Reposted from CISA

As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have demonstrated the importance of hardening email and identity infrastructure, enabling key security capabilities such as logging, and enhancing the security of underlying cloud environments. The Administration’s Executive Order 14028 has accelerated cross-government efforts to advance cloud security practices, implement encryption and multifactor authentication, and enhance operational visibility and logging on federal government networks.  

Earlier this year, CISA worked with a dozen federal agencies to apply the Secure Cloud Business Applications (SCuBA) secure configuration baselines for Microsoft 365 (M365) across agency enterprises. Using our ScubaGear assessment tool, agency practitioners implemented advanced protections and configured cloud environments to better safeguard sensitive information and secure government services against sophisticated threat actors. Though the Microsoft-specific baselines were developed collaboratively with the Federal Chief Information Officers Council to provide necessary security enhancements for most federal cloud business applications, we quickly identified that more was needed. 

Today, CISA takes another step forward by releasing the SCuBA project’s Google Workspace (GWS) secure configuration baselines along with our new assessment tool, ScubaGoggles. Developed in close collaboration with Google, these materials are specifically designed to assist federal agencies with securing GWS environments and leveraging native security capabilities to enhance an organization’s overall cyber posture. However, every organization, public and private, can benefit from the security recommendations and best practices outlined in the GWS Baselines and should consider whether their current baseline requires enhancements in light of the evolving cyber threat environment.

CISA requests public comment on the GWS baselines and the ScubaGoggles tool to help ensure our products enable necessary security improvements to keep pace with evolving technologies while considering the challenging cyber threat environment. CISA’s GWS Baselines draw upon the success, lessons learned, and expertise gained from the M365 Baselines project to apply a consistent and comprehensive approach to securing GWS cloud environments. 

Once finalized and fully implemented, the GWS baselines will reduce misconfigurations and enhance the protection of sensitive data, bolstering overall cybersecurity resilience. These baselines provide a collection of tailored security controls for nine core GWS services. They cover key GWS components, such as safeguarding collaboration on Google Meet, securing data stored in Gmail or protecting sensitive information in Google Drive and Docs. 

The publication of the GWS and M365 Baselines will further CISA’s mission to secure the federal IT enterprise while the also serving as a resource for all organizations leveraging the two most widely used business platforms. Users across the Federal Government and beyond rely on these cloud-based business applications daily to communicate and store sensitive information and conduct critical business functions which is precisely why these systems remain such prime targets for malicious actors. Our goal is to help organizations secure their work, keep confidential information private, and empower cybersecurity teams to harden these environments and gain operational visibility within these cloud-based business applications.  

Along with seeking public comment from all interested stakeholders, CISA asks federal agencies to help validate and enhance the automated implementation of these SCuBA Baselines. Agencies interested in coordinating with CISA to help refine the baselines, implementation guidance, and the assessment tool should email CyberSharedServices@cisa.dhs.gov.

See Original Post

Reposted from CISA

In the fast-paced world of cybersecurity, staying ahead of threats is essential. And while security is without a doubt a priority for businesses of all sizes, it is easy to feel overwhelmed by all the information available. At CISA, we have been diligently developing a solution aimed at simplifying the way our partners and potential collaborators understand their cyber risk and prioritize their investments, ensuring they can quickly navigate this complexity with ease. Our focus has been on making the process of working with us more intuitive and user-friendly so that every organization can spend more time meeting business goals and less time sifting through cybersecurity resources. We believe this approach will be especially helpful for smaller to medium sized stakeholders with fewer resources, who need help prioritizing actions to help them to reduce the likelihood and impact of damaging intrusions.

In early 2024, we look forward to launching a new way for organizations to understand their cyber risk and receive targeted, straightforward guidance built around our Cybersecurity Performance Goals. This new tool is called Ready.Set.Cyber. While we’re not quite ready to unveil all the details just yet, we are excited to share a glimpse of what’s on the horizon.

ReadySetCyber will simplify the process of incorporating cybersecurity into your organization’s business decisions, regardless of your level of expertise or the number of IT personnel you have on staff. Instead of making cybersecurity a daunting challenge, with the ever-present question of where to invest next, prioritization decisions become a guided, step-by-step process on a user-friendly interface accessible to organizations of all sizes. By providing tailored resources and insights in a streamlined format, ReadySetCyber will empower users to align scarce resources with the most impactful cybersecurity measures for their organization.

Our approach to ReadySetCyber begins with baselining your organization’s current cybersecurity maturity, based on your input to a dynamic set of questions, then providing actionable strategies, tools, and resources to mitigate risks effectively, along with a direct connection to your regional CISA cybersecurity advisor. We plan to launch ReadySetCyber in a beta capacity, while iteratively implementing improvements over time, using your valuable feedback as our guide. The questions for ReadySetCyber will be submitted for public comment before the end of the year, setting it up for public use in early 2024. This approach will help ensure we are not providing a one-size-fits-all solution, but rather tailoring our application to suit your unique needs.

ReadySetCyber is about leveling the playing field and enabling our wide variety of partners to make measurably effective risk reduction investments. Our aim is to simplify and streamline access to the right information, ensuring that every organization can make informed decisions to enhance their digital security. With ReadySetCyber, users will be able to provide feedback on their experience, enabling us in return to refine and enhance our application in a collaborative way. We are committed to listening to input and allowing it to shape ReadySetCyber into a capability that genuinely meets the needs of those who use it.

The information we received from our request for information that closed October 10 will greatly help us refine and establish this new capability. We are excited to bring you an application that not only offers a tailored bundle of actions and tools for your organization but a capability that will evolve based on your needs and feedback. Watch this space for more updates and details about ReadySetCyber’s beta launch and how we can work together to elevate your organization’s digital security, one step at a time.

See Original Post

Reposted from Artnet News

Activists with the climate change awareness group Extinction Rebellion protested at the American Museum of Natural History and the Solomon R. Guggenheim Museum, staging a “speak-out” and “die-in” at the former on November 18 and unfurling banners at the latter on November 19. The 13 activists were arrested by the New York Police Department. In an emailed statement, the police said that protests began around 4:30 p.m. and ended around 9:15 p.m. on Saturday. A spokesperson for the department did indicate how many were arrested at each museum. At the AMNH, protestors laid down on the floor, in front of the reconstructed Tyrannosaurus Rex skeleton in the museum’s lobby, for over an hour to urge climate justice. 

See Original Post

Reposted from Art Sentry

Museums naturally want to ensure their pieces are guarded when they are loaned to other facilities. They often stipulate that each gallery – and sometimes specific individual pieces – be continuously monitored by a security guard (or even a team of guards). Unfortunately, museums that cannot afford these stringent requirements are deprived of the ability to host these high-end traveling exhibitions and the associated benefits of visitation and revenue-generating opportunities.

However, some museums have discovered how to leverage Art Sentry’s advanced security technology for a more cost-effective way to meet line-of-sight requirements, and they’ve even been able to convince lending museums to modify their loan agreements to meet their lending security standards. Art Sentry is a camera-based motion detection and alarm system that increases security in museums and galleries. The system helps prevent unwanted touches by creating an invisible protection zone around your most valuable artifacts and collection pieces. For museums seeking to host traveling exhibitions, Art Sentry provides an effective security solution.

Additionally, museums are facing an unprecedented hiring crisis that has left many facilities without a full guard force. Art Sentry fills the gap by providing a practical, cost-effective way to extend their security presence. Lending museums can rest assured knowing that interactions with their artwork are closely monitored and recorded and that guards can respond immediately if an alert is triggered. The presence of Art Sentry can even be a determining factor when a lender is deciding which museums will be approved to host an important work or show. In addition to preventing unwanted touches and extending the existing security presence, museums have other safety and security logistics to consider when hosting a traveling exhibition. Depending on the installation, several general safety factors, ranging from electrical outlets and cords to the stability of heavy displays, may bear consideration, as well as object-specific requirements for lighting, room temperatures, and humidity levels. Art Sentry can be adapted to integrate with new and existing hardware systems to accommodate all the variables that must be addressed for each exhibit. Museum security leaders, directors, curators, and boards understand that traveling exhibitions enrich communities while connecting museums to new visitors and donors. They offer glimpses into new worlds and ideas. Cost shouldn’t be prohibitive in who gets to host the best traveling exhibitions. Art Sentry is here to help you feature the traveling exhibit you’ve longed to bring to your museum.

See Original Post

Reposted from El Pais

Many techniques and strategies are being put in place to protect large museums and collections from the hazards of global warming. Sometimes it seems like the world is flooding. Other times, it’s on fire. This has been seen from Rhodes and Corfu (Greece) to Palermo and Messina (Italy) and Cascais (Portugal) or Quebec (Canada). The ground burns and, as the mercury rises, the heat puts the world’s artistic heritage in a bind. The climate emergency is descending into Dante’s inferno. In Spain, the Prado and the Reina Sofía museums are a great cause of concern. The latter is more threatened by water than by flames; a stream flows underground, and explosive cyclogeneses are unpredictable. The former has a security protocol that is not public. Some paintings are geolocated with chips. But not many; the technology is expensive. The Reina Sofía — explains restorer Manuela Gómez — writes its rules on the granite of its walls. The temperature in the exhibition areas is 20 degrees Celsius (68 Fahrenheit). A variation of ±2 is allowed. The margin is identical for humidity (50%). They have been working on a security plan for years: the rooms will have personal protective equipment (similar to that used by healthcare workers during the pandemic) and fire blankets. In addition, there will be a digital alarm system linked to the fire department; a screen will show them the problem and its location, so they can put together a strategy without delay. Because the difference between a Picasso being preserved or being destroyed can be a matter of minutes. Even seconds. The past has put the present of art on alert. The historic Hurricane Sandy, which flooded New York in 2012, fell from the sky like an omen. “Art storage facilities have been removed from flood risk areas,” explains curator Gabriel Pérez-Barreiro. Storage giants — like UOVO, which has 10 locations in the United States — are protecting themselves from a potential disaster. Its warehouses located in risky places, like the one in the Wynwood neighborhood in Miami, are built 18 feet above sea level and can withstand a category 5 hurricane (with winds of up to 70 miles per hour).

To protect itself from possible flooding, in 2024 the Louvre will move 250,000 works to its conservation center in the commune of Liévin, in the north of France, one hour from Paris by high-speed train. This might be, they say, the largest movement of pieces of art in history. It was necessary: the banks of the Seine, where the museum is located, are very vulnerable to flooding. Some of its galleries and storage rooms are practically under the river, so a flood would put hundreds of works at risk. Only an irresponsible person would jeopardize their Caravaggios, Leonardos or Goyas. Back in the U.S., despite the fact that flames already surrounded the Getty Center, in California, in October 2019, trust is the main prevention system. The Center is confident that its building (built with marble and cement and protected by steel) is capable of withstanding fire; even its extensive green area, with systematically pruned oak trees, would act as a retardant if a fire breaks out, the institution maintains. Nobody wants to lose their assets. The Helen Frankenthaler Foundation, in New York, has created the most ambitious private program in the country’s artistic history (with a budget of $10 million) to confront — through subsidies — the climate crisis. The Museum of Modern Art in New York (MoMA) is designing a cold storage vault. The Philadelphia Museum of Art is building something unprecedented: a floating gallery on a barge on the Delaware River. And the Museum of Contemporary Art in Los Angeles, is tapping into funds from the Frankenthaler Climate Initiative. Who wants to slow dance in a burning room?

See Original Post

Reposted from New York Times

A worker at the Deutsches Museum in Munich stole paintings from the collection, replaced them with rough forgeries, then sold the originals at auction, according to the judgment of a court in the city this month. The thief used the proceeds to finance a luxurious lifestyle, the judge said. The worker, who is identified in court documents by the initials S.K., in keeping with German privacy law, was convicted of stealing four paintings by early-20th-century German artists from storerooms over nearly two years and avoiding detection by replacing the artworks with copies. He then sold three of the pieces at auction; the fourth failed to find a buyer. Judge Erlacher of the district court in Munich sentenced the man to a commuted prison term of one year and nine months and ordered him to repay the roughly $63,000 he got from the sale. The thief’s evident remorse and willingness to work with the court were given as a reason for the lenient sentence. He was 23 or 24 years old when he was hired as a technical employee of the museum, in May 2016, according to court documents. He left the museum’s employ in 2018. “The accused shamelessly exploited the access to the storage rooms in his employer’s buildings and sold valuable cultural assets in order to secure an exclusive standard of living for himself and to show off with it,” according to the written judgment.

The Deutsches Museum specializes in scientific and technical displays and does not exhibit art. However, that does not stop private collectors and foundations from bequeathing their art collections to it, Sabine Pelgjer, a museum spokeswoman, explained. The museum’s assets include hundreds of pieces of often valuable art that remain in storage. The museum noticed something was wrong when an in-house appraiser went to check one of the paintings, “The Frog Prince Fairy Tale” by Franz von Stuck, for an unrelated reason and noticed that the canvas on his workbench was not a precise match with its catalog entry. “In the end it was pretty easy to recognize as a forgery,” Pelgjer said. The museum then went through its art inventory and found three other counterfeit pieces. The thief sold the von Stuck piece through a Munich auction house, giving it a new name and claiming that he had inherited it from his great-grandparents. The painting sold for €70,000 to a buyer from Switzerland. Two other paintings, by Eduard von Grützner and Franz von Defregger, sold for considerably less: €7,000 and €4,490.50. The fourth painting — “Dirndl,” also by von Defregger — did not sell, which prompted the man to take it to a second auction house and eventually lower the initial bidding price to €3,000, but it still did not attract a buyer. It remains unclear whether the thief made the forgeries himself.

The case has echoes of another scandal that transfixed the museum world this summer. At the British Museum in London, a tip-off that a curator was selling stolen collection items on eBay snowballed into a crisis for the institution and led to its director’s stepping down. During the brief trial in Munich on Sept. 11, the thief told the judge that he was surprised how easy it had been to steal the paintings. Noting that the man had to submit to a criminal record check when he was hired, Pelgjer, the museum spokeswoman, said, “We actually do have pretty secure facilities, but when it is one of your own employees, it’s pretty hard to keep safe.”

See Original Post

Reposted from Artnet News

Nine items made from imperial Chinese porcelain believed to be worth millions were stolen from a museum in Cologne, Germany, in a brazen art heist carried out, per the museum “with great effort and violence.” It is the latest in a spree of troubling incidents on which the museum is hoping to crack down. Shao-Lan Hertel, the scientific director of Cologne’s Museum of East Asian Art, revealed the theft in a statement on the institution’s website and provided a full listing of the stolen items. Further details, such as their value, were not provided for insurance-related reasons.

The suspects, who still not have been identified, broke into the museum on the night of September 12 and stole nine Chinese porcelain objects dating from the 16th to 19th centuries. Security workers immediately notified police and nobody was injured. “The staff members of the Museum for East Asian Art are shocked and deeply consternated by the burglary. More than financial and material damage, the museum mourns a loss of intangible nature,” Hertel said in the statement. Hertel said most of the stolen objects were acquired by the museum founders Adolf and Frieda Fischer in China between 1906 and 1911, documenting the acquisitions in detail in their purchase diary. Another item was a Ming-dynasty yellow-glazed dish, which was gifted to the museum in 2015. The museum has faced security vulnerabilities this year and a crime spree it has been trying to address, Hertel noted. A failed burglary was foiled by an alarm in January and followed by another in June in which the burglars broke a window at the museum.

The museum “massively heightened” its security systems, Hertel said. Further details about the increased measures were not provided. However, German public broadcaster WDR reported the window was only repaired with a wooden panel—which is how the burglars entered in the recent heist. The only major lead in the case came from the statement of a lone security guard who said possibly two men were involved in the break-in, one of whom was wearing a backpack like a delivery driver. The security measures were decided in consultation with local police and the Department for Art and Culture of the City of Cologne. The museum is collaborating with authorities in planning how security can be further expanded and the case has been registered with Interpol. “The international dimension of the investigation corresponds to the cultural significance and financial value of the stolen property,” Hertel said. “The objects are very well documented and therefore clearly identifiable, and so it is hoped that they will eventually find their way back into the museum collection.”

Reposted from Newsweek

An American tourist has been arrested in Israel after allegedly smashing and severely damaging two Roman-era statues.  The incident occurred at the Israel Museum in Jerusalem on Thursday, according to officials. The statues date to the 2nd century C.E. and were part of the Archeology Wing's permanent exhibition. "In a severe incident [Thursday] afternoon, a tourist from the U.S. intentionally caused damage to two ancient Roman statues from the second century C.E.," a museum spokesperson said in a statement provided to Newsweek. "The museum's staff alerted the police, which is handling the matter. The damaged statues have been moved to the museum's conservation lab for professional restoration. The museum's management, which views this as a troubling and unusual event, condemns all forms of violence and hopes such incidents will not recur. "The sculptures were knocked off their pedestals and had broken into several pieces. One is a marble head of the ancient Greek goddess Athena that was discovered in 1978 in Tel Naharon, northern Israel, Haaretz reported. The head was likely once part of a larger-than-life statue that may have stood more than 8 feet in height. The other sculpture is a depiction of a griffon—a horned, winged creature with a beak and the body of a lion—holding a wheel of fate representing the Roman god, Nemesis. This artifact was discovered in the Negev desert in southern Israel in 1957.

Police said in a statement provided to Newsweek that museum security personnel detained the tourist, a 40-year-old Jewish American man before officers arrived and apprehended him. Police then questioned him, determining that he destroyed the statues because of his religious sensibilities, believing them to be "idolatrous" and contrary to the Torah. The man's lawyer, Nick Kaufman, told the Associated Press that the 40-year-old, who has yet to be named, had not acted out of religious fanaticism. Instead, Kaufman said the tourist was showing signs of "Jerusalem syndrome"—a unique psychiatric phenomenon that occurs in some tourists and pilgrims who visit the holy city, which is sacred to Jews, Christians and Muslims.

See Original Post

Reposted from Interfax-Ukraine

Kyiv municipal museums received from international partners special equipment worth EUR 215,000 as part of a joint project to protect cultural property, the press service of Kyiv City State Administration (KCSA) said on the official website on Friday. "The results of a joint project to protect cultural property of twelve municipal museums in Kyiv were discussed during a meeting with Ambassador Extraordinary and Plenipotentiary of France to Ukraine Gaël Vessières and Executive Director of the International Alliance for the Protection of Cultural Heritage in Conflict Zones (ALIPH) Valérie Frélan at the KCSA," it
said. Thanks to the financial support of ALIPH within the framework of a joint project worth EUR 215,000, special protective equipment was purchased dehumidifiers, humidifiers, fireproof safes, and cabinets. Automatic fire extinguishing systems were also partially installed.
In addition, during the meeting the question was raised about the prospects for further cooperation, in particular in protecting the national cultural heritage and cultural heritage of Kyiv.

See Original Post

Reposted from Barron's

 Six artworks stolen by the Nazis and returned recently to the heirs of th Austrian Jew who owned them will be auctioned in New York next month, Christie's said Thursday. New York authorities announced on September 20 that leading institutions that include New York's Museum of Modern Art had agreed to return seven works by the Austrian Expressionist artist Egon Schiele to the family of Fritz Grunbaum, a cabaret performer and art collector who died in the Dachau concentration camp in 1941. Three of the works -- watercolors on paper, thought to be worth up to $2.5 million each -- will be auctioned on November 9 and three others will go up two days later as part of Christie's fall auctions. The seventh work, which was returned by the Museum of Modern Art, has been acquired privately by "a prominent collector who has a demonstrated record of supporting Holocaust survivors," said Raymond Dowd, the Grunbaum heirs' New York attorney. Grunbaum's heirs had been fighting for the artworks' return for years. He owned hundreds of works of art, including more than 80 by Schiele. Schiele's works, considered "degenerate" by the Nazis, were largely auctioned or sold abroad to finance the Nazi Party, according to the Manhattan district attorney's office. Arrested by the Nazis in 1938, Grunbaum was forced while at Dachau to sign over his power of attorney to his spouse, who was then made to hand over the family's entire collection before herself being deported to a different concentration camp, in current-day Belarus. The seven works whose restitution was announced last month had reappeared on the art market after World War II, first in Switzerland and then making their way to New York. The Grunbaum heirs are pursuing other works as well.
 Last week, three Schiele drawings were seized by the Manhattan district attorney's office from the Art Institute of Chicago, the Carnegie Museums of Pittsburgh and the Allen Memorial Art Museum at Oberlin College in Ohio.

See Original Post