Menu
Log in


INTERNATIONAL FOUNDATION FOR
CULTURAL PROPERTY PROTECTION

Log in

News


<< First  < Prev   1   2   3   4   5   ...   Next >  Last >> 
  • March 27, 2024 6:58 AM | Rob Layne (Administrator)

    Emergent Threats and Strategic Hardening Tactics

    presented by Dr. Jenni Hesterman, Colonel, US Air Force (retired) 

    Dr. Hesterman's presentation will give up-to-the-minute information regarding emergent terrorist and criminal threats. She will unveil the 9 things we're doing wrong in security in 2024 and offer unique hardening tactics for soft target venues and events.   

    Dr. Hesterman is the principal investigator on a new project entitled Soft Target-Specific Standards: Current Challenges and Future Implications for the National Counterterrorism Innovation, Technology, and Education Center (NCITE), a DHS Security Center of Excellence at the University of Nebraska, Omaha. This research addresses the absence of specific security standards for soft targets such as cultural properties, entertainment, sports and other public venues. While general security standards provide a foundational framework, the unique characteristics and vulnerabilities of these locations and events may call for context-specific measures for the most effective protection. While onsite, Dr. Hesterman will speak with conference attendees to gather information for this work. We are excited to support NCITE's research on this topic of importance to our community! 

    Dr. Jennifer Hesterman is a retired Air Force colonel who served in three Pentagon tours and in multiple command positions in the field. Her last assignment was Vice Commander at Andrews Air Force Base, Maryland, where she led installation security, including the protection of Air Force One. She is the recipient of the Legion of Merit, the Meritorious Service medal with 5 oak leaf clusters and the Global War on Terrorism Service medal.

    After her military retirement in 2007, Dr. Hesterman worked as a cleared contractor in Washington, DC performing operational research on international and domestic terrorist organizations, transnational threats, organized crime, human, drug and weapon trafficking, and the terrorist and criminal exploitation of the Internet. She was recently security lead on a 3-year contract to develop an assessment tool and deploy security best practices within the Department of Transportation. In addition to providing vulnerability assessments for critical infrastructure, houses of worship, schools, shopping venues, credit unions, airports, stadiums and businesses, Dr. Hesterman designs and instructs graduate level security courses for the Defense Counterintelligence and Security Agency, Department of Defense. She advises the Homeland Security Training Institute at the College of DuPage in Chicago; the Crisis Response Journal and two DHS Security Centers of Excellence, the National Counterterrorism Innovation, Technology, and Education Center (NCITE) at University of Nebraska and Soft-target Engineering to Neutralize the Threat Reality (SENTRY) at Northeastern University. Dr. Hesterman is an expert witness and conducts forensic security vulnerability assessments to support legal proceedings.

    She holds a doctoral degree from Benedictine University, Master of Science degrees from Johns Hopkins University and Air University, and a Bachelor of Science degree from Penn State University. She was a National Defense Fellow at the Center for Strategic and International Studies in Washington, D.C. where she studied the terror-crime nexus; her resulting book, Transnational Crime and the Criminal-Terrorist Nexus, won the Air Force Research Award for 2004. She is a 2006 alumnus of the Harvard Senior Executive Fellows program and was a senior fellow at the Center for Cyber and Homeland Security at George Washington University from 2016-2018.

    An academic author for the Taylor & Francis Group, Dr. Hesterman’s book Soft Target Hardening: Protecting People from Attack was the ASIS Security Industry Book of the Year for 2015. The second edition was the ASIS Security Industry Book of the Year for 2019, and the Social Sciences Book of the Year for Taylor & Francis. She also authored Soft Target Crisis Management (2016) and The Terrorist-Criminal Nexus (2013), as well as 33 journal and magazine articles.

    Dr. Hesterman is a sought after public speaker, with over 90 keynote, guest speaking and training events in the U.S. and abroad for ASIS, FBI, DHS, DoD, state and local law enforcement, Fortune 10 companies, Major League Baseball, and numerous associations.

  • March 22, 2024 3:24 PM | Anonymous

    Reposted from Charles Schwab

    Scams are growing in number and in sophistication. One way involves using spoofed websites – clever imitations designed to resemble legitimate businesses, including financial institutions. To spoof a website, bad actors purchase "sponsored links” to fake sites which appear at the top of search results. Their goal is to boost their site’s visibility and lure unsuspecting users into clicking on them. These deceptive sites can pose serious risks by exposing consumers to potential malware, identity theft, and financial loss.

    Not to worry! We’re here to arm you with knowledge so you can recognize spoofed websites and steer clear of them.

    See Original Post

  • March 22, 2024 3:16 PM | Anonymous

    Reposted from Tim Richardson

    I’d like to propose a post!”
    Yes, I said those embarrassing words in front of dozens of people at my grandparents 50th wedding anniversary.
    Then there were the words I said the time that my future wife invited me to attend her final sorority party (which was our first date).
    What’s the matter, you couldn’t find a date?”
    It’s a wonder she said yes when I asked her out for a second date!
    The chances are high that you are also haunted by the memory of saying something really stupid.
    I can think of a lot of embarrassing and utterly ridiculous things that have left my mouth. I have kept a list of my worst verbal slip ups in my mind for many years.
    Sometimes the price we pay for saying or doing something stupid could simply result in momentary embarrassment. However, the stakes could be higher than that. Ill-advised words could lose a customer. Poor word choices could prevent us from closing the sale. Our insensitive words could result in damaging a friendship or alienating a family member or co-worker.
    Stupid words lose elections, end marriages, stifle careers, and start wars. 
    But let’s turn things around—what are the best words you’ve ever said? Words that were exactly right for the situation. Words that brought positivity, encouragement, and life. Words that began friendships and romances, stirred imaginations, and cast visions of future success.
     If you are like me, you probably have a hard time remembering your best words.
    Why is it that we remember our spoken mistakes better than our spoken successes?  It’s because we tend to focus on our mistakes, the things we do poorly, like when we fall flat on our face, or say the wrong thing. It’s human nature and we all keep our mistakes and poor decisions in our memory.
    I’d like to propose (not protose) that we all start keeping a list of our best words to counter the negative thoughts that lurk in our brains.
    Words are important. The worst words are important to avoid saying again, learn from, and then forget.
    The best words are important enough to remember, to celebrate, and repeat.

    See Original Post

  • March 22, 2024 2:42 PM | Anonymous

    Reposted from Museums Association


    If improving cyber security was not already a priority for cultural
    institutions, it has surely jumped to the top of everyone’s to-do lists
    following last year’s cyber-attack on the British Library. The fallout is still being felt as library staff try to restore online and in-person services that were curtailed by the October incident. The organization is also having to deal with a damaged reputation and the ongoing costs associated with addressing the issue. There was some good news in January when the library managed to get its main catalogue back online. It was also able to offer access to most of its special collections for the first time since the attack. *Far-reaching implications* “What happened to us in October has implications for the whole collections sector,” wrote chief executive Roly Keating in a blog on the British Library’s website. “In the months ahead, we will begin to share the lessons we’ve learned from this experience with partners and peer institutions.”
    The British Library is a high-profile institution with a global reputation, but those who think that smaller organizations are less likely to suffer cyber-attacks should think again. A devastating cyber-attack on Hackney Museum in October 2020 received farless publicity. The museum was affected only because it is part of a larger organization, the London Borough of Hackney, but the attack had
    far-reaching consequences that still affect all areas of its work. Rebecca Odell, project curator at Hackney Museum, says: “As museums, we create business continuity and emergency salvage plans for use if our venue burns down and collections are destroyed – and we refer to the experience of our cyber-attack as a digital building burning down. "Everything has changed, but there are no ruins that people can see to understand the trauma of what we have experienced and the years it will take to recover. Cyber-attacks change everything, except the expectations of stakeholders and the public.” *‘An everyday hazard’* Odell has a stark warning: “Unfortunately, attacks need to be considered an everyday hazard, and museums need to look beyond prevention to mitigating
    the damage. We would like to see more leadership in the sector and the
    creation of a template for digital salvage plans to protect collections,
    assets and research.” Hackney Museum is not the only UK museum to have been hit. In the winter of2021-22, the Royal Armories was attacked, and its collections management system was down for three months. When it got back online, the museum discovered that the hackers had accessed its back-ups and deleted eight months’ worth of data. Staff are still working on recovering the lost data.
     
    Several museums in the US – including MFA Boston, the Rubin Museum of Art
    in New York and the Crystal Bridges Museum of American Art in Arkansas –
    experienced problems recently after a cyber-attack on third-party tech
    company Gallery Systems.
    *Growing problem* The problem is clearly growing –and cyber-attacks are costly and time-consuming to sort out. A Financial Times report claimed the British Library will have to spend up to £7m (or 40% of its £16.4m unallocated
    reserves) to recover from the cyber-attack. The British Library says media reports about the cost of recovering from the cyber-attack are inaccurate. “The final costs of recovering from the recent cyber-attack are still not confirmed,” a statement reads. “The British Library and its government sponsor, the Department for Culture, Media and Sport, remain in close and regular contact. The library always maintains its own financial reserve to help address unexpected issues and no bids for additional funding have been made at this stage.” Whatever the final costs to the British Library, it won’t be cheap.  So, what can museums and other cultural institutions do to better understand how a hack can happen, what measures they can take to reduce the chances of one occurring, and how they might recover if they do suffer one.
     
    The good news is that help and advice are available. The British Library
    has received support from the National Cyber Security Centre, which offers
    a cybersecurity guide for charities. This aims to help smaller
    organizations improve cybersecurity quickly and inexpensively. Mike Ellis, co-director of consultancy Thirty8 Digital, says backing update is crucial, although he does sound a note of caution: “Even if you’ve got a great back-up regime, and you test regularly to make sure you actually can restore, because of the nature of these attacks, you have no idea whether you’re restoring a compromised back-up,” he says. *Compromising usability* Ellis also points out that there is always going to be a compromise between usability and security. “If you’ve got full access to all websites, install whatever software you want on your computer and so on, life is easy,” he says. “But the
    compromise is you’re very much more likely to bump into something nasty.
    “On the other hand, if you’re locked down and can’t do any of these things, you’ll spend a lot of your life being annoyed that you can’t do what you
    need to do – but at least you’re secure. Somewhere in the middle of this is
    a context that balances correctly for you and your organization. But it is
    always going to be a compromise.” Ellis says it is important for organizations to sort out their approaches to passwords – something that is often ignored.
     
    “Few museums have a solid password strategy, in large part because it’s
    quite hard to maintain passwords across staff working at several machines,
    in several locations and different contexts. “The default becomes ‘just use that same old password we have for everything’ – and before you know it, you’re compromised. Some education needs to happen, as I don’t think many non-nerds understand how hackers move passwords around or publish them on the web. The negative impact of
    having a single password, however strong, for all things is not well
    understood.” But in a sector with limited funding that uses lots of freelance workers and volunteers, creating a robust password management strategy isn’t straightforward. Indeed, nothing associated with cybersecurity is
    straightforward. Nevertheless, all cultural organizations should act now to protect themselves from attacks and plan what to do if their security is
    compromised. Backing up your data All charities, regardless of their nature and size, should make regular back-ups of their important data, and should ensure that these back-ups can be restored.
     
    By doing this, you are ensuring your charity can still function following
    the impact of flood, fire, physical damage or theft. Furthermore, if you
    have back-ups of your data that you can recover quickly, your charity will
    be more resilient to cybercrime.

    See Original Post

  • March 22, 2024 2:33 PM | Anonymous

    Reposted from CISA

    On Wednesday, March 27, we are hosting a special CISA Live! – Celebrating Women in National Security LinkedIn Live as we close out Women’s History Month with two women making history! CISA Director Jen Easterly and Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger come together to highlight the achievements of women in the national security sector and share personal insights on their career paths.  Don’t miss your chance to engage in a live Q&A session with these two extraordinary leaders. This is one event you won’t want to miss!  Join us on March 27 at 12 pm ET with your questions—and feel free to share this invite with others who may be interested.

    Register today! CISA Live! – Celebrating Women in National Security.

    See Original Post


  • March 22, 2024 2:28 PM | Anonymous

    Reposted from Art Sentry

    The 2024 outlook leaves little doubt that for many museums, it’s not a matter of whether protest activity will occur at their site but when. Here are some things to consider in preparing your museum to address these kinds of incidents safely:

    • Train security not to allow protesters to publicize activities. Clear galleries to limit what is being filmed/posted so that real or perceived danger to the museum’s collection cannot become a hook to generate publicity.

    • Press charges when necessary, so that future protest/activist groups understand the consequences of behaving unsafely or causing harm. 

    • Coordinate your response plan with local police and other cultural properties in your area. Coordinate internally with staff responsible for security, visitor services, accessibility, collections care, and communications. A unified approach is the safest and strongest. 

    • Do not attempt to arrest or physically remove protesters. Wait for the police. 

    When museums are caught up in the currents of civil unrest, awareness and proper preparation can minimize any negative impacts without hindering their mission of engaging with their community. 

    See Original Post

  • March 22, 2024 2:21 PM | Anonymous

    Reposted from Tim Richardson

    Four years ago this week, our world crumbled. The threat of COVID-19 changed everything. Entire industries, including travel and conferences suffered tremendous setbacks. The weeks and months after the pandemic were difficult for everyone. My business of speaking to businesses and organizations grinded to a temporary halt. Helping organizations perform better is what brings me purpose and joy. I have helped thousands of employees and hundreds of organizations improve their performance. But during the pandemic, I couldn’t do that. So I slipped into a dark place. I didn’t use my time well. I was the host of a few pity parties thrown just for me. I had serious reservations about my speaking future. For a brief moment, I even wondered what I might do if the speaking profession never rebounded. One day I was scanning my professional speaking association’s Facebook page and saw a post by a speaker I did not know. He wanted to host a weekly Zoom call for speakers to help each other navigate the challenging times we faced. The purpose was to hold each other accountable for making calls and to support and encourage each other. Needing some inspiration and accountability, I joined. Every Monday, six of us met online to talk about what we had accomplished the week before. We discussed new business ideas, we shared what books we were reading, and we challenged each other to continue moving forward. More than three years later we continue to meet via Zoom to encourage and sharpen each other. We have all grown by providing honest feedback and helpful advice. We look forward to our regular times together and continue to build upon the foundations which brought us together. While mastermind groups are a powerful way to grow your business, there are many types of groups that meet to hold each other accountable or learn together.

    For the last five years, my wife has been meeting with a group of women to encourage each other and to help each other with spiritual growth and development. She gets great value out of their meetings and likes having the support of close friends. Katherine Johnson, a NASA mathematician and the inspiration for the movie “The Hidden Figures” regularly met with other black woman who made major contributions to the United States space program. Henry Ford, Harvey Firestone, Thomas Edison, Dr. Alexis Carrel, Charles Lindbergh, and a young man named Jim Newton met over many years to support each other in their business and career endeavors. Lincoln had his team of rivals consisting of cabinet members with vastly different political views – even foes – who challenged and advised him during our nation’s most troubling times. Jesus had 12 disciplines whom he met with and traveled with to spread Christianity to the world.
    Nearly every successful businessperson or professional speaker that I know surrounds themselves with others to help them be better at what they do. I am grateful today, on National Professional Speakers Day, to share my gratitude and appreciation for the many speakers I have shared with and learned from over a long career. The accountability and support I had received through meeting with other business professionals and professional speakers has been life and career changing. Don’t miss out on the power of participating in an accountability or study group to help you grow as well.

    See Original Post
  • March 22, 2024 1:44 PM | Anonymous

    Reposted from EMR-ISAC

    As machine learning models are “moving AI into its industrial age,” there will be “potentially huge economic impacts for both winners and followers and unintended consequences, from rampant deepfakes and misinformation to the development of AI-generated computer viruses or new chemical weapons,” the U.S. intelligence community warned in its annual threat assessment published Monday.

    The annual report notes that China “remains the most persistent cyber threat to U.S. Government, private sector, and critical infrastructure networks” and that Beijing has carried out a years-long effort to infiltrate key critical infrastructure networks around the United States. American spies assess that activity, which is widely tracked as Volt Typhoon, aims to give China the ability to disrupt communications between the United States and China in the event of a military conflict.

    Iran may attempt to interfere as well, perhaps building on a 2020 operation that saw an Iran-linked group access voter data and target some voters with phony emails purporting to be from the right-wing group known as the Proud Boys. The group behind that operation has “evolved their activities and developed a new set of techniques, combining cyber and influence capabilities,” that it could use in 2024, according to the report.

    See Original Post


  • March 22, 2024 1:38 PM | Anonymous

    Reposted from EME-ISAC

    Jan. 21 ransomware attack on a Bucks County, Pennsylvania, computer-aided dispatch (CAD) system caused the temporary loss of automated services that were powered by the CAD system. Some critical functions typically provided by CAD systems include prioritizing and recording calls and locating and dispatching responders in the field. More recently, a Feb. 22 AT&T outage impacted FirstNet, the nationwide broadband network dedicated to first responders and public safety. The outage prompted the FirstNet Authority to form an After-Action Task Force to strengthen FirstNet’s preparedness for future outages. These two recent incidents are reminders of how important it is for emergency services agencies to have backup systems and processes in place in the event of a communications system outage, whether due to a cyberattack or other non-intentional cause. Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) released two resources for emergency services agencies’ communications and cyber resiliency: 

    (1) CISA updated its Public Safety Communications and Cyber Resiliency Toolkit with six new guidance documents that will help public safety agencies establish resiliency measures for their communications systems. One foundational guidance document in this Toolkit that is particularly relevant in light of recent incidents is Leveraging the Primary, Alternate, Contingency, Emergency (PACE) Plan in an Emergency Communications Ecosystem, by the National Council of Statewide Interoperability Coordinators (NCSWIC). PACE planning follows a simple and practical framework to help an organization prepare for backup communications capabilities in a wide variety of out-of-the-ordinary situations.

    (2) CISA, SAFECOM and NCSWIC just launched a new 911 Cybersecurity Resource Hub. This one-stop shop compiles cybersecurity resources to make it easy for emergency communications centers (ECCs) to report a cyber incident, find real-world case studies, access cybersecurity education and training opportunities, and learn about best practices to identify and protect networks from cyberattacks. CISA, SAFECOM, and NCSWIC worked collaboratively with state and local public safety and emergency communications stakeholders to develop this interactive website.

    See Original Post


  • March 22, 2024 1:23 PM | Anonymous

    Reposted from EMR-ISAC

    More than 2 in 5 ransomware attacks reported to the FBI in 2023 targeted organizations in a critical infrastructure sector, the agency said Thursday in its annual Internet Crime ReportOf the 2,825 ransomware attacks reported to the FBI last year, 1,193 hit critical infrastructure organizations. The proportion of ransomware attacks hitting critical infrastructure grew from one-third of attacks reported to the FBI in 2022. Losses reported from ransomware attacks jumped 74% to almost $60 million last year. Ransomware attacks were also up 18% from the previous year.

    See Original Post
<< First  < Prev   1   2   3   4   5   ...   Next >  Last >> 
  
 

1305 Krameria, Unit H-129, Denver, CO  80220  Local: 303.322.9667
Copyright © 2015 - 2018 International Foundation for Cultural Property Protection.  All Rights Reserved