INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from Security Management Magazine
More than a quarter of U.S. adults say they are so stressed most days that they can’t function, according to a survey from the American Psychological Association (APA). So, what’s the source of this stress? Everything.
Nearly two in five adults (37 percent) reported that when they are stressed, they can’t bring themselves to do anything, the survey found, and around a fifth of adults reported forgetfulness (21 percent), an inability to concentrate (20 percent), and difficulty making decisions (17 percent) in the past month due to stress. For adults under the age of 35, 46 percent said they are so stressed they cannot function, and that rate is even worse for Black adults under 35—with 56 percent reporting debilitating stress levels.
Stress can be overwhelming for many people—even when they can still function through it. Adults ages 18 to 34 and 35 to 44 were more likely than older counterparts to report feeling overwhelmed by stress most days. Younger women in particular face high stress levels, with 62 percent of women ages 18 to 24 reporting they felt completely overwhelmed by stress most of the time, the APA found. Furthermore, 25 percent of U.S. adults reported that in the prior month, they often felt difficulties were piling up so high that they could be overcome, and 30 percent of adults said they were so stressed they feel numb.
“Consistent with psychological science, results from this poll revealed that when adults are feeling stressed, around three-quarters (76 percent) reported there are aspects of their lives that were negatively impacted. Specifically, their mental health (36 percent), eating habits (33 percent), physical health (32 percent), and interest in hobbies/activities (30 percent) were among the top aspects negatively impacted by stress,” according to Stress in America 2022, the APA survey. Psychological research on both humans and nonhuman animals revealed that the effects of stress on the brain, immune system, our gene expression, susceptibility to physical illness, mental illness, and subsequently on people’s ability to engage in necessary daily tasks can be long lasting, and even intergenerational.”
Stress levels are also impacting job engagement, found the Conference Board. Survey results released in October showed that a third of U.S. workers report decreased engagement, even though 82 percent say their level of effort on the job is at the same level or higher. In addition, more workers want to quit their jobs, but few are planning to do so because of fears about a looming recession.
What factors are driving these heightened stress levels? The APA singled out four key areas.
The survey found that 70 percent of U.S. adults do not think people in the government care about them, and 64 percent said they feel their rights are under attack. This sentiment is so high that 38 percent of U.S. adults have considered moving to a different country in response to the current political environment.
Specific demographic groups were more likely to feel that their rights were under attack, especially members of the LGBTQ+ community (72 percent) and adults with a disability (68 percent). Women were more likely than men to say they do not feel protected by U.S. laws (49 percent vs. 40 percent).
“Our children are going to inherit a better world than we did.” Would you agree with this statement? Most U.S. adults (62 percent) did not. In addition, 63 percent disagreed with the statement, “I feel our country is on the path to being stronger than ever.”
The future of the United States was a significant source of stress for 76 percent of adults, and 66 percent said the current political climate is a significant source of stress in their lives. Furthermore, 68 percent said this is the lowest point in U.S. history that they can remember.
Social schisms are also stressors. Among Black adults, 75 percent said the racial climate is a significant source of stress, compared to 56 percent of white adults.
Many survey respondents said that race relations (41 percent), women’s rights (38 percent), and LGBTQ+ rights (30 percent) are getting worse in America.
Money is often a stressor, and when inflation enters the arena, it exacerbates concerns, the APA found. The vast majority of U.S. adults surveyed (83 percent) said inflation is a source of stress right now, and for 55 percent of those people feeling stressed by money, finances have been a cause of fights or tension in their family, compared to 41 percent of the general population.
Adults with an annual household income of less than $50,000 were more likely than those with a household income of $50,000 or more to say the main source of stress is having enough money to pay for things in the present, such as rent or a mortgage (72 percent vs. 48 percent).
More than half of all U.S. adults surveyed (56 percent) said they or their families had to make different choices during the past month due to a lack of money.
Violence, crime, mass shootings, and gun violence are significant stressors for 75 percent of U.S. adults, especially Latinx adults (83 percent), the APA found.
Three-quarters of adults agreed that mass shootings were a significant source of stress, and women were more likely than men to say mass shootings were a stressor for them (78 percent vs. 69 percent). Women were also more likely to consider gun violence in general a significant stressor (75 percent vs. 69 percent), and Black women and Latinas were more likely to cite this.
See Original Post
Reposted from ArtNews
On Sunday, fake blood was hurled at a painting by Henri de Toulouse-Lautrec in a Berlin museum, in an incident reminiscent of recent climate protests, though officials have yet to release a motivation for the attack. The individual, who was taken into police custody, also glued themselves to the wall beside the work.
The work, titled Clown, is being examined in the Alte Nationalgalerie’s restoration workshop. The head of the Prussian Cultural Heritage Foundation, Hermann Parzinger, said in a statement that the painting was not significantly damaged.
“I am shocked by this further senseless attack on art, which in this case obviously cannot be assigned to any climate-politically active group,” he told the news agency dpa. He added that the museum staff will “continue to do everything we can to protect the art in our collections while keeping them accessible with as few barriers as possible.”
The incident seemed to share similarities with climate actions by the group Letzte Generation, which earlier this month splashed mashed potatoes across a Claude Monet painting in Postdam. Their tactics draw on protests led by the U.K.-based group Just Stop Oil, which has garnered attention because its activists have glued themselves to paintings.
Just Stop Oil protesters threw tomato soup on Vincent Van Gogh’s Sunflowers at London’s National Gallery. Last week, an activist wearing a Just Stop Oil shirt attempted to glue his head to Vermeer’s Girl with a Pearl Earring as another protestor attempted to pour red liquid over him.
The Alte Nationalgalerie incident happened on the same day that members of Letzte Generation pasted themselves to the handrails beside a dinosaur skeleton at Berlin’s Natural History Museum. The group said in a statement that, “just like the dinosaurs back then, we are threatened with climate changes that we cannot withstand. If we don’t want to see ourselves threatened with extinction, we must act now.”
The Alte Nationalgalerie is closed today for cleaning and will reopen on Tuesday. Charges for trespassing and property damage have been filed in both cases in Berlin.
Reposted from Blooloop
Hamburger Bahnhof, a contemporary art gallery in Berlin, has turned off its Dan Flavin work for the first time in 26 years in response to the energy crisis.
The neon work of art usually illuminates the facade of the museum’s building, but in a bid to save money on energy costs, Hamburger Bahnhof has turned off the lights.
The artwork, which features green and blue fluorescent tubes, has greeted guests since the gallery opened in 1996.
“It is important that we as an internationally renowned museum set an example in the current situation and make our contribution to saving scarce resources,” the institution’s co-directors Sam Bardaouil and Till Fellrath said in a joint statement.
“We hope that this difficult step for us will also inspire rethinking sustainable museumplanning in general.”
The museum’s decision comes after an announcement in July by Bettina Jarasch, Berlin’s senator for the environment, that the architectural lighting for the city’s monuments would be shut off to conserve power.
These include the Brandenburg Gate and Victory Column. The rules currently only apply to public buildings. However, private cultural organisations including Hamburger Bahnhof and the Julia Stoschek Foundation are doing the same.
“Anyone that has a public voice, whether in a small organization, or the Hamburger Bahnhof as the national gallery of contemporary art, has the responsibility to use it wisely in contributing to the general questions of the society it operates in,” Fellrath told The Art Newspaper.
“In that sense, we do see it as one of our main tasks to lead the discourse on issues of sustainability, diversity, and inclusion.”
“We are sure that many museums are asking similar questions at the moment, lastly also due the skyrocketing energy prices that will have a significant impact on cultural funding at large,” he added.
Currently, the Flavin installation is set to be switched off until the end of March 2023.
Reposted from AZ Central
Six years before a valuable Willem de Kooning painting was stolen in 1985, the director of the University of Arizona Museum of Art warned that security needed to be beefed up at the small museum.
But university administrators, who have since retired, didn't act on those warnings, according to memos obtained by The Arizona Republic as part of a public-records request.
Museum officials on May 8, 1979, requested that additional police officers be assigned to the building, cautioning that:
"The museum's good fortune in avoiding major theft or vandalism so far is strictly a matter of luck," the memo said. "As the art museum becomes better known, this luck will quickly dissipate."
"Woman-Ochre" is now back at the museum after being discovered in a New Mexico estate sale in 2017. And the university is once again faced with safeguarding a treasure even more famous and more valuable than when it was stolen.
In the years the painting went missing, works by the Dutch-American artist de Kooning exploded in value. University officials are no longer publicly releasing a value, though as recently as 2015 "Woman-Ochre" was valued at up to $160 million.
$100M de Kooning painting returned:How a museum is honoring those who brought it home
The 1979 memo which was copied to then-UA President John Paul Schaefer, requested that two members of the campus security force be on duty during operating hours as a "minimal ounce of prevention."
But when the de Kooning painting was stolen in 1985, it was common to have only one University of Arizona police officer on duty at the museum, according to subsequent memos.
When the theft occurred, it was the day after Thanksgiving and only one campus security officer was present at the museum. Two student workers were on duty. But no staffer was in the second-floor gallery when "Woman-Ochre," was cut from its wooden frame. Like many small museums at the time, there was no video-camera system to capture the theft.
Museum officials acknowledged security lapses. The museum's director, Peter Bermingham, pushed university administrators for more funding for more security officers, TV cameras and gallery attendants.
In a memo written a few days after the theft, he reminded then-Provost Nils Hasselmo of "several recent conferences" about the need to improve security that had been held with "various university officials (prior to the theft)."
Failure to take action could jeopardize the museum's ability to borrow art from other museums for special exhibits, he warned, and could hurt the museum's ability to get donations.
Hasselmo initially rejected the request, citing "strapped" resources for the current year in a December 20, 1985 memo. He suggested the museum curtail hours instead. Bermingham replied that cutting back hours would have no effect on security quality during open hours.
Hasselmo later agreed to a modified proposal.
Seven months after the theft, in June 1986, the museum installed a new security system. Upgrades included a $24,000 closed-circuit television system, as well as hiring two full-time security guards and several part-timers, rather than relying on University Police.
The administrators named in the 1980s memos have long since retired; Hasselmo and Bermingham are no longer alive. Schaefer, the former university president from 1971-1982, said in a recent interview with The Republic that he didn't recall memos related to museum security.
"That was a long time ago," he said, adding he was no longer president when the 1985 theft occurred.
The "Woman-Ochre" theft remains infamous in museum security circles.
On Nov. 29, 1985, a man and a woman walked into the University of Arizona Museum of Art as the building opened.
It was a holiday week with only a few staffers on hand.
Police believe the woman distracted the single security officer while the man walked upstairs and cut the valuable de Kooning painting out of its frame. Unobserved, he rolled up the canvas, stuffed it under his winter jacket and the couple fled in a rust-colored sports car.
John Barelli, who oversaw security at New York City's Metropolitan Museum of Artfor 30 years, described the de Kooning crime as a "theft of opportunity."
"It was an opportunity and — boom — they took it," he said in a recent interview.
University police enlisted the help of the FBI and released a composite sketch of the suspects. But within months, the investigation hit a dead end.
The painting vanished for 31 years, until it was discovered in 2017 in the home of a deceased, elderly New Mexico couple in an estate sale.
When "Woman-Ochre" was recovered, the university covered the cost of installing a new camera system, said Olivia Miller, the museum's interim director and curator.
The museum increased security in preparation for the painting's return to exhibit, she said. She declined to discuss security costs but said ongoing costs, such as security staffing, are part of the museum's annual budget and are supported by a combination of funding sources, including state funding, museum endowments, and admission fees. The museum has a total annual budget of about $1 million.
She declined to discuss the increased security measures except for one detail that is visibly apparent:
"Woman-Ochre" and its original wooden frame are encased in a clear, acrylic display case using museum-quality material known as Optium Museum Acrylic.
"It might not always be in a case forever," Miller said. "But we think that just given its history, given what it's been through, given what the museum has been through, it's a step we just needed to take."
National security experts say acrylic cases, or glass, over paintings are increasingly common, especially on smaller paintings that thieves could try to smuggle out.
One of the world's most famous paintings, the "Mona Lisa," on exhibit at the Louvre Museum in Paris, is protected by bulletproof glass. The protection came in handy last summer when a man disguised as an old woman jumped out of a wheelchair and smeared cake across the glass.
More recently, climate protesters threw soup at Vincent van Gogh’s “Sunflowers” in London’s National Gallery, causing minor damage to the frame but leaving the glass-covered painting unharmed.
UA museum officials said it was important to display "Woman-Ochre" in the original wooden frame the painting was cut from in 1985. That simple frame wouldn't accommodate an insert of acrylic or glass into the frame so they had to encase both the painting and frame in acrylic.
The Republic contacted three national experts on museum security, who aren't involved in the university's security plans but are familiar with how museums safeguard their paintings.
Steve Keller, a museum security expert based in Florida, who helped write national security recommendations for museums, said the protection for paintings has changed dramatically since the 1980s. The de Kooning theft "would have been much harder to pull off" with current security technology, he said.
Brazen thefts, like the de Kooning heist, aren't common, according to Rob Layne, vice president of Layne Consultants International in Denver. But to prevent them, museums typically have a range of protections.
Here are security measures commonly used at museums today:
Video surveillance, digital video and cameras with monitoring capabilities are some of the biggest advancements in museum security. Video analytics are computer software that allows museums to monitor and analyze video surveillance. The painting and the area surrounding the painting are programmed into the software. If this image is disturbed by someone getting too close to the painting or touching it, an alarm goes off.
Barelli, the New York City security consultant, said he would place cameras in places where they were visible to visitors — to act as a deterrent against theft or vandalism— and also in locations where they weren't visible to capture any attempted vandalism or theft.
Radio-frequency identification, known as RFID technology for short, uses radio waves to keep track of paintings, sculptures or rare books. Tiny RFID tags are affixed to the art. An alarm triggers if someone moves a painting from its location.
Global Position Devices are often used when art is loaned to other museums or has to travel. A tracking device attached to the painting's wooden crate sends a satellite signal that is processed by a receiver. Museum security can see the location of the GPS device and its movements, allowing them to track the art in real-time.
GPS was used to track "Woman-Ochre" in September when the painting traveled 500 miles back to Tucson from the J. Paul Getty Museum in Los Angeles where it had been undergoing restoration. Museum officials also kept in contact by text and phone with a museum staffer who rode along with the painting in the truck. The truck was further escorted by two SUVs filled with a half-dozen officers from the U.S. Department of Homeland Security.
Security staff, visitors and volunteers are a critical part of museum security. Experts say it doesn't matter how much an organization spends on technology if the staffing structure isn't there to support it. In-house security is common at many museums. Contract security guards are brought in as supplements for special events when more people are milling through the galleries.
At an evening reception to celebrate "Woman-Ochre" on Oct. 7, The Republic counted at least four security guards — dressed in elegant suits and equipped with earpieces — in the first-floor gallery with the painting. More security guards lingered outside the gallery's entrance and exit.
At least two University of Arizona police officers were on hand in the lobby, dressed in uniforms and bulletproof vests.
On that evening, "Woman-Ochre" wasn't going anywhere.
And when the exhibit opened to the public the next day, there was an added level of protection.
"Woman-Ochre" was already behind an acrylic glass case.
Let’s be clear: physical security infrastructure is the target of many cyber criminals. IP cameras, access control systems, visitor kiosks, and related systems are by their nature attractive targets because they have compute, storage, and networking (as traditional IT systems do).
But because they are Internet of Things (IoT) devices, the solutions used to secure IT systems simply won’t work for them. Once breached, physical security systems can enable many other forms of attack on an organization, including planting ransomware, launching Distributed Denial of Service (DDoS) attacks, exfiltrating sensitive data, and potentially putting control of security systems in the hands of criminals.
Especially as the ability to create deepfakes based on real video footage becomes more sophisticated, ensuring that physical security data is untampered and suitable to be used as evidence adds to the focus on hardening physical security systems.
During the last few years, studies and industry security alerts have shown that most organizations do not sufficiently harden and protect physical security systems. Just ask yourself: Are all your camera devices on the latest and most secure version of firmware? Are your device passwords maintained and unique in accordance with your corporate policies? Are any of your devices authenticated using 802.1x certificates, or having traffic between devices encrypted using TLS/SSL certificates?
If you answered no to most of these questions, it suggests that you’re at high risk of your physical security systems being breached and exploited.
Hardening physical security systems is hard! The starting point is identifying all the devices on your network, something that many security teams struggle with because of the scale of devices, their locations, and the long-lived nature of IP cameras. Whether using an IoT security platform that can do it for you, or by using a dedicated asset discovery solution, a complete inventory will drive all efforts in hardening those systems.
Another factor that makes physical security systems more difficult to protect is the heterogenous nature of such systems. Very few organizations have just one make or model for cameras; most have several types, all with unique mechanisms for updating and securing them. Also complicating hardening devices is how they are often on isolated—or segmented—networks.
Reaching across multiple network segments to access the devices requires specialized technology, otherwise a lot of manual effort is consumed securing devices one network segment at a time.
Despite the barriers listed above, there are now more automated and purpose-built solutions to harden physical security—and in general IoT/OT—devices. The key functions of these automated systems are to:
One advantage physical security teams have in implementing more rigorous methods for hardening their devices is that those systems are the most prolific and widespread IoT/Operational Technology (OT) devices in most organizations. As IoT/OT security becomes more visible at all levels of the organization, it is an opportunity for physical security organizations to take the lead corporatewide on IoT/OT security.
Since cybersecurity is a team sport, who should your teammates be? One best practice is to form an IoT Committee within your organization, with members from the CISO/CIO staff, as well as departments that manage IoT/OT devices like manufacturing, facilities, and logistics.
Organizations who have already formed such teams have also found an important side benefit: the processes used to monitor and harden physical security systems provide important data to other parts of the organization (compliance and audit, cyber insurance negotiations, public reporting, and so forth), increasing the strategic value of the physical security team.
By 2024, more than 75 percent of CEOs will be personally liable for cyber breaches, according to predictions and analysis from Gartner. Keeping your CEO and board of directors informed and aware of the efforts to harden physical security and IoT/OT systems will help to ensure that resources are made available to be successful in preventing cyber criminals from exploiting these systems.
Finally, consider making hardening your physical security into an industry issue: engage with others in your industry who share these same problems. During the last few years, several industry-level organizations—both existing and new—have made sharing best practices and information on threats more efficient and robust.
For example, the Real Estate Cyber Consortium publishes detailed information and guidelines on hardening and securing physical security and IoT systems specific to the commercial real estate business. Check within your industry if that exists or consider forming one because the types and methods of attacks will be similar across the industry and collectively the sector will be more resilient from that effort.
Whether through deploying automated cyber hygiene and service assurance solutions, documenting and sharing best practices, or fostering internal coordination across multiple departments, now is the time to take action.
Reposted from The Observer
Two climate activists were arrested after throwing tomato soup on a Vincent Van Gogh painting hanging in London’s National Gallery and gluing themselves to the exhibit wall.
The demonstration, which took place this morning (Oct. 14), is the latest escalation in a series of protests across Europe which have art institutions rethinking security protocols and American museums worried the demonstrations may spread.
Today’s protestors targeted a glass-covered 1888 Van Gogh entitled Sunflowers, according to a statement from the National Gallery. “The room was cleared of visitors and police were called. Officers are now on the scene. There is some minor damage to the frame but the painting is unharmed,” wrote the museum, which confirmed the two demonstrators were arrested and the painting is now back on display.
The action was planned by Just Stop Oil, a U.K. climate group, and carried out by Phoebe Plummer, 21, and Anna Holland, 20. “Is art worth more than life? More than food? More than justice?” asked Plummer during the demonstration, after opening a can of Heinz soup and tossing its contents on the painting behind her.
“This is not a one-day event, this is an act of resistance against a criminal government and their genocidal death project,” reads a press release from Just Stop Oil. “Our supporters will be returning—today, tomorrow and the next day—and the next day after that—and every day until our demand is met: no new oil and gas in the U.K.”
Just Stop Oil demonstrators have glued themselves to artwork in prominent U.K. museums over the past few months, targeting London’s Courtauld Gallery and Royal Academy of Arts, in addition to museums in Glasgow and Manchester. In Italy, climate group Ultima Generazione has staged similar protests at Florence’s Uffizi Gallery and the Vatican Museums, while German environmental organizers from Letzte Generation Group struck museums in Berlin, Munich, Dresden and Frankfurt over the past month. All three climate groups are funded by the Climate Emergency Fund, a California-based fund founded in 2019 by philanthropic millionaires to support environmental activism.
“They certainly are persistent. For a while there they were just touching the frame and not doing much else, but this is getting ridiculous,” said Steve Keller, a museum security consultant whose clients include the Smithsonian and Washington D.C.’s National Gallery of Art. The escalation of protests signifies a U.S. demonstration will likely occur soon, according to Keller, who said American museums have become worried and begun formulating response plans. “I know they’re concerned,” he said.
However, U.S. museums probably won’t be willing to make any significant security changes until they are targeted, said Keller. “Museums are very slow to react on something like this.”
Implementing strengthened security protocol is a delicate balance in museums, he said. Intensified screening measures are often rejected because they make for an unfriendly environment, while barriers around high-value artwork lessen the experience for average museum-goers. Keller recalled how barriers placed around artwork at the Uffizi Galleries, which took place in the early 1990s after bombings, “totally destroyed the visitor experience.”
Museums are an ideal target for protests because of their high profile and soft security, according to Keller. “Demonstrators are not likely going to be in a situation where someone gets shot by a security guard,” he said.
Despite the fact that art institutions so far haven’t visibly implemented any new security changes in light of the protests, Keller believes this will likely change soon. “If it happens three more times, museums may change their thinking about this.”
It’s no secret that active shooter incidents are becoming increasingly common in the United States. The Federal Bureau of Investigation found that there had been a 100 percent increase in such incidents between 2016 and 2020, doubling from 20 incidents to 40.
Adding to the danger, active shooter situations unfold rapidly and pose a high risk of injury or killing. Plus, these incidents cost organizations billions of dollars annually while dramatically affecting the productivity and morale of employees.
Well-considered procedures and strategies are essential to help mitigate the risks from active shooters. Some of the most effective active shooter response strategies pertain to Run. Hide. Fight. training, physical security measures, and environmental design discouraging criminal behavior. But identifying the best technique amid chaos can be tough, with indecision possibly incapacitating stakeholders and putting employees’ lives in imminent danger.
There’s an urgent need to develop a universal set of actions to help organizational stakeholders make better decisions regarding active shooter incidents. Acting quickly and decisively can be the difference between life and death.
After a thorough analysis of four case studies, the author found that a multidimensional strategy—one that combines the strengths of different response strategies—is best for minimizing harm in active shooter incidents. This type of strategy could prevent nearly 50 percent of casualties in an active assailant incident while significantly enhancing an organization security program’s effectiveness.
While a wealth of research supports the success of one-dimensional strategies for responding to active shooter incidents, this approach isn’t entirely effective for preventing these events and minimizing loss. Additionally, most existing studies focus solely on incidents in specific locations, such as healthcare facilities, places of worship, and schools.
This limited perspective reduces the likelihood of identifying a comprehensive range of strategies that may prove helpful in these events.
Let’s assess each major active shooter response strategy in detail:
Run. Hide. Fight. The three-step training model was quick to garner recognition as of the most effective active shooter response strategies.
However, it fails to address the “freeze” response that prevents people from deciding the best course of action during an emergency. This can happen with trained individuals as well. In addition, the Run. Hide. Fight. approach is based on linear thinking. With conditions changing by the second in active shooting scenarios, victims can’t afford to evaluate their actions in a sequence.
Finally, this approach is critiqued for pushing people to act as heroes and commit to fighting the shooter. Training to attack an armed opponent takes years to master. Some believe that by including a “fight” option, you are placing people in a no-win situation where they will not survive. Conversely, some believe it reinforces a victim mindset. The criticism is that having run and hide as two options could foster people’s nonaggressive mindsets, leaving them unprepared to fight.
Physical security measures. Early warning systems, security cameras, and armed security guards significantly improve the effectiveness of an active shooter response. But organizations often face challenges when implementing these security measures in particular locations, including schools and hospitals. Besides, such security measures require large investments, which not all organizations can afford.
Additionally, some staff members in settings with ample security measures don’t use them or bypass them because of the lack of training or operation failures. This was the case at Marjory Stoneman Douglas High School, where security failed to lock a gate that later allowed the shooter unrestricted access to the campus. Additionally, there was an operational failure of the locking mechanism at Robb Elementary School in Uvalde, Texas, which again allowed the shooter unrestricted access to the school.
Environmental design. Incorporating design elements like glazed glass windows and ballistic barriers is a helpful strategy for discouraging criminal behavior and keeping active shooters at bay. Relying on this approach alone doesn’t prevent active shooter incidents or reduce casualties, though. The high cost also acts as a barrier, leaving organizations with poor design features that fail to deter active shooters.
So, what’s next? Look into multidimensional active shooter responses.
Reposted from The Washington Post
Police detained an American tourist at a Vatican museum after he disfigured two ancient Roman sculptures by hurling them to the floor, authorities said Thursday.
The man toppled the artwork on Wednesday at the Chiaramonti Museum, which is part of the Vatican Museums and home to one of the most important collections of Roman portrait busts.
Italian newspapers reported that the man grew angry because he was not allowed “to see the Pope.” A representative for the Vatican Museums told The Washington Post that his motive was unclear.
Photos shared on social media, and confirmed by the museum representative to The Post, showed the damaged busts strewn on the marble floor. One had lost part of its nose and an ear, the museum said.
A police spokesman said the 65-year-old had been in Rome for about three days and appeared to be “psychologically distressed.” He was given an aggravated property damage charge and released, the spokesman said.
The man had a paid ticket and appeared to be there alone, one of 20,000 visitors that day, Vatican Museums spokesman Matteo Alessandrini said.
“He smashed the two busts to the ground, one after the other,” Alessandrini said. Both of the toppled heads were from the ancient city of Rome, with one depicting an elderly man, and the other, a young man.
When the first hit the ground, “the loud bang echoed through the long gallery,” he said. Two Vatican police officers stationed within the museum arrived within minutes and took the man into custody.
Technicians are now working to reassemble the damaged sculptures, which had been swiftly taken to the museum’s restoration lab after the incident.
The pieces were fixable but would require 300 hours of restoration work, according to Alessandrini. “The scare was bigger than the actual damage,” he said.
Rick Steves, who runs a Europe travel business, said that although all artifacts in the museum could be considered precious, the damaged pieces were relatively insignificant.
For Steves, the downside of such incidents may also be “the loss of access to beautiful art in general.”
To avoid other incidents, the museum could choose to put more security up, as was the case after a notorious artwork assault in 1972. That year, a Hungarian geologist attacked Michelangelo’s Pietà in St. Peter’s Basilica with a hammer, damaging the Carrara marble sculpture depicting the Virgin Mary holding Jesus after the crucifixion. The statue was later repaired and put behind bulletproof glass.
“The reality is you can’t even see the Pietà from the angle Michelangelo wanted you to see it,” Steves said. “He wanted you to be up close.”
The Vatican museums, where millions of people a year flocked before the pandemic, reopened last year after coronavirus restrictions closed them or curbed opening hours.
Reposted from The Guardian
Britain’s libraries and museums are preparing to act as warm havens for people unable to afford to heat their homes in the winter months.
Ministers are being called on to provide urgent new funding so public buildings can cope with a surge in visitors during the coldest months.
The buildings will be part of a network across the country which will provide warm shelter to help reduce excess winter deaths linked to freezing conditions.
The call for support to ensure key public buildings can keep their doors open comes as organisations across the country are being confronted with vast increases in energy bills. One care homes group told the Observer that its annual energy bills are rising from £1.5m a year to £7.7m.
Alistair Brown, policy manager at the Museums Association, representing the museum sector, said: “Museums will be relied upon to respond to this crisis, but many will be struggling to heat their own spaces.
“People are beginning to understand the scale of the crisis and we don’t want to reduce the hours that museums are open.”
Catalyst Science Discovery Centre and Museum in Widnes, Cheshire, said last week that the quote for renewing its annual gas contract had risen from £9,700 to £54,362.
Isobel Hunter, chief executive of Libraries Connected, which represents the public library sector, said: “Central government should provide councils with additional funding this winter to meet rising energy costs, which would help ensure libraries stay open as vital warm refuges for their communities.”
Paul Drumm, of GLL, a charitable social enterprise that operates libraries in Greenwich in south-east London, said the borough’s libraries had already spent £28,000 on new seats and other furniture to prepare for the increase in visitors during the winter months.
He said: “We are acutely aware of the huge impact that the energy crisis will have on many living within the local community. We will be promoting our libraries as designated ‘warm spaces’ for those who can’t afford to heat their homes.”
The libraries and museums will be part of a national network of warm hubs provided by local councils, community groups and charities. South Cambridgeshire district council issued a tender earlier this month for a contract to deliver “a series of warm hubs from community buildings” to support those at risk from the cold.
Meanwhile Care England, which represents 4,500 care services, said operators were facing up to 500% increases in energy costs, with some considering reducing the number of elderly people they take from hospital wards or shutting their care homes in order to survive.
“Care services across the country will have to close this winter unless the government takes immediate action. Some providers just won’t be able to go on – they will collapse,” said Professor Martin Green, chief executive of Care England. “There is no cap on energy costs for care homes and elderly care home residents do not get any rebate from the government.”
Analysis by the consultancy BoxPower shows that care homes were paying energy costs equivalent to £700 per bed every year. But this month homes are being quoted the equivalent of £4,027 per bed for those wishing to purchase energy from October. This is an increase of around 437% in energy cost per bed in a 12-month period.
Brunelcare, which provides sheltered housing to 1,400 people and runs seven care homes in Bristol and Somerset, was forced this month to sign a new annual energy contract worth £7.7m because prices were rising by £100,000 a day. The charity was paying around £1.5m a year until last year.
“We’re in an absolutely impossible situation,” said Oona Goldsworthy, the chief executive of Brunelcare. “I’ve had one of the worst weeks ever and I’ve been through Covid so I know what hard times are like. We are being completely abandoned again.”
A government spokesperson said it had made £3.7bn of additional funding available to local authorities, which they can spend on adult social care. “No national government can control the global factors pushing up the price of energy, but we will continue to support businesses, including care homes, in navigating the months ahead,” a spokesperson said.
Headteachers say they are faced with a “double whammy” of spiralling energy bills and an increased 5% pay rise for teachers. An executive headteacher in a multi-academy trust, who oversees a number of inner city secondary schools and asked not to be named, said: “I’m already at the bare bones of support staff. We won’t replace any staff as they leave.” His schools are already rolling two classes of children together to cover temporary staff gaps.
Dan Morrow, chief executive of the Dartmoor multi-academy trust in Devon, said it was now a “race to the bottom” for schools, and the effects on children “will be profound for generations”. His trust needs to find an extra £800,000 for utility bills this year, and £900,000 for pay increases.
Amidst so much turmoil and societal change during the past few years, one core feature of humanity has remained the same: people are bad at creating strong passwords.
Despite warnings and recommendations, we still use the streets we grew up on, references to our high school mascot, phrases from our favorite movies, or the same word with a different set of numbers attached to the end for every login. The issue is a rampant one, identity management and fraud detection firm SpyCloud found in an analysis of breach exposures affecting Fortune 1000 enterprises.
“We found a 64 percent password reuse rate among Fortune 1000 email addresses in our database that have been exposed in more than one breach,” according to SpyCloud’s 2022 Fortune 1000 Identity Exposure Report. “This is four points higher than the 60 percent password reuse rate we see across our entire database, but it’s even more concerning because high password reuse is a trend we see with Fortune 1000 employees year after year.”
The researchers wrote that this trend is troubling because it means “that even their old exposures matter; criminals will use them against the employees and their enterprises for years as long as the habit remains unchanged.”
Another challenge is that the reuse of passwords is becoming an even greater point of contention for CISOs as ransomware attacks rise from exposed, reused credentials in breach records—a data set tied to an individual user in a breach that includes assets like passwords and phone numbers. Breach records associated with Fortune 1000 employees increased 18 percent year-over-year, SpyCloud found.
“The quantity of breach assets tied directly to Fortune 1000 employees grew 26 percent year-over-year to 687.23 million,” the report explained. “The five sectors with the highest year-over-year growth in breach assets are telecommunications, media, industrials, technology, and business services.”
Even when employees do not reuse passwords, the new ones are sometimes incredibly simple or obvious—especially in data sets reviewed from critical infrastructure data breaches. In four critical infrastructure sectors (aerospace and defense, chemical, energy, and industrial), company names were one of the top three to five most popular passwords.
“In far too many cases, we’re seeing as many as half of the 10 most popular passwords at a specific company containing that company’s name,” SpyCloud said.
And once these assets, including credentials, are exposed, threat actors will use them to breach an organization. In nearly 50 percent of all non-error, non-misuse breaches examined in the 2022 Verizon Data Breach Investigations Report (DBIR), threat actors used legitimate credentials to gain unauthorized access to organizations.
While some experts continue to stress the use of password managers—which create complex passwords and store them for employees—to solve this problem, other developments might quash it entirely by killing the password for most users altogether.
That effort gained momentum in the second quarter of 2022 when Apple, Google, and Microsoft committed to expanding their support for the Fast Identity Online (FIDO) standard to accelerate the availability of passwordless sign-ins.
The FIDO standard was developed by the FIDO Alliance, an open industry association that is focused on reducing reliance on passwords by promoting the development, use, and compliance with standards for authentication and device attestation. The alliance has worked to create technical specifications for open, scalable, and interoperable mechanisms for user authentication that will eventually eliminate the use of passwords.
So far, this work has resulted in the development of FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework, and FIDO2. That work is now embraced by some of the largest technology players in the world to enable—and encourage—users to take advantage of it.
“The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option,” the FIDO Alliance announced in a press release. “Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multifactor technologies such as one-time passcodes sent over SMS.”
With Apple, Google, and Microsoft’s commitments, users will be able to use two new capabilities for passwordless sign-ins. The first will let users automatically access their FIDO sign-in credentials on devices without re-enrolling their accounts. The second will let users enable FIDO authentication on their mobile devices to sign into an application or website on a nearby device, regardless of the operating system platform or browser they are using.
This works because FIDO introduced a new process that allows private keys used for authentication to synchronize across a device cloud, says Andrew Shikiar, executive director of the FIDO Alliance, in an interview at the 2022 RSA Conference in San Francisco.
“The private key is no longer on the device—it’s synced securely in a device cloud from a platform vendor, so when I go to enroll a new device on that platform, I can just show my biometric,” Shikiar explains.
Moving towards this workflow for authentication means that FIDO will be more scalable and may encourage more usability because once platform vendors implement it, users will have an easier time logging into accounts without needing to remember a password.
“Usability leads to more usage, and it can have top-line benefits,” Shikiar adds. “Security is sort of a bottom-line cost prevention—breach and theft. With better usability, you can have higher login rates so you have more commerce, more throughput, all of those things, so usability is really important.”
And implementing solutions that eliminate passwords could also reduce liability for organizations that sell products to consumers.
“Passwords lead to data breaches. They lead to account takeovers. They lead to fraud,” Shikiar says. “So, this stands to take that liability off of those organizations, off their servers and shoulders all together, and put it on to the platform providers.”
There will still be situations where organizations and users will want to use FIDO’s original security key authentication method—such as for access to intellectual property or for corporate financial management.
“Ultimately, from a security standpoint, FIDO security key will remain the gold standard of FIDO authentication in the sense that the credential will always be on that key, it won’t be synced in the cloud, and they’ll have more control over it,” Shikiar says.
After making their commitment earlier this year to implementing FIDO, Apple announced at its Worldwide Developer Conference in June 2022 that it would roll out its implementation of the new FIDO standard in the form of a Passkey. Instead of creating a password when logging into a new account, users will have the option on iOS 16 to use Touch ID or Face ID to authenticate themselves—a Passkey. Users will also be able to synchronize their Passkeys across devices by using Apple’s iCloud Keychain.
“Passkeys are a replacement for passwords that are designed to provide websites and apps a passwordless sign-in experience that is both more convenient and more secure,” Apple said in a fact sheet. “Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets. They simplify account registration for apps and websites, are easy to use, and work across all your Apple devices, and even non-Apple devices within physical proximity.”
Apple is expected to release iOS 16 in September or October 2022. Details of how Microsoft and Android will implement FIDO were not shared prior to Security Management’s press time, but Shikiar says he’s looking forward to seeing how they follow through to change the authentication experience most people have with technology.
“Passwords have the advantage of incumbency. They’re part of the fabric of the Web itself, and they’re manageable for usability in the sense that anyone can do it,” Shikiar says. “For us to uproot that, the new system needs to be just as easy and just as pervasive.”
While passwordless methodologies roll out, there are steps that organizations can take to improve their password approaches, the SpyCloud report authors said.
“To minimize exposure and safeguard data, enterprises need to enforce strong enterprise password policy with single sign-on where possible, create clear company policies on the use of business and personal devices, enforce multi-factor authentication on critical accounts, and mandate the use of password managers, as well as leverage continuous, actionable intelligence into their users’ exposure—especially in industries entrusted with a vast amount of sensitive consumer data.”
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 1999 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us
