INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from Blooloop
Hamburger Bahnhof, a contemporary art gallery in Berlin, has turned off its Dan Flavin work for the first time in 26 years in response to the energy crisis.
The neon work of art usually illuminates the facade of the museum’s building, but in a bid to save money on energy costs, Hamburger Bahnhof has turned off the lights.
The artwork, which features green and blue fluorescent tubes, has greeted guests since the gallery opened in 1996.
“It is important that we as an internationally renowned museum set an example in the current situation and make our contribution to saving scarce resources,” the institution’s co-directors Sam Bardaouil and Till Fellrath said in a joint statement.
“We hope that this difficult step for us will also inspire rethinking sustainable museumplanning in general.”
The museum’s decision comes after an announcement in July by Bettina Jarasch, Berlin’s senator for the environment, that the architectural lighting for the city’s monuments would be shut off to conserve power.
These include the Brandenburg Gate and Victory Column. The rules currently only apply to public buildings. However, private cultural organisations including Hamburger Bahnhof and the Julia Stoschek Foundation are doing the same.
“Anyone that has a public voice, whether in a small organization, or the Hamburger Bahnhof as the national gallery of contemporary art, has the responsibility to use it wisely in contributing to the general questions of the society it operates in,” Fellrath told The Art Newspaper.
“In that sense, we do see it as one of our main tasks to lead the discourse on issues of sustainability, diversity, and inclusion.”
“We are sure that many museums are asking similar questions at the moment, lastly also due the skyrocketing energy prices that will have a significant impact on cultural funding at large,” he added.
Currently, the Flavin installation is set to be switched off until the end of March 2023.
See Original Post
Reposted from AZ Central
Six years before a valuable Willem de Kooning painting was stolen in 1985, the director of the University of Arizona Museum of Art warned that security needed to be beefed up at the small museum.
But university administrators, who have since retired, didn't act on those warnings, according to memos obtained by The Arizona Republic as part of a public-records request.
Museum officials on May 8, 1979, requested that additional police officers be assigned to the building, cautioning that:
"The museum's good fortune in avoiding major theft or vandalism so far is strictly a matter of luck," the memo said. "As the art museum becomes better known, this luck will quickly dissipate."
"Woman-Ochre" is now back at the museum after being discovered in a New Mexico estate sale in 2017. And the university is once again faced with safeguarding a treasure even more famous and more valuable than when it was stolen.
In the years the painting went missing, works by the Dutch-American artist de Kooning exploded in value. University officials are no longer publicly releasing a value, though as recently as 2015 "Woman-Ochre" was valued at up to $160 million.
$100M de Kooning painting returned:How a museum is honoring those who brought it home
The 1979 memo which was copied to then-UA President John Paul Schaefer, requested that two members of the campus security force be on duty during operating hours as a "minimal ounce of prevention."
But when the de Kooning painting was stolen in 1985, it was common to have only one University of Arizona police officer on duty at the museum, according to subsequent memos.
When the theft occurred, it was the day after Thanksgiving and only one campus security officer was present at the museum. Two student workers were on duty. But no staffer was in the second-floor gallery when "Woman-Ochre," was cut from its wooden frame. Like many small museums at the time, there was no video-camera system to capture the theft.
Museum officials acknowledged security lapses. The museum's director, Peter Bermingham, pushed university administrators for more funding for more security officers, TV cameras and gallery attendants.
In a memo written a few days after the theft, he reminded then-Provost Nils Hasselmo of "several recent conferences" about the need to improve security that had been held with "various university officials (prior to the theft)."
Failure to take action could jeopardize the museum's ability to borrow art from other museums for special exhibits, he warned, and could hurt the museum's ability to get donations.
Hasselmo initially rejected the request, citing "strapped" resources for the current year in a December 20, 1985 memo. He suggested the museum curtail hours instead. Bermingham replied that cutting back hours would have no effect on security quality during open hours.
Hasselmo later agreed to a modified proposal.
Seven months after the theft, in June 1986, the museum installed a new security system. Upgrades included a $24,000 closed-circuit television system, as well as hiring two full-time security guards and several part-timers, rather than relying on University Police.
The administrators named in the 1980s memos have long since retired; Hasselmo and Bermingham are no longer alive. Schaefer, the former university president from 1971-1982, said in a recent interview with The Republic that he didn't recall memos related to museum security.
"That was a long time ago," he said, adding he was no longer president when the 1985 theft occurred.
The "Woman-Ochre" theft remains infamous in museum security circles.
On Nov. 29, 1985, a man and a woman walked into the University of Arizona Museum of Art as the building opened.
It was a holiday week with only a few staffers on hand.
Police believe the woman distracted the single security officer while the man walked upstairs and cut the valuable de Kooning painting out of its frame. Unobserved, he rolled up the canvas, stuffed it under his winter jacket and the couple fled in a rust-colored sports car.
John Barelli, who oversaw security at New York City's Metropolitan Museum of Artfor 30 years, described the de Kooning crime as a "theft of opportunity."
"It was an opportunity and — boom — they took it," he said in a recent interview.
University police enlisted the help of the FBI and released a composite sketch of the suspects. But within months, the investigation hit a dead end.
The painting vanished for 31 years, until it was discovered in 2017 in the home of a deceased, elderly New Mexico couple in an estate sale.
When "Woman-Ochre" was recovered, the university covered the cost of installing a new camera system, said Olivia Miller, the museum's interim director and curator.
The museum increased security in preparation for the painting's return to exhibit, she said. She declined to discuss security costs but said ongoing costs, such as security staffing, are part of the museum's annual budget and are supported by a combination of funding sources, including state funding, museum endowments, and admission fees. The museum has a total annual budget of about $1 million.
She declined to discuss the increased security measures except for one detail that is visibly apparent:
"Woman-Ochre" and its original wooden frame are encased in a clear, acrylic display case using museum-quality material known as Optium Museum Acrylic.
"It might not always be in a case forever," Miller said. "But we think that just given its history, given what it's been through, given what the museum has been through, it's a step we just needed to take."
National security experts say acrylic cases, or glass, over paintings are increasingly common, especially on smaller paintings that thieves could try to smuggle out.
One of the world's most famous paintings, the "Mona Lisa," on exhibit at the Louvre Museum in Paris, is protected by bulletproof glass. The protection came in handy last summer when a man disguised as an old woman jumped out of a wheelchair and smeared cake across the glass.
More recently, climate protesters threw soup at Vincent van Gogh’s “Sunflowers” in London’s National Gallery, causing minor damage to the frame but leaving the glass-covered painting unharmed.
UA museum officials said it was important to display "Woman-Ochre" in the original wooden frame the painting was cut from in 1985. That simple frame wouldn't accommodate an insert of acrylic or glass into the frame so they had to encase both the painting and frame in acrylic.
The Republic contacted three national experts on museum security, who aren't involved in the university's security plans but are familiar with how museums safeguard their paintings.
Steve Keller, a museum security expert based in Florida, who helped write national security recommendations for museums, said the protection for paintings has changed dramatically since the 1980s. The de Kooning theft "would have been much harder to pull off" with current security technology, he said.
Brazen thefts, like the de Kooning heist, aren't common, according to Rob Layne, vice president of Layne Consultants International in Denver. But to prevent them, museums typically have a range of protections.
Here are security measures commonly used at museums today:
Video surveillance, digital video and cameras with monitoring capabilities are some of the biggest advancements in museum security. Video analytics are computer software that allows museums to monitor and analyze video surveillance. The painting and the area surrounding the painting are programmed into the software. If this image is disturbed by someone getting too close to the painting or touching it, an alarm goes off.
Barelli, the New York City security consultant, said he would place cameras in places where they were visible to visitors — to act as a deterrent against theft or vandalism— and also in locations where they weren't visible to capture any attempted vandalism or theft.
Radio-frequency identification, known as RFID technology for short, uses radio waves to keep track of paintings, sculptures or rare books. Tiny RFID tags are affixed to the art. An alarm triggers if someone moves a painting from its location.
Global Position Devices are often used when art is loaned to other museums or has to travel. A tracking device attached to the painting's wooden crate sends a satellite signal that is processed by a receiver. Museum security can see the location of the GPS device and its movements, allowing them to track the art in real-time.
GPS was used to track "Woman-Ochre" in September when the painting traveled 500 miles back to Tucson from the J. Paul Getty Museum in Los Angeles where it had been undergoing restoration. Museum officials also kept in contact by text and phone with a museum staffer who rode along with the painting in the truck. The truck was further escorted by two SUVs filled with a half-dozen officers from the U.S. Department of Homeland Security.
Security staff, visitors and volunteers are a critical part of museum security. Experts say it doesn't matter how much an organization spends on technology if the staffing structure isn't there to support it. In-house security is common at many museums. Contract security guards are brought in as supplements for special events when more people are milling through the galleries.
At an evening reception to celebrate "Woman-Ochre" on Oct. 7, The Republic counted at least four security guards — dressed in elegant suits and equipped with earpieces — in the first-floor gallery with the painting. More security guards lingered outside the gallery's entrance and exit.
At least two University of Arizona police officers were on hand in the lobby, dressed in uniforms and bulletproof vests.
On that evening, "Woman-Ochre" wasn't going anywhere.
And when the exhibit opened to the public the next day, there was an added level of protection.
"Woman-Ochre" was already behind an acrylic glass case.
Reposted from Security Management Magazine
Let’s be clear: physical security infrastructure is the target of many cyber criminals. IP cameras, access control systems, visitor kiosks, and related systems are by their nature attractive targets because they have compute, storage, and networking (as traditional IT systems do).
But because they are Internet of Things (IoT) devices, the solutions used to secure IT systems simply won’t work for them. Once breached, physical security systems can enable many other forms of attack on an organization, including planting ransomware, launching Distributed Denial of Service (DDoS) attacks, exfiltrating sensitive data, and potentially putting control of security systems in the hands of criminals.
Especially as the ability to create deepfakes based on real video footage becomes more sophisticated, ensuring that physical security data is untampered and suitable to be used as evidence adds to the focus on hardening physical security systems.
During the last few years, studies and industry security alerts have shown that most organizations do not sufficiently harden and protect physical security systems. Just ask yourself: Are all your camera devices on the latest and most secure version of firmware? Are your device passwords maintained and unique in accordance with your corporate policies? Are any of your devices authenticated using 802.1x certificates, or having traffic between devices encrypted using TLS/SSL certificates?
If you answered no to most of these questions, it suggests that you’re at high risk of your physical security systems being breached and exploited.
Hardening physical security systems is hard! The starting point is identifying all the devices on your network, something that many security teams struggle with because of the scale of devices, their locations, and the long-lived nature of IP cameras. Whether using an IoT security platform that can do it for you, or by using a dedicated asset discovery solution, a complete inventory will drive all efforts in hardening those systems.
Another factor that makes physical security systems more difficult to protect is the heterogenous nature of such systems. Very few organizations have just one make or model for cameras; most have several types, all with unique mechanisms for updating and securing them. Also complicating hardening devices is how they are often on isolated—or segmented—networks.
Reaching across multiple network segments to access the devices requires specialized technology, otherwise a lot of manual effort is consumed securing devices one network segment at a time.
Despite the barriers listed above, there are now more automated and purpose-built solutions to harden physical security—and in general IoT/OT—devices. The key functions of these automated systems are to:
One advantage physical security teams have in implementing more rigorous methods for hardening their devices is that those systems are the most prolific and widespread IoT/Operational Technology (OT) devices in most organizations. As IoT/OT security becomes more visible at all levels of the organization, it is an opportunity for physical security organizations to take the lead corporatewide on IoT/OT security.
Since cybersecurity is a team sport, who should your teammates be? One best practice is to form an IoT Committee within your organization, with members from the CISO/CIO staff, as well as departments that manage IoT/OT devices like manufacturing, facilities, and logistics.
Organizations who have already formed such teams have also found an important side benefit: the processes used to monitor and harden physical security systems provide important data to other parts of the organization (compliance and audit, cyber insurance negotiations, public reporting, and so forth), increasing the strategic value of the physical security team.
By 2024, more than 75 percent of CEOs will be personally liable for cyber breaches, according to predictions and analysis from Gartner. Keeping your CEO and board of directors informed and aware of the efforts to harden physical security and IoT/OT systems will help to ensure that resources are made available to be successful in preventing cyber criminals from exploiting these systems.
Finally, consider making hardening your physical security into an industry issue: engage with others in your industry who share these same problems. During the last few years, several industry-level organizations—both existing and new—have made sharing best practices and information on threats more efficient and robust.
For example, the Real Estate Cyber Consortium publishes detailed information and guidelines on hardening and securing physical security and IoT systems specific to the commercial real estate business. Check within your industry if that exists or consider forming one because the types and methods of attacks will be similar across the industry and collectively the sector will be more resilient from that effort.
Whether through deploying automated cyber hygiene and service assurance solutions, documenting and sharing best practices, or fostering internal coordination across multiple departments, now is the time to take action.
Reposted from The Observer
Two climate activists were arrested after throwing tomato soup on a Vincent Van Gogh painting hanging in London’s National Gallery and gluing themselves to the exhibit wall.
The demonstration, which took place this morning (Oct. 14), is the latest escalation in a series of protests across Europe which have art institutions rethinking security protocols and American museums worried the demonstrations may spread.
Today’s protestors targeted a glass-covered 1888 Van Gogh entitled Sunflowers, according to a statement from the National Gallery. “The room was cleared of visitors and police were called. Officers are now on the scene. There is some minor damage to the frame but the painting is unharmed,” wrote the museum, which confirmed the two demonstrators were arrested and the painting is now back on display.
The action was planned by Just Stop Oil, a U.K. climate group, and carried out by Phoebe Plummer, 21, and Anna Holland, 20. “Is art worth more than life? More than food? More than justice?” asked Plummer during the demonstration, after opening a can of Heinz soup and tossing its contents on the painting behind her.
“This is not a one-day event, this is an act of resistance against a criminal government and their genocidal death project,” reads a press release from Just Stop Oil. “Our supporters will be returning—today, tomorrow and the next day—and the next day after that—and every day until our demand is met: no new oil and gas in the U.K.”
Just Stop Oil demonstrators have glued themselves to artwork in prominent U.K. museums over the past few months, targeting London’s Courtauld Gallery and Royal Academy of Arts, in addition to museums in Glasgow and Manchester. In Italy, climate group Ultima Generazione has staged similar protests at Florence’s Uffizi Gallery and the Vatican Museums, while German environmental organizers from Letzte Generation Group struck museums in Berlin, Munich, Dresden and Frankfurt over the past month. All three climate groups are funded by the Climate Emergency Fund, a California-based fund founded in 2019 by philanthropic millionaires to support environmental activism.
“They certainly are persistent. For a while there they were just touching the frame and not doing much else, but this is getting ridiculous,” said Steve Keller, a museum security consultant whose clients include the Smithsonian and Washington D.C.’s National Gallery of Art. The escalation of protests signifies a U.S. demonstration will likely occur soon, according to Keller, who said American museums have become worried and begun formulating response plans. “I know they’re concerned,” he said.
However, U.S. museums probably won’t be willing to make any significant security changes until they are targeted, said Keller. “Museums are very slow to react on something like this.”
Implementing strengthened security protocol is a delicate balance in museums, he said. Intensified screening measures are often rejected because they make for an unfriendly environment, while barriers around high-value artwork lessen the experience for average museum-goers. Keller recalled how barriers placed around artwork at the Uffizi Galleries, which took place in the early 1990s after bombings, “totally destroyed the visitor experience.”
Museums are an ideal target for protests because of their high profile and soft security, according to Keller. “Demonstrators are not likely going to be in a situation where someone gets shot by a security guard,” he said.
Despite the fact that art institutions so far haven’t visibly implemented any new security changes in light of the protests, Keller believes this will likely change soon. “If it happens three more times, museums may change their thinking about this.”
It’s no secret that active shooter incidents are becoming increasingly common in the United States. The Federal Bureau of Investigation found that there had been a 100 percent increase in such incidents between 2016 and 2020, doubling from 20 incidents to 40.
Adding to the danger, active shooter situations unfold rapidly and pose a high risk of injury or killing. Plus, these incidents cost organizations billions of dollars annually while dramatically affecting the productivity and morale of employees.
Well-considered procedures and strategies are essential to help mitigate the risks from active shooters. Some of the most effective active shooter response strategies pertain to Run. Hide. Fight. training, physical security measures, and environmental design discouraging criminal behavior. But identifying the best technique amid chaos can be tough, with indecision possibly incapacitating stakeholders and putting employees’ lives in imminent danger.
There’s an urgent need to develop a universal set of actions to help organizational stakeholders make better decisions regarding active shooter incidents. Acting quickly and decisively can be the difference between life and death.
After a thorough analysis of four case studies, the author found that a multidimensional strategy—one that combines the strengths of different response strategies—is best for minimizing harm in active shooter incidents. This type of strategy could prevent nearly 50 percent of casualties in an active assailant incident while significantly enhancing an organization security program’s effectiveness.
While a wealth of research supports the success of one-dimensional strategies for responding to active shooter incidents, this approach isn’t entirely effective for preventing these events and minimizing loss. Additionally, most existing studies focus solely on incidents in specific locations, such as healthcare facilities, places of worship, and schools.
This limited perspective reduces the likelihood of identifying a comprehensive range of strategies that may prove helpful in these events.
Let’s assess each major active shooter response strategy in detail:
Run. Hide. Fight. The three-step training model was quick to garner recognition as of the most effective active shooter response strategies.
However, it fails to address the “freeze” response that prevents people from deciding the best course of action during an emergency. This can happen with trained individuals as well. In addition, the Run. Hide. Fight. approach is based on linear thinking. With conditions changing by the second in active shooting scenarios, victims can’t afford to evaluate their actions in a sequence.
Finally, this approach is critiqued for pushing people to act as heroes and commit to fighting the shooter. Training to attack an armed opponent takes years to master. Some believe that by including a “fight” option, you are placing people in a no-win situation where they will not survive. Conversely, some believe it reinforces a victim mindset. The criticism is that having run and hide as two options could foster people’s nonaggressive mindsets, leaving them unprepared to fight.
Physical security measures. Early warning systems, security cameras, and armed security guards significantly improve the effectiveness of an active shooter response. But organizations often face challenges when implementing these security measures in particular locations, including schools and hospitals. Besides, such security measures require large investments, which not all organizations can afford.
Additionally, some staff members in settings with ample security measures don’t use them or bypass them because of the lack of training or operation failures. This was the case at Marjory Stoneman Douglas High School, where security failed to lock a gate that later allowed the shooter unrestricted access to the campus. Additionally, there was an operational failure of the locking mechanism at Robb Elementary School in Uvalde, Texas, which again allowed the shooter unrestricted access to the school.
Environmental design. Incorporating design elements like glazed glass windows and ballistic barriers is a helpful strategy for discouraging criminal behavior and keeping active shooters at bay. Relying on this approach alone doesn’t prevent active shooter incidents or reduce casualties, though. The high cost also acts as a barrier, leaving organizations with poor design features that fail to deter active shooters.
So, what’s next? Look into multidimensional active shooter responses.
Reposted from The Washington Post
Police detained an American tourist at a Vatican museum after he disfigured two ancient Roman sculptures by hurling them to the floor, authorities said Thursday.
The man toppled the artwork on Wednesday at the Chiaramonti Museum, which is part of the Vatican Museums and home to one of the most important collections of Roman portrait busts.
Italian newspapers reported that the man grew angry because he was not allowed “to see the Pope.” A representative for the Vatican Museums told The Washington Post that his motive was unclear.
Photos shared on social media, and confirmed by the museum representative to The Post, showed the damaged busts strewn on the marble floor. One had lost part of its nose and an ear, the museum said.
A police spokesman said the 65-year-old had been in Rome for about three days and appeared to be “psychologically distressed.” He was given an aggravated property damage charge and released, the spokesman said.
The man had a paid ticket and appeared to be there alone, one of 20,000 visitors that day, Vatican Museums spokesman Matteo Alessandrini said.
“He smashed the two busts to the ground, one after the other,” Alessandrini said. Both of the toppled heads were from the ancient city of Rome, with one depicting an elderly man, and the other, a young man.
When the first hit the ground, “the loud bang echoed through the long gallery,” he said. Two Vatican police officers stationed within the museum arrived within minutes and took the man into custody.
Technicians are now working to reassemble the damaged sculptures, which had been swiftly taken to the museum’s restoration lab after the incident.
The pieces were fixable but would require 300 hours of restoration work, according to Alessandrini. “The scare was bigger than the actual damage,” he said.
Rick Steves, who runs a Europe travel business, said that although all artifacts in the museum could be considered precious, the damaged pieces were relatively insignificant.
For Steves, the downside of such incidents may also be “the loss of access to beautiful art in general.”
To avoid other incidents, the museum could choose to put more security up, as was the case after a notorious artwork assault in 1972. That year, a Hungarian geologist attacked Michelangelo’s Pietà in St. Peter’s Basilica with a hammer, damaging the Carrara marble sculpture depicting the Virgin Mary holding Jesus after the crucifixion. The statue was later repaired and put behind bulletproof glass.
“The reality is you can’t even see the Pietà from the angle Michelangelo wanted you to see it,” Steves said. “He wanted you to be up close.”
The Vatican museums, where millions of people a year flocked before the pandemic, reopened last year after coronavirus restrictions closed them or curbed opening hours.
Reposted from The Guardian
Britain’s libraries and museums are preparing to act as warm havens for people unable to afford to heat their homes in the winter months.
Ministers are being called on to provide urgent new funding so public buildings can cope with a surge in visitors during the coldest months.
The buildings will be part of a network across the country which will provide warm shelter to help reduce excess winter deaths linked to freezing conditions.
The call for support to ensure key public buildings can keep their doors open comes as organisations across the country are being confronted with vast increases in energy bills. One care homes group told the Observer that its annual energy bills are rising from £1.5m a year to £7.7m.
Alistair Brown, policy manager at the Museums Association, representing the museum sector, said: “Museums will be relied upon to respond to this crisis, but many will be struggling to heat their own spaces.
“People are beginning to understand the scale of the crisis and we don’t want to reduce the hours that museums are open.”
Catalyst Science Discovery Centre and Museum in Widnes, Cheshire, said last week that the quote for renewing its annual gas contract had risen from £9,700 to £54,362.
Isobel Hunter, chief executive of Libraries Connected, which represents the public library sector, said: “Central government should provide councils with additional funding this winter to meet rising energy costs, which would help ensure libraries stay open as vital warm refuges for their communities.”
Paul Drumm, of GLL, a charitable social enterprise that operates libraries in Greenwich in south-east London, said the borough’s libraries had already spent £28,000 on new seats and other furniture to prepare for the increase in visitors during the winter months.
He said: “We are acutely aware of the huge impact that the energy crisis will have on many living within the local community. We will be promoting our libraries as designated ‘warm spaces’ for those who can’t afford to heat their homes.”
The libraries and museums will be part of a national network of warm hubs provided by local councils, community groups and charities. South Cambridgeshire district council issued a tender earlier this month for a contract to deliver “a series of warm hubs from community buildings” to support those at risk from the cold.
Meanwhile Care England, which represents 4,500 care services, said operators were facing up to 500% increases in energy costs, with some considering reducing the number of elderly people they take from hospital wards or shutting their care homes in order to survive.
“Care services across the country will have to close this winter unless the government takes immediate action. Some providers just won’t be able to go on – they will collapse,” said Professor Martin Green, chief executive of Care England. “There is no cap on energy costs for care homes and elderly care home residents do not get any rebate from the government.”
Analysis by the consultancy BoxPower shows that care homes were paying energy costs equivalent to £700 per bed every year. But this month homes are being quoted the equivalent of £4,027 per bed for those wishing to purchase energy from October. This is an increase of around 437% in energy cost per bed in a 12-month period.
Brunelcare, which provides sheltered housing to 1,400 people and runs seven care homes in Bristol and Somerset, was forced this month to sign a new annual energy contract worth £7.7m because prices were rising by £100,000 a day. The charity was paying around £1.5m a year until last year.
“We’re in an absolutely impossible situation,” said Oona Goldsworthy, the chief executive of Brunelcare. “I’ve had one of the worst weeks ever and I’ve been through Covid so I know what hard times are like. We are being completely abandoned again.”
A government spokesperson said it had made £3.7bn of additional funding available to local authorities, which they can spend on adult social care. “No national government can control the global factors pushing up the price of energy, but we will continue to support businesses, including care homes, in navigating the months ahead,” a spokesperson said.
Headteachers say they are faced with a “double whammy” of spiralling energy bills and an increased 5% pay rise for teachers. An executive headteacher in a multi-academy trust, who oversees a number of inner city secondary schools and asked not to be named, said: “I’m already at the bare bones of support staff. We won’t replace any staff as they leave.” His schools are already rolling two classes of children together to cover temporary staff gaps.
Dan Morrow, chief executive of the Dartmoor multi-academy trust in Devon, said it was now a “race to the bottom” for schools, and the effects on children “will be profound for generations”. His trust needs to find an extra £800,000 for utility bills this year, and £900,000 for pay increases.
Amidst so much turmoil and societal change during the past few years, one core feature of humanity has remained the same: people are bad at creating strong passwords.
Despite warnings and recommendations, we still use the streets we grew up on, references to our high school mascot, phrases from our favorite movies, or the same word with a different set of numbers attached to the end for every login. The issue is a rampant one, identity management and fraud detection firm SpyCloud found in an analysis of breach exposures affecting Fortune 1000 enterprises.
“We found a 64 percent password reuse rate among Fortune 1000 email addresses in our database that have been exposed in more than one breach,” according to SpyCloud’s 2022 Fortune 1000 Identity Exposure Report. “This is four points higher than the 60 percent password reuse rate we see across our entire database, but it’s even more concerning because high password reuse is a trend we see with Fortune 1000 employees year after year.”
The researchers wrote that this trend is troubling because it means “that even their old exposures matter; criminals will use them against the employees and their enterprises for years as long as the habit remains unchanged.”
Another challenge is that the reuse of passwords is becoming an even greater point of contention for CISOs as ransomware attacks rise from exposed, reused credentials in breach records—a data set tied to an individual user in a breach that includes assets like passwords and phone numbers. Breach records associated with Fortune 1000 employees increased 18 percent year-over-year, SpyCloud found.
“The quantity of breach assets tied directly to Fortune 1000 employees grew 26 percent year-over-year to 687.23 million,” the report explained. “The five sectors with the highest year-over-year growth in breach assets are telecommunications, media, industrials, technology, and business services.”
Even when employees do not reuse passwords, the new ones are sometimes incredibly simple or obvious—especially in data sets reviewed from critical infrastructure data breaches. In four critical infrastructure sectors (aerospace and defense, chemical, energy, and industrial), company names were one of the top three to five most popular passwords.
“In far too many cases, we’re seeing as many as half of the 10 most popular passwords at a specific company containing that company’s name,” SpyCloud said.
And once these assets, including credentials, are exposed, threat actors will use them to breach an organization. In nearly 50 percent of all non-error, non-misuse breaches examined in the 2022 Verizon Data Breach Investigations Report (DBIR), threat actors used legitimate credentials to gain unauthorized access to organizations.
While some experts continue to stress the use of password managers—which create complex passwords and store them for employees—to solve this problem, other developments might quash it entirely by killing the password for most users altogether.
That effort gained momentum in the second quarter of 2022 when Apple, Google, and Microsoft committed to expanding their support for the Fast Identity Online (FIDO) standard to accelerate the availability of passwordless sign-ins.
The FIDO standard was developed by the FIDO Alliance, an open industry association that is focused on reducing reliance on passwords by promoting the development, use, and compliance with standards for authentication and device attestation. The alliance has worked to create technical specifications for open, scalable, and interoperable mechanisms for user authentication that will eventually eliminate the use of passwords.
So far, this work has resulted in the development of FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework, and FIDO2. That work is now embraced by some of the largest technology players in the world to enable—and encourage—users to take advantage of it.
“The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option,” the FIDO Alliance announced in a press release. “Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multifactor technologies such as one-time passcodes sent over SMS.”
With Apple, Google, and Microsoft’s commitments, users will be able to use two new capabilities for passwordless sign-ins. The first will let users automatically access their FIDO sign-in credentials on devices without re-enrolling their accounts. The second will let users enable FIDO authentication on their mobile devices to sign into an application or website on a nearby device, regardless of the operating system platform or browser they are using.
This works because FIDO introduced a new process that allows private keys used for authentication to synchronize across a device cloud, says Andrew Shikiar, executive director of the FIDO Alliance, in an interview at the 2022 RSA Conference in San Francisco.
“The private key is no longer on the device—it’s synced securely in a device cloud from a platform vendor, so when I go to enroll a new device on that platform, I can just show my biometric,” Shikiar explains.
Moving towards this workflow for authentication means that FIDO will be more scalable and may encourage more usability because once platform vendors implement it, users will have an easier time logging into accounts without needing to remember a password.
“Usability leads to more usage, and it can have top-line benefits,” Shikiar adds. “Security is sort of a bottom-line cost prevention—breach and theft. With better usability, you can have higher login rates so you have more commerce, more throughput, all of those things, so usability is really important.”
And implementing solutions that eliminate passwords could also reduce liability for organizations that sell products to consumers.
“Passwords lead to data breaches. They lead to account takeovers. They lead to fraud,” Shikiar says. “So, this stands to take that liability off of those organizations, off their servers and shoulders all together, and put it on to the platform providers.”
There will still be situations where organizations and users will want to use FIDO’s original security key authentication method—such as for access to intellectual property or for corporate financial management.
“Ultimately, from a security standpoint, FIDO security key will remain the gold standard of FIDO authentication in the sense that the credential will always be on that key, it won’t be synced in the cloud, and they’ll have more control over it,” Shikiar says.
After making their commitment earlier this year to implementing FIDO, Apple announced at its Worldwide Developer Conference in June 2022 that it would roll out its implementation of the new FIDO standard in the form of a Passkey. Instead of creating a password when logging into a new account, users will have the option on iOS 16 to use Touch ID or Face ID to authenticate themselves—a Passkey. Users will also be able to synchronize their Passkeys across devices by using Apple’s iCloud Keychain.
“Passkeys are a replacement for passwords that are designed to provide websites and apps a passwordless sign-in experience that is both more convenient and more secure,” Apple said in a fact sheet. “Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets. They simplify account registration for apps and websites, are easy to use, and work across all your Apple devices, and even non-Apple devices within physical proximity.”
Apple is expected to release iOS 16 in September or October 2022. Details of how Microsoft and Android will implement FIDO were not shared prior to Security Management’s press time, but Shikiar says he’s looking forward to seeing how they follow through to change the authentication experience most people have with technology.
“Passwords have the advantage of incumbency. They’re part of the fabric of the Web itself, and they’re manageable for usability in the sense that anyone can do it,” Shikiar says. “For us to uproot that, the new system needs to be just as easy and just as pervasive.”
While passwordless methodologies roll out, there are steps that organizations can take to improve their password approaches, the SpyCloud report authors said.
“To minimize exposure and safeguard data, enterprises need to enforce strong enterprise password policy with single sign-on where possible, create clear company policies on the use of business and personal devices, enforce multi-factor authentication on critical accounts, and mandate the use of password managers, as well as leverage continuous, actionable intelligence into their users’ exposure—especially in industries entrusted with a vast amount of sensitive consumer data.”
Burnout. It’s the word that has haunted organizations since the COVID-19 pandemic cranked up the pressure on remote workforces. It’s a state of perpetual emotional, physical, and mental exhaustion, and it comes with decreased motivation, lowered performance, and a negative attitude toward others or oneself. Burnout can turn overall tiredness or malaise into a state of being too exhausted to function.
While this can be personally devastating, the risk of burnout could present even deeper challenges for perpetually lean security teams. Disengaged security employees can miss warning signs of security breaches, fail to connect with other departments and stakeholders, and lose some of their passion to keep people, assets, and places safe.
Worldwide, only 32 percent of employees say they are thriving right now, according to the Gallup State of the Global Workplace 2022 Report, and 43 percent report high levels of daily stress. This is one of the drivers behind the ongoing Great Resignation; people who feel tense or stressed during the workday are three times as likely to seek employment elsewhere, the American Psychological Association (APA) found in 2021.
To combat stress burnout, however, security leaders must encourage purposeful disconnection from work without losing employees’ motivation to succeed.
For inspiration on this front, security leaders should look to military units and firefighters, says Wendy Bashnan, chief security officer for Nielsen Company. These groups are capable of sustaining periods of extreme stress and danger, interspersed with periods of rest and separation from the action. But when units come back together, they can pick up where they left off, adds Bashnan, who spent 30 years in the public sector before transitioning to private business.
Currently, she is responsible for a small team of security professionals who help the business manage security risk and resiliency across 55 countries. That breadth of responsibility means that team members need to juggle many different tasks and challenges on a regular basis. For high-performance security professionals, their motivation is often the deeper meaning they find in their work.
“To be honest, most of the people that I have worked with throughout my career, their personalities have driven them to this profession, to this field,” Bashnan says. “It’s that sense of purpose, that sense of service that motivates them.”
But that works against them when they try to shoulder too much responsibility, remaining mentally on-call at all times. And that sustained stress level leads to burnout, turnover, and even physical health issues.
“The biggest challenge for my team is to encourage them to pull back and take time off, because they feel obligated to support whatever team it is that they’re working with,” she adds. “And that feeling that if they did take personal time, they’re letting down their teammates—that’s the message we need to tweak moving forward.”
High-performance employees bring a lot to the table. They have the drive, intellect, and emotional intelligence to succeed and add value to the organization. They also bring some common psychological dynamics.
Star employees often feel the weight of others’ expectations keenly, and their drive to meet or exceed those expectations can push them to work beyond their limits, especially in times of stress or crisis, according to Harvard Business Review.
In small or short-term doses, stress can be motivational, leading to periods of intense concentration, effectiveness, and productivity. But long-term stress conditions—such as when crises pile up and overlap—undercut those benefits.
Industrial and organizational psychologists have found that hinderance stressors that are outside an employee’s control can feel like barriers to achieving good outcomes. These can include red tape, a lack of resources, or conflicting goals within the organization or department. Challenge stressors, though, can be positive. These are tasks that a person feels he or she can overcome while growing and improving, such as learning a new skill that will help the employee tackle a new responsibility at work.
“Research further suggests that people find challenge stressors motivating because they expect that if they put the work in, they can achieve an outcome they value,” wrote Stephanie Pappas for the Monitor on Psychology. “Hindrance stressors, on the other hand, feel insurmountable—no matter how hard you work, a satisfactory result is out of reach.”
Hinderance stressors were in ready supply during the start of the COVID-19 pandemic, when security professionals faced myriad unexpected challenges without the resources or autonomy to address them.
“The challenge that we’ve seen over the past two and a half years with COVID is that we’re seeing layers of crises on top of crises, so they’re overlapping for extended periods of time, and that does put additional stress on the team,” Bashnan says. “There’s a feeling that there’s never downtime.”
“Historically as an industry, we are accustomed to the rollercoaster—the highs when the crisis is most urgent and then it calms, becomes manageable, and we’re ready for the next crisis that comes into play,” she continues. “During this pandemic, we’ve been at this elevated peak of crisis that’s continued with other crises on top. Now we’re in a rollercoaster that’s twirling and spinning on top of everything, and we never get the calm we’re accustomed to.”
Although stress is not uncommon for security professionals, she says each person will need to find his or her own ways to manage and recover from it. Luckily, good managers can be there to help.
Vacations are not just fun—they are necessary, says Avril Eklund, CPP, head of global physical security for GitHub. Time off enables team members to take a step back from workplace stressors and to gain some valuable perspective and mental clarity, she adds.
Unfortunately, a paradox around work stress recovery is working against security departments. A 2018 article in the journal Research in Organizational Behavior found that “recovery processes are impaired when individuals are facing a high level of job stressors.”
In other words, the more stressful a job is at a certain time, the more compelled a high-performing worker is to put in longer hours, take fewer breaks, and even eat less healthily, further depleting the worker’s energy levels to handle the stress. Pushing through the stress simply does not work.
“I’m very fortunate that I hired really high-performing people,” Eklund says. “I meet with them every week to make sure that they’re not getting overwhelmed, because—being high performers—they’re often inclined to take on more and more and more.”
Especially after a two-year stretch of COVID-19 response, she adds that she was seeing early signs of burnout and wanted to head it off at the pass.
“People were starting to be tired coming to work, have less enthusiasm for things they used to be enthusiastic about,” she says. “I don’t think that our interpersonal relationships changed at all—nobody was being mean to each other or dropping balls—but just the lack of enthusiasm. I’d get the feeling when I talked to them that it was the same stuff, different day. The spark was missing from our conversations.”
This year, Eklund has started ensuring that her team members take vacation to address early signs of burnout. GitHub’s security team has an unlimited time off policy, but because of the cycle of crises, no one has been taking advantage of it, she says.
“They need that break from work,” Eklund adds. “And as their leader, I model that and make sure that I take time off. And when I do, I do my best to truly disconnect so that I can help them see that it’s okay for them to totally disconnect as well and refocus their minds for a week on something that’s not COVID, not security, not risk. We’ll be fine—everyone else can pick up the slack for that week, and we’ll be okay.”
This does require some planning, though. Team members heading out of the office are instructed to turn off messaging platforms like Slack and set their status to “away.” The rest of the team uses send times on email and Slack to postpone non-urgent queries from hitting the vacationing team member’s inbox.
The security team also starts a “While You Were Away” digital document, where they keep a running log of essential activities and status updates. When the person returns from time off, he or she can skim through one document to catch up, rather than scrambling to sift through a week’s worth of emails.
Eklund also works to address the rest of the organization’s assumption that security is available 24/7. She is setting expectations with outreach through the company’s Intranet to explain how the security team works and what sort of response time to expect for different queries. This enhances transparency while building in some breathing room for her team.
Taking time away also lets team members recharge their sense of purpose, she says.
“If you get an opportunity to look back at the work you’ve been doing, now you’re coming back with a different perspective,” Eklund adds. “Sometimes you need that break from the work you’re doing to look at it with fresh eyes.”
Even a short break, like taking a walk or using a long lunch break to do some gardening, can lend valuable perspective and uncover potential solutions.
Security leaders can also influence by example. Employees take cues—whether spoken or implied—from their leaders about what behavior is acceptable and expected. For employees to feel comfortable stepping away, asking for professional development opportunities, or sharing when they feel overwhelmed, CSOs must model that behavior themselves, whether by taking disconnected vacations or simply logging out at the end of the day.
While vacations and time off are an effective reboot for security teams, employees and leaders can take steps to disengage before they even leave their desk for the day. Roy Lemons, CPP, CSO for International Paper, says it’s important to develop small rituals to mark the beginning and end of the workday, especially for remote employees who no longer commute to and from a physical office or site.
At the start of every day, Lemons takes a few minutes to consider something that went well and something that went wrong the previous day, and he ponders how he could have improved his response. This reflection builds a sense of accomplishment and a drive for continuous improvement at work, he says. And at the end of the day, Lemons doesn’t just close his laptop or put it in a drawer—he powers it down completely. It would only take an extra five minutes to restart the computer in the event of an after-hours emergency, but that extra step also gives Lemons pause when he considers logging back in to answer a few emails in the evening.
“Humans always try to find the path of least resistance,” he says. “If it’s difficult for me to do it, then I ask the question ‘do I really have to do it?’” This enables him to reprioritize work versus personal activities, rather than reflexively logging back onto the computer.
A bored high-performer is a disengaged high-performer. When people are bored, their judgment, goal-directed planning, focus, and control over emotions all suffer, found neurologist Dr. Judy Willis in her paper Neuroscience Reveals That Boredom Hurts. In addition, monotonous workcan negatively impact mental health, add to stress, and lead to burnout. A lack of autonomy and the inability to grow make matters worse.
According to the APA’s 2021 Work and Well-being Survey, a lack of development opportunities exacerbates workplace stress—52 percent of employees surveyed in 2021 found that a lack of opportunity to expand had a strong impact on their job satisfaction.
At International Paper, stretch goals are part of the fabric of performance reviews, and Lemons helps his team look for professional development opportunities that fit their needs and interests. Each member of Lemons’ security team must be CPP certified, and International Paper funds their certification journeys and supports them while they pursue educational opportunities.
“If you truly want to get the value out of the training, then what you need to do is make sure to carve out time,” Lemons says. “Do not assign that person any response capability during that period; they need to be in the moment to get the value out of that and come back. We make sure there’s coverage so they can go and not get pulled into something.”
Employees do not necessarily need to look outside the company for opportunities to grow, either. Employees interested in learning more about cybersecurity can partner with International Paper’s IT department to identify key educational areas or the best certifications, and team members focused on learning more about regional risk or specific business areas can go on site visits to different locations and manufacturing facilities to expand their viewpoints, Lemons says.
Within the security department, Bashnan is cross-training her team to cover each other’s roles and responsibilities—including hers. This serves multiple purposes: it adds resiliency and backup coverage for key roles, it lets security employees try new things, and it encourages a growth mind-set, she says.
As well as diversifying skills within the security department, expanding the security team overall can free up high-performing employees’ time to focus on more proactive, strategic functions like threat hunting and building additional organizational value, Bashnan says.
“I try to earnestly include team members in the work that I am doing,” she says. “And in many ways, I am coaching them to do the work so that they can do it themselves. If I can teach them to do what I do, then I can sit back and actually be that strategic thinker and start that threat hunting that needs to be done and look around corners. That’s what the C-suite wants a CSO to do, but they don’t appreciate the amount of firefighting we have to do on a day-to-day basis that takes us away from that strategic thinking.”
“We’re always slightly understaffed, slightly underbudget, and being asked to do more with less, but you can only do so much,” she adds. “So, you’re always in a reactionary position.”
Bashnan started tapping into the 21,000 other Nielsen employees worldwide, deputizing them as de facto security employees and educating them so they can perform some tasks themselves, rather than relying entirely on the security team.
For example, a U.S. facility was broken into, and Bashnan received an email notification that morning about the event. But within that notification, the facilities and operations managers at that location outlined all the steps they had already taken—crossing those tasks off the security team’s list and keeping the response tied into local responders and capabilities.
“For me, that’s a huge win,” Bashnan says.
In crisis response, the more internal teams are involved, the more security teams can excel. For Eklund, GitHub’s COVID-19 response benefitted strongly from HR, legal, and other departments joining the taskforce.
“We are working on rebuilding our crisis management team to spread the load a little bit better across our information security function, our legal function, our HR function,” she says. “We’re the intake portal but training these other teams about what their responsibilities are so it doesn’t fall all on us.”
For a protracted crisis like COVID-19 or the war in Ukraine, one team of seven security professionals cannot carry that load, Eklund adds. “We need to be able to pull in partners.”
Don’t underestimate your influence to motivate the team.
“A leader’s words are more impactful than anybody else in the company,” Lemons says. “No matter what the boss’s boss’s boss says, your boss is the one who has the most impact on you.”
While some employees are fueled by widespread recognition, many security team members would benefit from a simple note from their CSO acknowledging their hard work and effort, even if the project fell short or could be improved.
Lemons also has calendars set up with notifications for employees’ work anniversaries and birthdays, so he can take a few minutes to send out work anniversary notifications to the team or recognize them during meetings. “It sounds silly, but it actually does mean a lot to people,” he says.
Eklund stepped up her regular check-ins with her team to have frank conversations about their hours, workload, how they are managing different time zones or responsibilities, and whether people are contacting them at all hours with queries and requests.
Reposted from Artnet News
Along with the Eiffel Tower turning off its sparkling lights earlier every evening, the Louvre’s pyramid and other monuments around Europe are responding to the ongoing energy crisis with a variety of measures that range from the symbolic to the practical.
This week, French culture minister Rima Abdul Malak said on France 2 television that the Louvre’s iconic glass pyramid would no longer be lit after 11 p.m. The Chateau of Versailles was up next, she said, with lights out by 10 p.m.—an hour earlier than usual—starting next week.
These admittedly “symbolic” measures, Abdul Malak said, “are also important for raising public awareness, and mobilizing citizens.”
Across Europe, fears of facing the coming winter, amid soaring energy costs and possible blackouts, have pushed governments to call for unified, belt-tightening efforts to reduce energy consumption. Some are also offering spending caps on electricity and gas bills, as was announced on Wednesday in the UK.
Cultural institutions and monuments have been singled out as focal points for implementing these new, power-saving tactics, as they struggle to deal with soaring energy costs. Some are even considering closing their doors to the public, at least part of the time.
“We welcome the six-month energy price cap [announced by the UK government today], which should help museums in the short-term get through the winter period,” said Sharon Heal, the director of Museums Association, representing 1,800 UK institutions, in a message to Artnet News. “However, it is only a temporary fix and will not address the systemic underfunding of the sector over the past decade.”
Heal notes that while some UK cities suggest museums serve as “warm banks,” or shelters from the cold, that may be less feasible as “some institutions are considering reducing opening hours or site closures if anticipated price rises materialize.”
“Many museums across the UK have pledged to open their doors as warm, safe spaces for their communities over the winter,” Heal added, since they are “ideal places to provide this service… But in order for us to do that we need to be able to keep the doors open.”
In Germany this week, state and federal leaders in the cultural sector met to underline the importance of cultural institutions in collective, “social self-understanding,” and to ensure they are supported during the current crisis.
The group, including German culture minister Claudia Roth, identified which institutions are part of a so-called “critical infrastructure,” or “cultural assets of great importance for cultural heritage,” to be prioritized with aid in case of a gas emergency. Plus, funds originally slated for cultural events will go towards alleviating rapidly increasing energy costs in targeted cases.
“Only together, with all of our expertise and strength, can we master the major challenges [ahead],” said German Culture Minister Claudia Roth in a statement following the meeting.
As it tries to wean itself off its heavy dependence on Russian gas, Germany is leading the charge in terms of drastic cutbacks to gas consumption, by about 21% since last year. Some analysts say that level of collective effort could keep Europe’s largest economy from running out of gas in the near future. This month, a new German law went into effect to ensure that happens.
The measure restricts heating of public buildings to a max of 19° C (66.2° F), while rooms and passageways are to be kept unheated. The initiative also forbids monuments be lit at night, except for emergency purposes and special events. Meanwhile, the German museum umbrella group, Deutsche Museumsbund has amassed a listof practical, energy-saving tips for art institutions to follow.
This summer the French government also called for “sobriety” measures to reduce energy consumption by 10% for 2024. Similar to their German neighbors, room temperatures under public jurisdiction are to be kept at a max of 19° C in winter, and no less than 26° C (78.8° F) with air conditioning in the summer. Abdul Malak announced that she had sent a questionnaire to cultural venues across the country to request “proposals and suggestions for the management… of the energy crisis,” with her ministry issuing its concluding analysis later this month.
Some museums are already leading by example. The Musée d’Orsay and the L’Orangerie in Paris told Artnet News it has reduced energy consumption by 15 percent over the first eight months of this year, versus 2021. Those results were mainly achieved by progressively changing all the museums’ lighting to LED bulbs. “The main energy costs in a museum like Orsay are linked to lighting and maintaining consistent climatic conditions in line with international conservation norms,” said a museum representative.
In 2023, the museum’s energy bill is expected to jump to 12 percent of its total budget, or more than $3 million, versus 5 percent of the 2022 budget. “Our ambition is to reduce our energy consumption by 25 percent by 2024, thanks to significant investment dedicated to ongoing LED installation, and the modernization of technical equipment controls,” the museum added.
The Orsay and other historic monuments, however, point out they were not originally designed to serve as museums, making them less energy efficient. The Orsay, a former train station, will propose “significant renovations” as a result.
The same is true in the UK. “Many museums are housed in historic buildings. They are not energy efficient and are costly to run, heat and maintain,” Heal said. “In the medium term we need investment to support museums to become more energy efficient and environmentally friendly, so we can reduce our carbon footprint and create sustainable futures for our organizations and our communities. And we need strategic long-term investment that addresses the issues caused by underfunding.” The Museum Associaton found that between 2010 and 2020, spending by local authorities on museums and galleries dropped 27 percent in real terms.
The more modern Centre Pompidou, on the other hand, was conceived as a museum, and has been regularly reducing energy consumption over the years. In response to the current crisis, the museum said it would turn off the lights on its façade as soon as it closes to the public, at 10:30 p.m. Only security lighting will remain on, while “other measures are being examined,” a museum spokesperson told Artnet News, noting renovations planned for after the 2024 Olympics will permit a 40 percent reduction of energy.
The museum’s programming joins others such as the Bourse de Commerce, Pinault Collection, in addressing environmental issues this fall.
The Louvre is also doing its part. In addition to turning off its glowing pyramid at 11 p.m. instead of 1 a.m., it set a 10 percent energy reduction goal back in 2019, to be reached over a 5-year-period. And in 2021, the museum said it reduced its energy by 17 percent compared to 2018, to 74,500mW.
“All together,” a Louvre spokesperson told Artnet News, “that represents 1,160 tons less CO2 emissions per year, the equivalent of 10,000 trips from Paris to Marseille by car.”
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 2015 - 2018 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us
