as many fingerprints as investigators originally thought.
Initially, OPM reported that 1.1 million fingerprint sets were among the highly sensitive personal data exposed in the breach, which affected 21.5 million people. But in a Sept. 23 statement, the agency disclosed a revised figure: 5.6 million.
Officials said it's unclear what the impact might be. According to an OPM statement: "Federal experts believe that, as of now, the ability to misuse fingerprint data is limited. However, this probability could change over time as technology evolves."
OPM said an interagency working group that includes the FBI, the Department of Homeland Security, the Defense Department and the intelligence community would research ways to block hackers that might try to take advantage of the fingerprints.
Security analysts on Twitter complained that the breach could undermine biometric security, and House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-Utah) hammered OPM.
"OPM keeps getting it wrong," he said. "I have zero confidence in OPM's competence and ability to manage this crisis. OPM's IT management team is not up to the task. They have bungled this every step of the way."
An OPM spokesperson told FCW that breach victims' notifications should indicate whether fingerprints were among their stolen data.
DHS signs $1 billion Einstein deal with Raytheon
The Department of Homeland Security has awarded Raytheon a contract with a $1 billion ceiling to develop, maintain and operate DHS' Einstein cybersecurity program. The contract award was first reported by Federal News Radio.
The Development, Operations and Maintenance contract "will provide services to operate and maintain existing Einstein capabilities and will also be used to design and develop new cybersecurity capabilities for the [National Cybersecurity Protection System]," DHS spokesman S.Y. Lee said in a statement emailed to FCW on Sept. 23.
Through NCPS, which includes Einstein, "DHS prevents known or suspected cyberthreats using an integrated system of intrusion detection, analytics, information sharing and intrusion-prevention capabilities," Lee added. "These combined capabilities provide a foundation for defending the federal civilian government's information technology infrastructure against cyberthreats."
Lawrence Berkeley and the Deathly Hallows: A real invisibility cloak
Researchers at the Energy Department's Lawrence Berkeley National Laboratory and the University of California have taken up where Harry Potter left off, saying they have found a way to make tiny cloaks that could be scaled up to make large objects invisible.
The ultra-thin "skin" cloak can conform to the shape of an object and conceal it from detection with visible light. In a paper published in the journal Science, researchers said the principles and technology behind the microscopic cloak "should enable it to be scaled up to conceal macroscopic items as well."
The cloaks are based on brick-like blocks of gold nanoantennas fashioned into a skin barely 80 nanometers thick, which researchers wrapped around a 3-D object about the size of a few biological cells and arbitrarily shaped with multiple bumps and dents. The skin's surface was engineered to reroute reflected light waves, thereby rendering the object invisible.
Suffrage, centralized
The General Services Administration has unveiled a new one-stop shop for voting resources.
The vote.USA.gov website offers a streamlined, centralized connection to voter registration resources. It links would-be voters to online registration for the 23 states that offer it and provides registration information for residents of the remaining states.
Justice official: Old cyber vulnerabilities die hard
A top Justice Department official warned that companies are falling victim to old and familiar cyber vulnerabilities.
Assistant Attorney General John Carlin cited Department of Homeland Security data when he said roughly 85 percent of cyberattacks on critical infrastructure providers stem from a list of 30 vulnerabilities.
The risks include "several software vulnerabilities that were disclosed years ago, including one as far back as 2006," Carlin said in a speech to the National Cyber-Forensics and Training Alliance on Sept. 23. "This means that companies are not falling victim to new and unidentified exploits but rather to vulnerabilities that have been known for almost a decade."
In his overview of government efforts to combat cybercrime, he expressed a concern that "terrorist groups are largely experimenting with hacking, but this could serve as the foundation for developing more advanced capabilities." He also called for an international agreement on "acceptable state behavior on the Internet."
NEXT STORY: DISA cyber protection teams deployed