INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from the Los Angeles Times
The raging Getty fire has licked the edges of the Getty Center campus and threatens to encroach on the tram arrival platform, but the art and archives are safe, the museum said.
As water-dropping helicopters buzzed above the center Monday, Lisa Lapin, the museum’s vice president of communications, said she was on site with Getty President James Cuno, Chief Operating Officer Steven A. Olsen and security and facilities personnel. They had not been asked to evacuate, Lapin said, and they didn’t expect that to happen.
The museum’s emergency plans do not call for evacuating art. When the Getty Center opened, the buildings and grounds had been designed as the safest place for the collection in the event of a disaster.
A 1-million-gallon reserve water tank is on site. At about 2 a.m., the museum began using that water to irrigate the property, Lapin said.
Brush is cleared regularly, and plants with the highest water content are planted closest to the buildings, Lapin said. She also noted the museum’s travertine and metal exterior.
The deleterious effects of air pollution on the art is the main concern, but the museum’s sophisticated air filtration system is doing its job just fine, the museum said. The system works something like a reverse air conditioner, forcing filtered air through the galleries while maintaining the necessary temperature and humidity levels. With the buildings are closed, no doors open to let in polluted air.
This Getty Center closed because of a raging wildfire in December 2017, but that blaze burned on the other side of the 405 Freeway. Although the flames came closer Monday, the museum said it was safe.
“We really are OK,” Lapin reiterated. “Our vistas will be a little bit different. It will look different to the north and the west.”
The biggest concern, Lapin said, was the museum’s neighbors.
“Some have lost their homes,” she said, “and that is tragic.”
Lapin said the Getty Center in Brentwood and the Getty Villa in Pacific Palisades will remain closed Tuesday to allow emergency responders the space they need.
“We are safe, the fire is largely knocked down, but there are still hot spots,” Lapin said in a follow-up email midafternoon Monday. “Fire crews are using Getty Center as a staging area, a rest area, and a logistics base to view the fire and make operations decisions.”
The Getty fire is a wind-driven brush fire that erupted about 1:30 a.m. along the 405. It spread south and west and quickly consumed more than 500 acres. About 10,000 structures have been placed under mandatory evacuation orders. The evacuation zone includes Mulholland Drive on the northern side, the 405 on the east, Sunset Boulevard on the south and Temescal Canyon Road on the west.
The Skirball Cultural Center, which sits a few miles north of the Getty Center, said it was not threatened by the fire but was closing until further notice because of poor air quality and road closures.
See Original Post
Reposted from Small Business Trends
A survey conducted by GetApp reports 43% of employees do not get regular data security training while 8% have never received any training at all. The report highlights the level of exposure businesses have towards cyberattacks such as ransomware.
This comes as cybersecurity remains one of the most challenging issues for small business owners. Small businesses bear 43% of the brunt of cyber-attacks, opening them up to huge liabilities. This includes business closure. Of those attacked, 60% will go out of business within six months.
Web-based attacks, social engineering and general malware are often the top three culprits of cyber-attacks among small businesses. As the techniques to exploit cybersecurity vulnerabilities continue to evolve and become more sophisticated, businesses need to bolster their security.
Among the areas where employees are routinely targeted include social engineering, the art of manipulating someone into divulging secret information. Through phishing attacks, hackers use social media and research to strike up a relationship with employees. They then exploit this relationship to gain their trust with the goal of eventually stealing the information they need. For example, getting a password might allow them to infiltrate a company’s cybersecurity architecture.
Very often unsuspecting employees are duped into providing scammers access to sensitive company data. Scammers typically investigate an individual or organization before carrying out attacks such as spear phishing or business email compromise (BEC). Phishing is the practice of sending e-mails appearing to come from a well-known organization asking recipients information such as credit card numbers, account numbers, or passwords.
However, only 27 % of companies provide social engineering awareness training for their employees according to the survey. And almost 75% of businesses are vulnerable, thus endangering customers’ records, employee data, intellectual property and more.
It goes without saying there is an urgent need for more robust cybersecurity.
Small businesses are as much of a cyberattack target as large enterprises. But investing in enterprise cybersecurity alone is not going to cut it. small businesses need to invest in regular training for their employees in order to fully address this threat. This will help in adding yet another layer of protection for the company’s sensitive data.
For this reason, it is important to assess the knowledge of your employees when it comes to cybersecurity. This is because more often than not, employees are the soft targets that scammers use to access your organization. With employees connected to the internet round the clock, businesses are more vulnerable than ever to attacks.
You can ensure your company and the people who work for you are up to date by regularly carrying out audits.
You probably conduct a number of audits of your business to make sure you are on the right track. But in today’s digital ecosystem, it should also include the audit of your current cybersecurity policies.
A strong audit goes a long way in assessing the vulnerability of your business to cyberattacks. The audit can assess password policies, employees’ knowledge of phishing techniques, and adherence to security policies, to name but a few of the issues it can address.
Once the audit highlights the gaps, companies can bolster their security by providing tailored courses to address security issues. Moreover, training materials and learning management system software are available that are easy to use for small businesses.
Reposted from KTUL Tulsa
More than one week out before constitutional carry takes effect in Oklahoma and the Philbrook Museum of Art has announced that they will continue to instate their no guns policy.
"It's a policy we've had for years," said Director Scott Stulen. "A lot of our guest don't feel comfortable with it. So, it's for the betterment of all our guest. We have highly trained security that's all over the museum to make sure the property and everyone who comes is safe."
The Philbrook is a private institution, which means they can make their own restrictions.
"We're not a government institution, we're completely legal in doing this," said Stulen.
"The Philbrook absolutely has the right to say what goes on in their private place of business," said Tulsa Attorney, Mitchell Garrett.
There's a section of the law under business rights that states, 'A property owner, tenant, employer, place of worship or business entity may prohibit any person from carrying a concealed or unconcealed firearm on the property. I the building or property is open to the public, the property owner, tenant, employer, place of worship or business entity shall post sins on or about the property stating such prohibition.'
This means the museum will not face any legal issues in keeping their existing no gun policy.
"I just encourage citizens before they exercise their right for constitutional carry, to read the law and understand the law," said Garret. "Understand where it's allowed and where it's not allowed."
So, while Oklahoma is gun-friendly there are still places like the Philbrook that are not.
If you come to the Philbrook with a gun, they just ask that you keep in your car in the parking lot.
Reposted from Military Times
Veterans hunting for jobs may have thought “Hire Military Heroes” was just another jobs website that would help them find employment.
But in reality, the site prompted users to download an app containing malicious malware that would allow the attacker to access a plethora of information, according to cybersecurity researchers at Cisco Talos.
“The attacker retrieves information such as the date, time and drivers. The attacker can then see information on the system, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, the list of the account, etc.,” Cisco Talos said in a blog post in September about the malware.
“This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks,” Cisco Talos added.
The phony site shared a similar URL to the site “Hiring Our Heroes,” an employment site the U.S. Chamber of Commerce Foundation launched.
According to the security intelligence and research group, an actor called Tortoiseshell was responsible for the attack — the same actor Symantec identified being behind attempts targeting Saudi Arabian IT providers.
Cisco Talos and Symantec have not pointed a finger at Iran, but experts claim it’s likely Iran is the culprit. Multiple media reports also suggest the malign actor has ties to Iran.
For example, the National Guard Bureau issued a memorandum on Oct. 2 to service members instructing them to not visit the phony employment site, Stars and Stripes reported. The memorandum claimed that Iranian hackers were interested in getting into a DOD system.
“They’re targeting active service members looking for jobs with the promise of offering assistance for civilian employment once their service ends,” the memo said, according to Stars and Stripes. “The hackers are hoping one of their targets would use a DOD system to download and run the malware.”
The National Guard Bureau deferred to the Pentagon for comment when contacted by the Military Times. The Pentagon did not provide comment on the memo or whether DOD systems were compromised.
“As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning,” Elissa Smith, Department of Defense spokeswoman, said in a statement to the Military Times.
Christopher Burgess, who served with the CIA for more than 30 years, believes Iran was behind the attack because of the malware’s history targeting Saudi Arabian IT entities. In a blog post on ClearanceJobs, Burgess said the activity is “consistent with Iranian intelligence efforts given the ongoing Iran-Saudi hostilities.”
“This piece of cyberespionage was designed to compromise the owner’s machine AND allow the complete download of contents, when a [remote access trojan] piece of malware was installed,” Burgess said in an email to the Military Times. “What that permitted is to know everything the user had on their device and how they interacted with other devices. The information could be used to fill out the counterintelligence and operational mosaic of an adversary.”
Burgess also noted Iran already has some information on U.S. service members and their cyber activities, thanks to Monica Witt.
Witt, a former Air Force counterintelligence specialist who defected to Iran in 2013, was charged with espionage on behalf of Iran, according to an indictment that was unsealed in February. The indictment claims that she shared U.S. classified information with an Iranian government official and also compiled research on her former colleagues and coworkers in the U.S. Intelligence Community.
The information was then funneled into “target packages” to help Iran target the former colleagues, the indictment said.
Burgess doesn’t expect that this episode targeting service members and veterans is an isolated incident from Iran.
“They are not slouches when it comes to cyberespionage and they have shown their ability to conduct social engineering operations in the past. I would expect them to do so in the future,” Burgess said.
To prevent being targeted in future attacks, Burgess recommended veterans and others not download apps to devices — unless it’s from a trusted source.
“Do not click on links,” Burgess added. “Never share personal information with sites you have not validates. Your bank will never call, email or SMS for your account data. If something appears legit, check with the originator.”
Reposted from Fox Business
The FBI has repeatedly warned U.S. universities about visiting researchers stealing intellectual property on behalf of China.
That's according to emails reviewed by the Associated Press, which paint a picture of a nationwide effort to convince colleges to be on guard against intellectual property theft. The emails underscore the extent of U.S. concerns that universities, as recruiters of foreign talent and incubators of cutting-edge research, are particularly vulnerable targets.
"When we go to the universities, what we're trying to do is highlight the risk to them without discouraging them from welcoming the researchers and students from a country like China," Assistant Attorney General John Demers, the Justice Department's top national security official, said in an interview.
Agents have lectured at seminars, briefed administrators in campus meetings and distributed pamphlets with cautionary tales of trade secret theft.
"Existentially, we look at China as our greatest threat from an intelligence perspective, and they succeeded significantly in the last decade from stealing our best and brightest technology," said William Evanina, the U.S. government's chief counterintelligence official.
Some university officials have showed wholehearted concern, and some have worried about limiting the "free exchange of scientific knowledge."
A Chinese professor who taught at the University of Texas was charged in September with stealing state-of-the-art technology from a Silicon Valley firm while secretly employed by technology giant Huawei.
The warmings come as Chinese students continue to play a significant role on U.S. campuses.
A third of all international students in the United States are Chinese, according to the 2018 OpenDoors Report. About 363,341 students from China attended classes at American higher education institutions last year. The number of Chinese students has been increasing steadily since the 2012-13 schoolyear when the number of Chinese students in the U.S. was more than 235,000. Chinese contribute about $13 billion annually to the economy, according to NAFSA: Association of International Educators.
Reposted from Security Management
Following almost every major mass shooting in the United States, law enforcement officials methodically evaluate and repeatedly try to improve their response.
Law enforcement demonstrated this evolution after the Columbine High School shooting in 1999 that killed 13 people. Following the shooting, police changed their methodology of waiting outside the facility for the SWAT team to engage the shooter to having small units—often consisting of the first four officers to arrive on the scene—engage with the active shooter.
After 32 students and faculty members were killed in the Virginia Tech shooting in 2007, police response tactics changed again—moving from small units to solo engagement of the shooter. This response was further improved upon when law enforcement began engaging shooters and bounding overwatch to detect explosive devices following the San Bernardino, California, shooting in 2015 that left 14 people dead.
Most recently, law enforcement began stressing the importance of a unified command to assist in saving lives after a gunman opened fire at Pulse nightclub in Orlando, Florida, killing 49 people.
The trend to attempt to fix responses after failure has been no different for civilian responses to active shooters and, most notability, for the single-option, traditional lockdown response, which recommends individuals get into a room, lock the door, turn off the lights, move away from the door and windows, hide behind available objects, stay quiet, and wait for the police to arrive.
For example, after the failure of traditional lockdown at Columbine High School, the condition that everyone needed to be in a room for lockdowns to work was added to the response. When traditional lockdown failed at Sandy Hook Elementary School in Newtown, Connecticut, the response recognized that the placement of the locks on the door was an important factor that must be considered. Most recently, in the aftermath of the shooting at Marjory Stoneman Douglas High School in Parkland, Florida, the failure of traditional lockdown is being attributed by some to a lack of lines on the floor that identify the hard corner where people can hide, and new responses are evolving to include the proper marking of these corners. However, none of these solutions make allowances for the fluidity of active shooter events nor do they recognize the decision-making capabilities possessed by those who find themselves in the midst of such an event.
In 2000, when Greg Crane developed a multi-option response for active shooter events, he followed a well-recognized model pioneered by the fire services from more than a century earlier. Fire services realized that no one response was appropriate for all incidents involving a fire. Thus, training options were developed based on fire’s ability to move and the understanding that one or more of the responses might not be available or appropriate for the circumstances. Based on this knowledge, Crane saw a need that was not being met by the single-option traditional lockdown response in active shooter events and surmised the response was increasing casualties. As a result, he developed ALICE (Alert, Lockdown, Inform, Counter, and Evacuate) Training.
In the same way fire services trained and provided options for individuals to use based on proximity to the fire, Crane created a multi-option response that used information based on the location of the shooter to determine how individuals may want to respond. For example, just as fire safety instructs individuals—if possible—to leave a facility if it is on fire, Crane’s ALICE Training also provides the option to evacuate a building—if able to—in an active shooter incident.
If individuals are unable to evacuate in a fire, fire officials inform people to get low to the ground, close the door, and put something under the door to create a barricade between themselves and the fire and smoke. ALICE Training also recognizes there are instances when evacuation is not possible and suggests people lockdown and barricade with available environmental objects—desks, chairs, or tables—to prevent contact with the active shooter.
Finally, fire services recognize that someone may catch on fire and recommend people Stop, Drop, and Roll, countering the fire. Crane similarly acknowledges that in active shooter incidents someone may come face-to-face with a gunman. ALICE Training addresses this by having an option to counter the gunman by throwing objects or swarming the shooter to survive.
In both fire safety and ALICE Training, the dynamics and ever-changing nature of the incident are recognized. By providing individuals with multiple options, neither the fire service nor ALICE would guarantee that there will be no injuries and everyone will survive. Rather, giving people options to choose their response instills knowledge and confidence and, arguably, may increase their likelihood of survival.
While there have been two competing paradigms to civilian active shooter responses for almost 20 years, no empirically sound studies were conducted on the effectiveness of either the single-option, traditional lockdown or multi-option responses to active shooters. Some individuals assert that the single-option, traditional lockdown is well researched and a proven best practice. But there is no solid empirical evidence to validate these claims, and there is anecdotal evidence to suggest otherwise.
This dialogue changed in December 2018 when the authors’ study “One Size Does Not Fit All: Traditional Lockdown Versus Multi-Option Responses to School Shootings” was published in the Journal of School Violence. The article, to the authors’ knowledge, is the first peer-reviewed study to examine the differences in time to resolution and survivability between traditional lockdown and multi-option responses to active shooter incidents.
Using live simulations with AirSoft guns in both classrooms and large open areas such as cafeterias, libraries, and hallways, the study ethically and safely recreated a mass shooting incident. In 13 sites across the United States, 326 individuals attending a two-day ALICE Instructor course voluntarily consented to be part of the study. These simulations were already a component of the ALICE training course. However, no one had previously surveyed individuals about their experiences and feelings during these drills.
Before any simulations were conducted, participants filled out a survey to collect their basic demographic information and feelings about mass shootings. Then, after each simulation, they were asked to report the number of times they were shot and the actions they took in response to the shooting.
When all simulations were finished, participants completed a final post-test survey. To mitigate potential confirmation bias of the researchers, all participants self-reported their answers on each of the surveys. Additionally, the individuals who were chosen to be the gunman in each simulation were not affiliated with nor invested in the ALICE Training Institute.
For each simulation, the gunman was armed with two AirSoft guns and stopped shooting when one of the following occurred: five minutes elapsed, which was based on the fact that 70 percent of active shooting incidents ended in five minutes or less; the gunman ran out of ammunition, similar to what occurred in the shooting at Marshall County High School in 2018; participants incapacitated the gunman; all participants evacuated the area; or all participants successfully barricaded and the gunman was unable to engage further targets.
The study results showed statistically significant decreases in the percent of individuals shot using the multi-option response over traditional lockdown. Across the 13 sites, 74 percent of participants who used traditional lockdown in a classroom were shot. But only 25 percent of participants who used the multi-option response were shot. When traditional lockdown was used in a large open area, 68 percent of the subjects were shot; this dropped to 11 percent when multi-option responses were used. Furthermore, no demographic or situational variable gathered in the study—sex, age, occupation, SWAT training of the gunman, or use of counter technique—significantly predicted being shot, suggesting it was use of the multi-option response instead of traditional lockdown that resulted in fewer people being shot.
Additionally, the time to resolution for both the classroom and large open area simulations significantly decreased when using the multi-option response instead of traditional lockdown.
These results could have a significant influence on training and policy. A 2018 compilation of data on mass shootings, financed by the National Institute of Justice (NIJ), found that current or former students are the assailants in nine out of 10 school shootings. Thus, the vast majority of school shootings are insider attacks by individuals who know where everyone is in a facility. Single-option, traditional lockdown responses that instruct everyone to only hide in an active shooter situation are high-risk, high-liability propositions that ignore the fluidity and ever-changing nature of these events.
Jillian Peterson and James Densley, the two criminologists who developed the NIJ database on mass shooters, wrote in an article for The Conversation that “…current strategies are inadequate. If the shooter is most likely a student in the school, lockdown drills only show potential perpetrators the school’s planned response, which can be used to increase casualties.” Thus, the failure of traditional lockdown is its reliance on a one-size-fits-all approach.
Decisions and policies should be based on and driven by existing data, rather than emotional appeals to do something to keep students, staff, faculty, and other civilians safe. Competing approaches should be ethically tested and validated. But the limited evidence suggests multi-option responses that consider the dynamics of an active shooter incident, rather than single-option, traditional lockdown, have the potential to increase the survivability of those who are faced with such an encounter.
These same arguments can apply to commerce settings, which make up the largest percentage (42 percent) of active shooter events according to the FBI’s report on active shooting incidents in the United States. In 58 percent of active shooter incidents between 2000 and 2017, the gunman was an employee, a former employee, or related to someone inside the facility—meaning the individual had insider knowledge of the location.
Many employees and patrons, however, are only trained in traditional lockdown, which instructs them to sit on the floor, be quiet, not move, and wait for the police to arrive to the scene. Once again, this tactic is the single-option, traditional lockdown response that expects the shooter to be unaware of which rooms have people in them—which is not the case in more than half of these incidents.
The failure of lockdown drills in locations such as Sandy Hook Elementary and Marjory Stoneman Douglas High Schools, both of which conducted traditional lockdown training shortly before their respective incidents, draws an unflattering light on this type of response to active shooters. Arguments about security measures, arming teachers, the presence or absence of school resource officers, automatic lockdown procedures, door locks, and even where tape should be on the floors for people to hide behind have gripped the national discourse on what to do in response to such events. What is consistent, however, is that most of the focus is placed on the failure to properly implement lockdown or the application failure of the lockdown (blaming the people) rather than on the fact that the single-option, traditional lockdown failed (blaming the tactic).
In light of new research, it is apparent that the tendency to blame people is misguided and a serious examination of the tactics we use to train civilians to survive an active shooter event is necessary.
One argument for retaining the single-option traditional lockdown response is that it takes very little time to train people. Individuals are told to turn off the lights, lock and move away from doors, hide under or behind objects, and to remain quiet. Individuals are instructed to pretend they are not there and to wait for the police to respond, even though they are likely in a building where people are in almost every room. Add to the equation an insider threat—a person who works or goes to school in that building, who already knows where people are most likely hiding—and the effectiveness of this response breaks down with life-threatening results.
It is common knowledge that for training to be effective, one must prepare for the event as if it is going to happen—in a realistic and safe way. Just as people have practiced from a young age how to respond to fires, they should practice how to respond to an active shooter. The trainers must be safety-conscious professionals. In addition, for active shooters, the response should not require any fine motor skills of participants such as weapons takeaways or fighting tactics because these skills decrease in periods of high stress.
Training should be conducted with everyone, be age-appropriate, and be presented in a way that increases feelings of empowerment and confidence, rather than feelings of fear and anxiety—just as it is done in other crisis situations like fire, tornado, and Stranger Danger. It should be kinesthetic with every option being trained. Finally, the training must be consistently delivered, practiced, and conducted on a continual basis. It should also parallel that of fire safety, where schools are required to conduct fire drills on a routine basis.
While anecdotal evidence and the limited empirical research show that when people are trained in multi-option responses lives can potentially be saved, not everyone supports this type of training.
Unfortunately, because of the frequent failure of traditional lockdown tactics and the large numbers of casualties, a general fear of active threats has arisen. As a result, some are suggesting drills could be contributing to this fear and that they should not be conducted. However, there are many instances where training and drills have saved lives.
Rather than focusing on failed lockdown incidents, the focus should be shifted to locations where multi-option responses succeeded. Noblesville, Indiana; Mattoon, Illinois; and West Liberty-Salem, Ohio, are all locations where multi-option responses saved lives. However, very few people have heard of these incidents. At both Noblesville West Middle School and Mattoon High School, a teacher subdued the gunman; no one was killed in either incident with three injured between the two schools. At West Liberty-Salem High School, students and teachers barricaded their classrooms and evacuated the building. One student was injured. These success stories get little notoriety from the media and are typically only known by the professionals in the field.
And, while there are no guarantees that all lives will be saved, multi-option response use from anecdotal evidence and the limited empirical evidence suggests that this response could reduce the amount of time a threat is active in a building and mitigate the number of casualties. In this regard, more methodologically rigorous, peer-reviewed research is needed. Studies that evaluate the psychological impact that drills have on their participants, including children, should be conducted. Utilizing evidence-based civilian active shooter responses should be a top priority. Future lives depend on it.
Reposted from BizTech Magazine
Art and cultural property crime account for billions in losses each year — the threat of theft is serious enough that the FBI established its rapid-deployment Art Crime Team in 2004.
Despite federal funds and forces on the job, however, stealing fine art remains “relatively easy,” according to Insurance Journal. Just 1.5 percent of all thefts end in successful recovery of objects and prosecution of the perpetrators.
In fact, the biggest problem faced by these cultural criminals is selling their ill-gotten gain: Art scholar Noah Charney notes that while “people assume that they’ll find criminal art collectors,” this is fantastically unlikely because “we have very few historical examples — maybe a dozen to 20 who fit the bill.”
The result? Museums lack the advanced access controls capable of limiting larceny and warding off would-be criminals.
According to Security Baron, museum defense relies on redundancy — layering multiple protective processes, each equally able to safeguard artifacts. These often include physical guard patrols and wireless security cameras paired with newer technologies such as vibration sensors and motion detection devices.
The Security Committee of the American Alliance of Museums also recommends securing staff ID cards by leveraging both card scanners and PIN-based card readers to ensure only authorized employees can access storage collection areas.
WHY CONVENTIONAL MUSEUM SECURITY IS INADEQUATE
The critical failing of current security measures? They’re naturally reactive.
While security guards, burglar alarms and laser systems force thieves to act quickly, these tools rarely prevent crime from occurring. Consider prolific art thief Stéphane Breitwieser, who robbed hundreds of museums to amass his contraband collection. With simple observation of museum security practices, a willing accomplice and slightly-too-large jacket, he was able to successfully steal treasured works across the globe.
Central to this issue is the paradox of experience. If art is too well protected — behind walls and fences in tiny metal rooms — viewer experience suffers. But allowing a broader experience introduces risk and forces museums to become reactive.
New technologies offer a way to improve museum access control and reduce the risk of theft. But these solutions require a deployment approach that combines the static science of current defense with the art of human interaction — the notion that intrinsic behavior and characteristics, rather than overt indications of criminality, are the best indicators of potential pilfering.
Potential defensive controls include:
Museums house national treasures and cultural artifacts — but are often at increased risk of theft. New access control and monitoring solutions offer the potential to leverage science in defense of art.
Reposted from TechCrunch
One of the most senior officials tasked with protecting U.S. critical infrastructure says that the lack of security professionals in the U.S. is one of the leading threats to national cybersecurity.
Speaking at TechCrunch Disrupt SF, Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said that the agency was making training for new cybersecurity professionals a priority.
“It’s a national security risk that we don’t have the talent regardless of whether it’s in the government or the private sector,” said Manfra. “We have a massive shortage that is expected that will grow larger.”
Homeland Security is already responding, working on developing curriculum for potential developers as soon as they hit the school system. “We spend a lot of time invested in K-12 curriculum,” she said.
The agency is also looking to take a page from the the tech industry’s playbook and developing a new workforce training program that’s modeled after how to recruit and retain individuals.
For Manfra, it’s important that the tech community and the government agencies tasked with protecting the nation’s critical assets work more closely together, and the best way to do that is to encourage a revolving door between cybersecurity agencies and technology companies. That may raise the hackles of privacy experts and private companies, given the friction between what private companies wish to protect and what governments wish were exposed — through things like backdoors — but Manfra says close collaboration is critical.
Manfra envisions that government will pay for scholarships for cybersecurity professionals who will spend three to five years in government before moving into the private sector. “It builds a community of people with shared experience [and] in security we’re all trying to do the same things,” she said.
Priorities for Homeland Security are driving down the cost of technologies so that the most vulnerable institutions like states, municipalities and townships or the private companies that are tasked with maintaining public infrastructure — that don’t have the same money to spend as the federal government — can protect themselves.
“When you think about a lot of these institutions that are the targets of nation sates… a lot of them have resources at their disposal and many of them do not,” said Manfra. “[So] how do we work with the market to build more secure solutions — particularly with industrial control systems.”
The public also has a role to play, she said. Because it’s not just the actual technological infrastructure that enemies of the U.S. are trying to target, but the overall faith in American institutions — as the Russian attempt to meddle in the 2016 election revealed.
“It’s also about building a more resilient and aware public,” said Manfra. “And adversaries have learned how they can manipulate the trust in these institutions.”
Reposted from Securitas Security Services, USA
Personal security awareness is essential in uncertain times. Awareness is a choice. One must choose to pay attention. Routine tasks often become just that: routine. Maintaining operative situational awareness requires real effort. Take time to focus on your responsibilities and your surroundings, even those that are most familiar. Additionally, try to avoid things that lock your focus, such as your cellphone. Things that lock your focus prevent you from maintaining active awareness. By making situational awareness part of your workday, you can reduce risks and help improve the safety of your work environment.
Be Aware of Your Surroundings
Situational awareness is a human experience defined as knowing and understanding what is happening around you, predicting how it will change with time, and being in tune with the dynamics of your environment. We practice situational awareness every day—when crossing the street, driving our cars, and making dinner in our kitchens. Situational awareness is knowing what is going on around you and staying vigilant to any changes or threats. All employees are encouraged to practice situational awareness, by always being alert to their surroundings, and to use their experience, training, and skills to assess their workplace environment on an on-going basis.
In an Emergency
In an emergency, you should always follow company security policies and protocols. Your workplace should have an emergency response plan in place, and it should include fire drills, severe weather drills, “shelter- in-place” and lockdown drills. Familiarize yourself with your company’s emergency exit plans and site evacuation alarm system. Learn the types of action plans and the response expected from employees for different types of incidents. For example, the action required for a reported fire may be different from that for a bomb threat. Find out
if there is a rally point outside the building for emergencies requiring evacuation. If there is a rally point, it is recommended that an evacuation drill be practiced annually to make sure everyone knows what to do and where to go if confronted with an emergency.
Education is key. Learn what to do in the event of an emergency before there is one. Make sure you understand the plan of action for different circumstances in your workplace for yourself and others. Lack of knowledge is not an excuse for poor job performance.
All employees should educate themselves about any potential hazards that their environment or actions can pose to themselves or others. Ensure that you are up-to- date with the systems, processes, and procedures of your work environment, and that you feel confident about what to do in any situation. Make sure your workplace has an Emergency Plan and ensure everyone knows what they is expected in an emergency. Develop a notification system.
Use the SLAM technique:
Prioritizing in an Emergency
In an emergency, life safety is always the first priority. Your emergency plan should also have protective actions for life safety.
Protective actions for life safety include:
The second priority is the stabilization of the incident. As in any emergency, one of the keys to your safety is to remain calm. Be prepared, try to keep calm, and act quickly based on your training.
For more information on this and other security related topics, visit the Securitas Safety Awareness Knowledge Center at: http://www.securitasinc.com/en/knowledge-center/security-and-safety-awareness-tips
Reposted from ArtNet News
The Mona Lisa‘s home has gotten a makeover.
The Louvre’s most famous painting was reinstalled in its longtime gallery in the museum’s Salle des États overnight on Monday. The Leonardo da Vinci masterpiece had been on a staycation in another room, the Galerie Médicis, for a rocky two months while her permanent residence underwent renovations.
The gallery now looks quite a bit different than it did before the Mona Lisa left. The walls have been repainted in midnight blue, a color that complements Leonardo’s famous painting better than the previous yellow tone. The painting has also been given a brand new vitrine so that visitors can get an even clearer view than before.
Mona Lisa‘s brief sojourn outside the gallery wreaked havoc on the museum. When the painting was relocated to its temporary display in July, tour guides reported two-hour waits with long lines forming outside the gallery’s single entrance. As chaos mounted, ticketed visitors without reserved time slots were turned away from the museum.
To avoid a similar crush of people and smart phones in the renovated gallery, the Louvre has introduced a new crowd-control system, implementing two single-file lines leading up to the work during crowded periods.
“There will be two serpentine lines that will allow the audience to get as close as possible to the work, and for everyone to have a special moment with the Mona Lisa,” a Louvre staffer told the French publication Europe 1, explaining that, on average, a visitor stays in front of the work for 50 seconds. The new system will particularly help children and people with reduced mobility, who represent 18 percent of visitors, according to a statement from the museum.
In other crowd-control efforts, the museum also plans to implement a new timed ticketing policy later this month. The decision was made in advance of the Louvre’s highly anticipated blockbuster exhibition celebrating the 500th anniversary of Leonardo da Vinci’s death, which opens on October 24.
The new ticketing policy “allows a better flow of visitors and is key to a more comfortable visit,” Louvre officials told the Art Newspaper. Exactly how the new ticketing system will work, however, remains unclear. Reservations will need to be made online, but the museum has not determined whether all visitors will need them, or just the ones visiting the special exhibition. Within the first 30 hours of the tickets going on sale in June, the public purchased 33,500 advanced tickets, straining the website servers.
The Louvre, the world’s most visited museum, hit a record 10.2 million guests last year. Museum security went on strike in May, citing the increased admissions and shrinking staff size as the cause for deteriorating work conditions. Their demands included a cap on visitor numbers, which currently range from 30,000 to 50,000 people each day. Union members are reportedly considering striking again.
And these aren’t the only changes underway at the Paris museum. This week, it is also opening a new conservation and storage center in Liévin, two hours north of Paris. As Louvre director Jean-Luc Martinez oversees a rehang of the collection—that’s why the Mona Lisa gallery was being repainted—he will move some 250,000 objects from the institution’s holdings to the new facility by 2023. Currently, reports TAN, the Louvre storerooms are located in a flood-risk zone.
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 1999 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us