INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from The Observer
Two climate activists were arrested after throwing tomato soup on a Vincent Van Gogh painting hanging in London’s National Gallery and gluing themselves to the exhibit wall.
The demonstration, which took place this morning (Oct. 14), is the latest escalation in a series of protests across Europe which have art institutions rethinking security protocols and American museums worried the demonstrations may spread.
Today’s protestors targeted a glass-covered 1888 Van Gogh entitled Sunflowers, according to a statement from the National Gallery. “The room was cleared of visitors and police were called. Officers are now on the scene. There is some minor damage to the frame but the painting is unharmed,” wrote the museum, which confirmed the two demonstrators were arrested and the painting is now back on display.
The action was planned by Just Stop Oil, a U.K. climate group, and carried out by Phoebe Plummer, 21, and Anna Holland, 20. “Is art worth more than life? More than food? More than justice?” asked Plummer during the demonstration, after opening a can of Heinz soup and tossing its contents on the painting behind her.
“This is not a one-day event, this is an act of resistance against a criminal government and their genocidal death project,” reads a press release from Just Stop Oil. “Our supporters will be returning—today, tomorrow and the next day—and the next day after that—and every day until our demand is met: no new oil and gas in the U.K.”
Just Stop Oil demonstrators have glued themselves to artwork in prominent U.K. museums over the past few months, targeting London’s Courtauld Gallery and Royal Academy of Arts, in addition to museums in Glasgow and Manchester. In Italy, climate group Ultima Generazione has staged similar protests at Florence’s Uffizi Gallery and the Vatican Museums, while German environmental organizers from Letzte Generation Group struck museums in Berlin, Munich, Dresden and Frankfurt over the past month. All three climate groups are funded by the Climate Emergency Fund, a California-based fund founded in 2019 by philanthropic millionaires to support environmental activism.
“They certainly are persistent. For a while there they were just touching the frame and not doing much else, but this is getting ridiculous,” said Steve Keller, a museum security consultant whose clients include the Smithsonian and Washington D.C.’s National Gallery of Art. The escalation of protests signifies a U.S. demonstration will likely occur soon, according to Keller, who said American museums have become worried and begun formulating response plans. “I know they’re concerned,” he said.
However, U.S. museums probably won’t be willing to make any significant security changes until they are targeted, said Keller. “Museums are very slow to react on something like this.”
Implementing strengthened security protocol is a delicate balance in museums, he said. Intensified screening measures are often rejected because they make for an unfriendly environment, while barriers around high-value artwork lessen the experience for average museum-goers. Keller recalled how barriers placed around artwork at the Uffizi Galleries, which took place in the early 1990s after bombings, “totally destroyed the visitor experience.”
Museums are an ideal target for protests because of their high profile and soft security, according to Keller. “Demonstrators are not likely going to be in a situation where someone gets shot by a security guard,” he said.
Despite the fact that art institutions so far haven’t visibly implemented any new security changes in light of the protests, Keller believes this will likely change soon. “If it happens three more times, museums may change their thinking about this.”
See Original Post
Reposted from Security Management Magazine
It’s no secret that active shooter incidents are becoming increasingly common in the United States. The Federal Bureau of Investigation found that there had been a 100 percent increase in such incidents between 2016 and 2020, doubling from 20 incidents to 40.
Adding to the danger, active shooter situations unfold rapidly and pose a high risk of injury or killing. Plus, these incidents cost organizations billions of dollars annually while dramatically affecting the productivity and morale of employees.
Well-considered procedures and strategies are essential to help mitigate the risks from active shooters. Some of the most effective active shooter response strategies pertain to Run. Hide. Fight. training, physical security measures, and environmental design discouraging criminal behavior. But identifying the best technique amid chaos can be tough, with indecision possibly incapacitating stakeholders and putting employees’ lives in imminent danger.
There’s an urgent need to develop a universal set of actions to help organizational stakeholders make better decisions regarding active shooter incidents. Acting quickly and decisively can be the difference between life and death.
After a thorough analysis of four case studies, the author found that a multidimensional strategy—one that combines the strengths of different response strategies—is best for minimizing harm in active shooter incidents. This type of strategy could prevent nearly 50 percent of casualties in an active assailant incident while significantly enhancing an organization security program’s effectiveness.
While a wealth of research supports the success of one-dimensional strategies for responding to active shooter incidents, this approach isn’t entirely effective for preventing these events and minimizing loss. Additionally, most existing studies focus solely on incidents in specific locations, such as healthcare facilities, places of worship, and schools.
This limited perspective reduces the likelihood of identifying a comprehensive range of strategies that may prove helpful in these events.
Let’s assess each major active shooter response strategy in detail:
Run. Hide. Fight. The three-step training model was quick to garner recognition as of the most effective active shooter response strategies.
However, it fails to address the “freeze” response that prevents people from deciding the best course of action during an emergency. This can happen with trained individuals as well. In addition, the Run. Hide. Fight. approach is based on linear thinking. With conditions changing by the second in active shooting scenarios, victims can’t afford to evaluate their actions in a sequence.
Finally, this approach is critiqued for pushing people to act as heroes and commit to fighting the shooter. Training to attack an armed opponent takes years to master. Some believe that by including a “fight” option, you are placing people in a no-win situation where they will not survive. Conversely, some believe it reinforces a victim mindset. The criticism is that having run and hide as two options could foster people’s nonaggressive mindsets, leaving them unprepared to fight.
Physical security measures. Early warning systems, security cameras, and armed security guards significantly improve the effectiveness of an active shooter response. But organizations often face challenges when implementing these security measures in particular locations, including schools and hospitals. Besides, such security measures require large investments, which not all organizations can afford.
Additionally, some staff members in settings with ample security measures don’t use them or bypass them because of the lack of training or operation failures. This was the case at Marjory Stoneman Douglas High School, where security failed to lock a gate that later allowed the shooter unrestricted access to the campus. Additionally, there was an operational failure of the locking mechanism at Robb Elementary School in Uvalde, Texas, which again allowed the shooter unrestricted access to the school.
Environmental design. Incorporating design elements like glazed glass windows and ballistic barriers is a helpful strategy for discouraging criminal behavior and keeping active shooters at bay. Relying on this approach alone doesn’t prevent active shooter incidents or reduce casualties, though. The high cost also acts as a barrier, leaving organizations with poor design features that fail to deter active shooters.
So, what’s next? Look into multidimensional active shooter responses.
Reposted from The Washington Post
Police detained an American tourist at a Vatican museum after he disfigured two ancient Roman sculptures by hurling them to the floor, authorities said Thursday.
The man toppled the artwork on Wednesday at the Chiaramonti Museum, which is part of the Vatican Museums and home to one of the most important collections of Roman portrait busts.
Italian newspapers reported that the man grew angry because he was not allowed “to see the Pope.” A representative for the Vatican Museums told The Washington Post that his motive was unclear.
Photos shared on social media, and confirmed by the museum representative to The Post, showed the damaged busts strewn on the marble floor. One had lost part of its nose and an ear, the museum said.
A police spokesman said the 65-year-old had been in Rome for about three days and appeared to be “psychologically distressed.” He was given an aggravated property damage charge and released, the spokesman said.
The man had a paid ticket and appeared to be there alone, one of 20,000 visitors that day, Vatican Museums spokesman Matteo Alessandrini said.
“He smashed the two busts to the ground, one after the other,” Alessandrini said. Both of the toppled heads were from the ancient city of Rome, with one depicting an elderly man, and the other, a young man.
When the first hit the ground, “the loud bang echoed through the long gallery,” he said. Two Vatican police officers stationed within the museum arrived within minutes and took the man into custody.
Technicians are now working to reassemble the damaged sculptures, which had been swiftly taken to the museum’s restoration lab after the incident.
The pieces were fixable but would require 300 hours of restoration work, according to Alessandrini. “The scare was bigger than the actual damage,” he said.
Rick Steves, who runs a Europe travel business, said that although all artifacts in the museum could be considered precious, the damaged pieces were relatively insignificant.
For Steves, the downside of such incidents may also be “the loss of access to beautiful art in general.”
To avoid other incidents, the museum could choose to put more security up, as was the case after a notorious artwork assault in 1972. That year, a Hungarian geologist attacked Michelangelo’s Pietà in St. Peter’s Basilica with a hammer, damaging the Carrara marble sculpture depicting the Virgin Mary holding Jesus after the crucifixion. The statue was later repaired and put behind bulletproof glass.
“The reality is you can’t even see the Pietà from the angle Michelangelo wanted you to see it,” Steves said. “He wanted you to be up close.”
The Vatican museums, where millions of people a year flocked before the pandemic, reopened last year after coronavirus restrictions closed them or curbed opening hours.
Reposted from The Guardian
Britain’s libraries and museums are preparing to act as warm havens for people unable to afford to heat their homes in the winter months.
Ministers are being called on to provide urgent new funding so public buildings can cope with a surge in visitors during the coldest months.
The buildings will be part of a network across the country which will provide warm shelter to help reduce excess winter deaths linked to freezing conditions.
The call for support to ensure key public buildings can keep their doors open comes as organisations across the country are being confronted with vast increases in energy bills. One care homes group told the Observer that its annual energy bills are rising from £1.5m a year to £7.7m.
Alistair Brown, policy manager at the Museums Association, representing the museum sector, said: “Museums will be relied upon to respond to this crisis, but many will be struggling to heat their own spaces.
“People are beginning to understand the scale of the crisis and we don’t want to reduce the hours that museums are open.”
Catalyst Science Discovery Centre and Museum in Widnes, Cheshire, said last week that the quote for renewing its annual gas contract had risen from £9,700 to £54,362.
Isobel Hunter, chief executive of Libraries Connected, which represents the public library sector, said: “Central government should provide councils with additional funding this winter to meet rising energy costs, which would help ensure libraries stay open as vital warm refuges for their communities.”
Paul Drumm, of GLL, a charitable social enterprise that operates libraries in Greenwich in south-east London, said the borough’s libraries had already spent £28,000 on new seats and other furniture to prepare for the increase in visitors during the winter months.
He said: “We are acutely aware of the huge impact that the energy crisis will have on many living within the local community. We will be promoting our libraries as designated ‘warm spaces’ for those who can’t afford to heat their homes.”
The libraries and museums will be part of a national network of warm hubs provided by local councils, community groups and charities. South Cambridgeshire district council issued a tender earlier this month for a contract to deliver “a series of warm hubs from community buildings” to support those at risk from the cold.
Meanwhile Care England, which represents 4,500 care services, said operators were facing up to 500% increases in energy costs, with some considering reducing the number of elderly people they take from hospital wards or shutting their care homes in order to survive.
“Care services across the country will have to close this winter unless the government takes immediate action. Some providers just won’t be able to go on – they will collapse,” said Professor Martin Green, chief executive of Care England. “There is no cap on energy costs for care homes and elderly care home residents do not get any rebate from the government.”
Analysis by the consultancy BoxPower shows that care homes were paying energy costs equivalent to £700 per bed every year. But this month homes are being quoted the equivalent of £4,027 per bed for those wishing to purchase energy from October. This is an increase of around 437% in energy cost per bed in a 12-month period.
Brunelcare, which provides sheltered housing to 1,400 people and runs seven care homes in Bristol and Somerset, was forced this month to sign a new annual energy contract worth £7.7m because prices were rising by £100,000 a day. The charity was paying around £1.5m a year until last year.
“We’re in an absolutely impossible situation,” said Oona Goldsworthy, the chief executive of Brunelcare. “I’ve had one of the worst weeks ever and I’ve been through Covid so I know what hard times are like. We are being completely abandoned again.”
A government spokesperson said it had made £3.7bn of additional funding available to local authorities, which they can spend on adult social care. “No national government can control the global factors pushing up the price of energy, but we will continue to support businesses, including care homes, in navigating the months ahead,” a spokesperson said.
Headteachers say they are faced with a “double whammy” of spiralling energy bills and an increased 5% pay rise for teachers. An executive headteacher in a multi-academy trust, who oversees a number of inner city secondary schools and asked not to be named, said: “I’m already at the bare bones of support staff. We won’t replace any staff as they leave.” His schools are already rolling two classes of children together to cover temporary staff gaps.
Dan Morrow, chief executive of the Dartmoor multi-academy trust in Devon, said it was now a “race to the bottom” for schools, and the effects on children “will be profound for generations”. His trust needs to find an extra £800,000 for utility bills this year, and £900,000 for pay increases.
Amidst so much turmoil and societal change during the past few years, one core feature of humanity has remained the same: people are bad at creating strong passwords.
Despite warnings and recommendations, we still use the streets we grew up on, references to our high school mascot, phrases from our favorite movies, or the same word with a different set of numbers attached to the end for every login. The issue is a rampant one, identity management and fraud detection firm SpyCloud found in an analysis of breach exposures affecting Fortune 1000 enterprises.
“We found a 64 percent password reuse rate among Fortune 1000 email addresses in our database that have been exposed in more than one breach,” according to SpyCloud’s 2022 Fortune 1000 Identity Exposure Report. “This is four points higher than the 60 percent password reuse rate we see across our entire database, but it’s even more concerning because high password reuse is a trend we see with Fortune 1000 employees year after year.”
The researchers wrote that this trend is troubling because it means “that even their old exposures matter; criminals will use them against the employees and their enterprises for years as long as the habit remains unchanged.”
Another challenge is that the reuse of passwords is becoming an even greater point of contention for CISOs as ransomware attacks rise from exposed, reused credentials in breach records—a data set tied to an individual user in a breach that includes assets like passwords and phone numbers. Breach records associated with Fortune 1000 employees increased 18 percent year-over-year, SpyCloud found.
“The quantity of breach assets tied directly to Fortune 1000 employees grew 26 percent year-over-year to 687.23 million,” the report explained. “The five sectors with the highest year-over-year growth in breach assets are telecommunications, media, industrials, technology, and business services.”
Even when employees do not reuse passwords, the new ones are sometimes incredibly simple or obvious—especially in data sets reviewed from critical infrastructure data breaches. In four critical infrastructure sectors (aerospace and defense, chemical, energy, and industrial), company names were one of the top three to five most popular passwords.
“In far too many cases, we’re seeing as many as half of the 10 most popular passwords at a specific company containing that company’s name,” SpyCloud said.
And once these assets, including credentials, are exposed, threat actors will use them to breach an organization. In nearly 50 percent of all non-error, non-misuse breaches examined in the 2022 Verizon Data Breach Investigations Report (DBIR), threat actors used legitimate credentials to gain unauthorized access to organizations.
While some experts continue to stress the use of password managers—which create complex passwords and store them for employees—to solve this problem, other developments might quash it entirely by killing the password for most users altogether.
That effort gained momentum in the second quarter of 2022 when Apple, Google, and Microsoft committed to expanding their support for the Fast Identity Online (FIDO) standard to accelerate the availability of passwordless sign-ins.
The FIDO standard was developed by the FIDO Alliance, an open industry association that is focused on reducing reliance on passwords by promoting the development, use, and compliance with standards for authentication and device attestation. The alliance has worked to create technical specifications for open, scalable, and interoperable mechanisms for user authentication that will eventually eliminate the use of passwords.
So far, this work has resulted in the development of FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework, and FIDO2. That work is now embraced by some of the largest technology players in the world to enable—and encourage—users to take advantage of it.
“The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option,” the FIDO Alliance announced in a press release. “Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multifactor technologies such as one-time passcodes sent over SMS.”
With Apple, Google, and Microsoft’s commitments, users will be able to use two new capabilities for passwordless sign-ins. The first will let users automatically access their FIDO sign-in credentials on devices without re-enrolling their accounts. The second will let users enable FIDO authentication on their mobile devices to sign into an application or website on a nearby device, regardless of the operating system platform or browser they are using.
This works because FIDO introduced a new process that allows private keys used for authentication to synchronize across a device cloud, says Andrew Shikiar, executive director of the FIDO Alliance, in an interview at the 2022 RSA Conference in San Francisco.
“The private key is no longer on the device—it’s synced securely in a device cloud from a platform vendor, so when I go to enroll a new device on that platform, I can just show my biometric,” Shikiar explains.
Moving towards this workflow for authentication means that FIDO will be more scalable and may encourage more usability because once platform vendors implement it, users will have an easier time logging into accounts without needing to remember a password.
“Usability leads to more usage, and it can have top-line benefits,” Shikiar adds. “Security is sort of a bottom-line cost prevention—breach and theft. With better usability, you can have higher login rates so you have more commerce, more throughput, all of those things, so usability is really important.”
And implementing solutions that eliminate passwords could also reduce liability for organizations that sell products to consumers.
“Passwords lead to data breaches. They lead to account takeovers. They lead to fraud,” Shikiar says. “So, this stands to take that liability off of those organizations, off their servers and shoulders all together, and put it on to the platform providers.”
There will still be situations where organizations and users will want to use FIDO’s original security key authentication method—such as for access to intellectual property or for corporate financial management.
“Ultimately, from a security standpoint, FIDO security key will remain the gold standard of FIDO authentication in the sense that the credential will always be on that key, it won’t be synced in the cloud, and they’ll have more control over it,” Shikiar says.
After making their commitment earlier this year to implementing FIDO, Apple announced at its Worldwide Developer Conference in June 2022 that it would roll out its implementation of the new FIDO standard in the form of a Passkey. Instead of creating a password when logging into a new account, users will have the option on iOS 16 to use Touch ID or Face ID to authenticate themselves—a Passkey. Users will also be able to synchronize their Passkeys across devices by using Apple’s iCloud Keychain.
“Passkeys are a replacement for passwords that are designed to provide websites and apps a passwordless sign-in experience that is both more convenient and more secure,” Apple said in a fact sheet. “Passkeys are a standard-based technology that, unlike passwords, are resistant to phishing, are always strong, and are designed so that there are no shared secrets. They simplify account registration for apps and websites, are easy to use, and work across all your Apple devices, and even non-Apple devices within physical proximity.”
Apple is expected to release iOS 16 in September or October 2022. Details of how Microsoft and Android will implement FIDO were not shared prior to Security Management’s press time, but Shikiar says he’s looking forward to seeing how they follow through to change the authentication experience most people have with technology.
“Passwords have the advantage of incumbency. They’re part of the fabric of the Web itself, and they’re manageable for usability in the sense that anyone can do it,” Shikiar says. “For us to uproot that, the new system needs to be just as easy and just as pervasive.”
While passwordless methodologies roll out, there are steps that organizations can take to improve their password approaches, the SpyCloud report authors said.
“To minimize exposure and safeguard data, enterprises need to enforce strong enterprise password policy with single sign-on where possible, create clear company policies on the use of business and personal devices, enforce multi-factor authentication on critical accounts, and mandate the use of password managers, as well as leverage continuous, actionable intelligence into their users’ exposure—especially in industries entrusted with a vast amount of sensitive consumer data.”
Burnout. It’s the word that has haunted organizations since the COVID-19 pandemic cranked up the pressure on remote workforces. It’s a state of perpetual emotional, physical, and mental exhaustion, and it comes with decreased motivation, lowered performance, and a negative attitude toward others or oneself. Burnout can turn overall tiredness or malaise into a state of being too exhausted to function.
While this can be personally devastating, the risk of burnout could present even deeper challenges for perpetually lean security teams. Disengaged security employees can miss warning signs of security breaches, fail to connect with other departments and stakeholders, and lose some of their passion to keep people, assets, and places safe.
Worldwide, only 32 percent of employees say they are thriving right now, according to the Gallup State of the Global Workplace 2022 Report, and 43 percent report high levels of daily stress. This is one of the drivers behind the ongoing Great Resignation; people who feel tense or stressed during the workday are three times as likely to seek employment elsewhere, the American Psychological Association (APA) found in 2021.
To combat stress burnout, however, security leaders must encourage purposeful disconnection from work without losing employees’ motivation to succeed.
For inspiration on this front, security leaders should look to military units and firefighters, says Wendy Bashnan, chief security officer for Nielsen Company. These groups are capable of sustaining periods of extreme stress and danger, interspersed with periods of rest and separation from the action. But when units come back together, they can pick up where they left off, adds Bashnan, who spent 30 years in the public sector before transitioning to private business.
Currently, she is responsible for a small team of security professionals who help the business manage security risk and resiliency across 55 countries. That breadth of responsibility means that team members need to juggle many different tasks and challenges on a regular basis. For high-performance security professionals, their motivation is often the deeper meaning they find in their work.
“To be honest, most of the people that I have worked with throughout my career, their personalities have driven them to this profession, to this field,” Bashnan says. “It’s that sense of purpose, that sense of service that motivates them.”
But that works against them when they try to shoulder too much responsibility, remaining mentally on-call at all times. And that sustained stress level leads to burnout, turnover, and even physical health issues.
“The biggest challenge for my team is to encourage them to pull back and take time off, because they feel obligated to support whatever team it is that they’re working with,” she adds. “And that feeling that if they did take personal time, they’re letting down their teammates—that’s the message we need to tweak moving forward.”
High-performance employees bring a lot to the table. They have the drive, intellect, and emotional intelligence to succeed and add value to the organization. They also bring some common psychological dynamics.
Star employees often feel the weight of others’ expectations keenly, and their drive to meet or exceed those expectations can push them to work beyond their limits, especially in times of stress or crisis, according to Harvard Business Review.
In small or short-term doses, stress can be motivational, leading to periods of intense concentration, effectiveness, and productivity. But long-term stress conditions—such as when crises pile up and overlap—undercut those benefits.
Industrial and organizational psychologists have found that hinderance stressors that are outside an employee’s control can feel like barriers to achieving good outcomes. These can include red tape, a lack of resources, or conflicting goals within the organization or department. Challenge stressors, though, can be positive. These are tasks that a person feels he or she can overcome while growing and improving, such as learning a new skill that will help the employee tackle a new responsibility at work.
“Research further suggests that people find challenge stressors motivating because they expect that if they put the work in, they can achieve an outcome they value,” wrote Stephanie Pappas for the Monitor on Psychology. “Hindrance stressors, on the other hand, feel insurmountable—no matter how hard you work, a satisfactory result is out of reach.”
Hinderance stressors were in ready supply during the start of the COVID-19 pandemic, when security professionals faced myriad unexpected challenges without the resources or autonomy to address them.
“The challenge that we’ve seen over the past two and a half years with COVID is that we’re seeing layers of crises on top of crises, so they’re overlapping for extended periods of time, and that does put additional stress on the team,” Bashnan says. “There’s a feeling that there’s never downtime.”
“Historically as an industry, we are accustomed to the rollercoaster—the highs when the crisis is most urgent and then it calms, becomes manageable, and we’re ready for the next crisis that comes into play,” she continues. “During this pandemic, we’ve been at this elevated peak of crisis that’s continued with other crises on top. Now we’re in a rollercoaster that’s twirling and spinning on top of everything, and we never get the calm we’re accustomed to.”
Although stress is not uncommon for security professionals, she says each person will need to find his or her own ways to manage and recover from it. Luckily, good managers can be there to help.
Vacations are not just fun—they are necessary, says Avril Eklund, CPP, head of global physical security for GitHub. Time off enables team members to take a step back from workplace stressors and to gain some valuable perspective and mental clarity, she adds.
Unfortunately, a paradox around work stress recovery is working against security departments. A 2018 article in the journal Research in Organizational Behavior found that “recovery processes are impaired when individuals are facing a high level of job stressors.”
In other words, the more stressful a job is at a certain time, the more compelled a high-performing worker is to put in longer hours, take fewer breaks, and even eat less healthily, further depleting the worker’s energy levels to handle the stress. Pushing through the stress simply does not work.
“I’m very fortunate that I hired really high-performing people,” Eklund says. “I meet with them every week to make sure that they’re not getting overwhelmed, because—being high performers—they’re often inclined to take on more and more and more.”
Especially after a two-year stretch of COVID-19 response, she adds that she was seeing early signs of burnout and wanted to head it off at the pass.
“People were starting to be tired coming to work, have less enthusiasm for things they used to be enthusiastic about,” she says. “I don’t think that our interpersonal relationships changed at all—nobody was being mean to each other or dropping balls—but just the lack of enthusiasm. I’d get the feeling when I talked to them that it was the same stuff, different day. The spark was missing from our conversations.”
This year, Eklund has started ensuring that her team members take vacation to address early signs of burnout. GitHub’s security team has an unlimited time off policy, but because of the cycle of crises, no one has been taking advantage of it, she says.
“They need that break from work,” Eklund adds. “And as their leader, I model that and make sure that I take time off. And when I do, I do my best to truly disconnect so that I can help them see that it’s okay for them to totally disconnect as well and refocus their minds for a week on something that’s not COVID, not security, not risk. We’ll be fine—everyone else can pick up the slack for that week, and we’ll be okay.”
This does require some planning, though. Team members heading out of the office are instructed to turn off messaging platforms like Slack and set their status to “away.” The rest of the team uses send times on email and Slack to postpone non-urgent queries from hitting the vacationing team member’s inbox.
The security team also starts a “While You Were Away” digital document, where they keep a running log of essential activities and status updates. When the person returns from time off, he or she can skim through one document to catch up, rather than scrambling to sift through a week’s worth of emails.
Eklund also works to address the rest of the organization’s assumption that security is available 24/7. She is setting expectations with outreach through the company’s Intranet to explain how the security team works and what sort of response time to expect for different queries. This enhances transparency while building in some breathing room for her team.
Taking time away also lets team members recharge their sense of purpose, she says.
“If you get an opportunity to look back at the work you’ve been doing, now you’re coming back with a different perspective,” Eklund adds. “Sometimes you need that break from the work you’re doing to look at it with fresh eyes.”
Even a short break, like taking a walk or using a long lunch break to do some gardening, can lend valuable perspective and uncover potential solutions.
Security leaders can also influence by example. Employees take cues—whether spoken or implied—from their leaders about what behavior is acceptable and expected. For employees to feel comfortable stepping away, asking for professional development opportunities, or sharing when they feel overwhelmed, CSOs must model that behavior themselves, whether by taking disconnected vacations or simply logging out at the end of the day.
While vacations and time off are an effective reboot for security teams, employees and leaders can take steps to disengage before they even leave their desk for the day. Roy Lemons, CPP, CSO for International Paper, says it’s important to develop small rituals to mark the beginning and end of the workday, especially for remote employees who no longer commute to and from a physical office or site.
At the start of every day, Lemons takes a few minutes to consider something that went well and something that went wrong the previous day, and he ponders how he could have improved his response. This reflection builds a sense of accomplishment and a drive for continuous improvement at work, he says. And at the end of the day, Lemons doesn’t just close his laptop or put it in a drawer—he powers it down completely. It would only take an extra five minutes to restart the computer in the event of an after-hours emergency, but that extra step also gives Lemons pause when he considers logging back in to answer a few emails in the evening.
“Humans always try to find the path of least resistance,” he says. “If it’s difficult for me to do it, then I ask the question ‘do I really have to do it?’” This enables him to reprioritize work versus personal activities, rather than reflexively logging back onto the computer.
A bored high-performer is a disengaged high-performer. When people are bored, their judgment, goal-directed planning, focus, and control over emotions all suffer, found neurologist Dr. Judy Willis in her paper Neuroscience Reveals That Boredom Hurts. In addition, monotonous workcan negatively impact mental health, add to stress, and lead to burnout. A lack of autonomy and the inability to grow make matters worse.
According to the APA’s 2021 Work and Well-being Survey, a lack of development opportunities exacerbates workplace stress—52 percent of employees surveyed in 2021 found that a lack of opportunity to expand had a strong impact on their job satisfaction.
At International Paper, stretch goals are part of the fabric of performance reviews, and Lemons helps his team look for professional development opportunities that fit their needs and interests. Each member of Lemons’ security team must be CPP certified, and International Paper funds their certification journeys and supports them while they pursue educational opportunities.
“If you truly want to get the value out of the training, then what you need to do is make sure to carve out time,” Lemons says. “Do not assign that person any response capability during that period; they need to be in the moment to get the value out of that and come back. We make sure there’s coverage so they can go and not get pulled into something.”
Employees do not necessarily need to look outside the company for opportunities to grow, either. Employees interested in learning more about cybersecurity can partner with International Paper’s IT department to identify key educational areas or the best certifications, and team members focused on learning more about regional risk or specific business areas can go on site visits to different locations and manufacturing facilities to expand their viewpoints, Lemons says.
Within the security department, Bashnan is cross-training her team to cover each other’s roles and responsibilities—including hers. This serves multiple purposes: it adds resiliency and backup coverage for key roles, it lets security employees try new things, and it encourages a growth mind-set, she says.
As well as diversifying skills within the security department, expanding the security team overall can free up high-performing employees’ time to focus on more proactive, strategic functions like threat hunting and building additional organizational value, Bashnan says.
“I try to earnestly include team members in the work that I am doing,” she says. “And in many ways, I am coaching them to do the work so that they can do it themselves. If I can teach them to do what I do, then I can sit back and actually be that strategic thinker and start that threat hunting that needs to be done and look around corners. That’s what the C-suite wants a CSO to do, but they don’t appreciate the amount of firefighting we have to do on a day-to-day basis that takes us away from that strategic thinking.”
“We’re always slightly understaffed, slightly underbudget, and being asked to do more with less, but you can only do so much,” she adds. “So, you’re always in a reactionary position.”
Bashnan started tapping into the 21,000 other Nielsen employees worldwide, deputizing them as de facto security employees and educating them so they can perform some tasks themselves, rather than relying entirely on the security team.
For example, a U.S. facility was broken into, and Bashnan received an email notification that morning about the event. But within that notification, the facilities and operations managers at that location outlined all the steps they had already taken—crossing those tasks off the security team’s list and keeping the response tied into local responders and capabilities.
“For me, that’s a huge win,” Bashnan says.
In crisis response, the more internal teams are involved, the more security teams can excel. For Eklund, GitHub’s COVID-19 response benefitted strongly from HR, legal, and other departments joining the taskforce.
“We are working on rebuilding our crisis management team to spread the load a little bit better across our information security function, our legal function, our HR function,” she says. “We’re the intake portal but training these other teams about what their responsibilities are so it doesn’t fall all on us.”
For a protracted crisis like COVID-19 or the war in Ukraine, one team of seven security professionals cannot carry that load, Eklund adds. “We need to be able to pull in partners.”
Don’t underestimate your influence to motivate the team.
“A leader’s words are more impactful than anybody else in the company,” Lemons says. “No matter what the boss’s boss’s boss says, your boss is the one who has the most impact on you.”
While some employees are fueled by widespread recognition, many security team members would benefit from a simple note from their CSO acknowledging their hard work and effort, even if the project fell short or could be improved.
Lemons also has calendars set up with notifications for employees’ work anniversaries and birthdays, so he can take a few minutes to send out work anniversary notifications to the team or recognize them during meetings. “It sounds silly, but it actually does mean a lot to people,” he says.
Eklund stepped up her regular check-ins with her team to have frank conversations about their hours, workload, how they are managing different time zones or responsibilities, and whether people are contacting them at all hours with queries and requests.
Reposted from Artnet News
Along with the Eiffel Tower turning off its sparkling lights earlier every evening, the Louvre’s pyramid and other monuments around Europe are responding to the ongoing energy crisis with a variety of measures that range from the symbolic to the practical.
This week, French culture minister Rima Abdul Malak said on France 2 television that the Louvre’s iconic glass pyramid would no longer be lit after 11 p.m. The Chateau of Versailles was up next, she said, with lights out by 10 p.m.—an hour earlier than usual—starting next week.
These admittedly “symbolic” measures, Abdul Malak said, “are also important for raising public awareness, and mobilizing citizens.”
Across Europe, fears of facing the coming winter, amid soaring energy costs and possible blackouts, have pushed governments to call for unified, belt-tightening efforts to reduce energy consumption. Some are also offering spending caps on electricity and gas bills, as was announced on Wednesday in the UK.
Cultural institutions and monuments have been singled out as focal points for implementing these new, power-saving tactics, as they struggle to deal with soaring energy costs. Some are even considering closing their doors to the public, at least part of the time.
“We welcome the six-month energy price cap [announced by the UK government today], which should help museums in the short-term get through the winter period,” said Sharon Heal, the director of Museums Association, representing 1,800 UK institutions, in a message to Artnet News. “However, it is only a temporary fix and will not address the systemic underfunding of the sector over the past decade.”
Heal notes that while some UK cities suggest museums serve as “warm banks,” or shelters from the cold, that may be less feasible as “some institutions are considering reducing opening hours or site closures if anticipated price rises materialize.”
“Many museums across the UK have pledged to open their doors as warm, safe spaces for their communities over the winter,” Heal added, since they are “ideal places to provide this service… But in order for us to do that we need to be able to keep the doors open.”
In Germany this week, state and federal leaders in the cultural sector met to underline the importance of cultural institutions in collective, “social self-understanding,” and to ensure they are supported during the current crisis.
The group, including German culture minister Claudia Roth, identified which institutions are part of a so-called “critical infrastructure,” or “cultural assets of great importance for cultural heritage,” to be prioritized with aid in case of a gas emergency. Plus, funds originally slated for cultural events will go towards alleviating rapidly increasing energy costs in targeted cases.
“Only together, with all of our expertise and strength, can we master the major challenges [ahead],” said German Culture Minister Claudia Roth in a statement following the meeting.
As it tries to wean itself off its heavy dependence on Russian gas, Germany is leading the charge in terms of drastic cutbacks to gas consumption, by about 21% since last year. Some analysts say that level of collective effort could keep Europe’s largest economy from running out of gas in the near future. This month, a new German law went into effect to ensure that happens.
The measure restricts heating of public buildings to a max of 19° C (66.2° F), while rooms and passageways are to be kept unheated. The initiative also forbids monuments be lit at night, except for emergency purposes and special events. Meanwhile, the German museum umbrella group, Deutsche Museumsbund has amassed a listof practical, energy-saving tips for art institutions to follow.
This summer the French government also called for “sobriety” measures to reduce energy consumption by 10% for 2024. Similar to their German neighbors, room temperatures under public jurisdiction are to be kept at a max of 19° C in winter, and no less than 26° C (78.8° F) with air conditioning in the summer. Abdul Malak announced that she had sent a questionnaire to cultural venues across the country to request “proposals and suggestions for the management… of the energy crisis,” with her ministry issuing its concluding analysis later this month.
Some museums are already leading by example. The Musée d’Orsay and the L’Orangerie in Paris told Artnet News it has reduced energy consumption by 15 percent over the first eight months of this year, versus 2021. Those results were mainly achieved by progressively changing all the museums’ lighting to LED bulbs. “The main energy costs in a museum like Orsay are linked to lighting and maintaining consistent climatic conditions in line with international conservation norms,” said a museum representative.
In 2023, the museum’s energy bill is expected to jump to 12 percent of its total budget, or more than $3 million, versus 5 percent of the 2022 budget. “Our ambition is to reduce our energy consumption by 25 percent by 2024, thanks to significant investment dedicated to ongoing LED installation, and the modernization of technical equipment controls,” the museum added.
The Orsay and other historic monuments, however, point out they were not originally designed to serve as museums, making them less energy efficient. The Orsay, a former train station, will propose “significant renovations” as a result.
The same is true in the UK. “Many museums are housed in historic buildings. They are not energy efficient and are costly to run, heat and maintain,” Heal said. “In the medium term we need investment to support museums to become more energy efficient and environmentally friendly, so we can reduce our carbon footprint and create sustainable futures for our organizations and our communities. And we need strategic long-term investment that addresses the issues caused by underfunding.” The Museum Associaton found that between 2010 and 2020, spending by local authorities on museums and galleries dropped 27 percent in real terms.
The more modern Centre Pompidou, on the other hand, was conceived as a museum, and has been regularly reducing energy consumption over the years. In response to the current crisis, the museum said it would turn off the lights on its façade as soon as it closes to the public, at 10:30 p.m. Only security lighting will remain on, while “other measures are being examined,” a museum spokesperson told Artnet News, noting renovations planned for after the 2024 Olympics will permit a 40 percent reduction of energy.
The museum’s programming joins others such as the Bourse de Commerce, Pinault Collection, in addressing environmental issues this fall.
The Louvre is also doing its part. In addition to turning off its glowing pyramid at 11 p.m. instead of 1 a.m., it set a 10 percent energy reduction goal back in 2019, to be reached over a 5-year-period. And in 2021, the museum said it reduced its energy by 17 percent compared to 2018, to 74,500mW.
“All together,” a Louvre spokesperson told Artnet News, “that represents 1,160 tons less CO2 emissions per year, the equivalent of 10,000 trips from Paris to Marseille by car.”
Reposted from Radio Free Europe
Ukraine has accused Russian forces of looting priceless artifacts from a museum in the southern city of Melitopol as fighting and missile strikes continued in Ukraine’s south and east.
Melitopol Mayor Ivan Fedorov said during a national telethon that “the orcs have taken hold of our Scythian gold,” using a derogatory term by which many Ukrainians refer to the invading Russian soldiers. “We don’t know where they took it.”
The New York Times reported that the director of the Melitopol Museum of Local History, Leila Ibrahimova, said museum workers had hidden the priceless treasure in boxes in a cellar. After Russian troops abducted and interrogated her for several hours in March, Ibrahimova left Melitopol for Kyiv-controlled territory.
Melitopol has been occupied by Russian forces since early March.
Last week, she was informed by the museum’s caretaker that the Russians had discovered the boxes with the help of the Russian-appointed de facto museum director. Russian troops and intelligence officers watched as a Russian in a white lab coat carefully removed the artifacts, which are more than 2,300 years old, and took them away.
According to The New York Times, at least 198 gold items, rare old weapons, a number of silver coins, and medals were removed.
Ukrainian officials had earlier said that Russian forces had looted paintings, icons, and sculptures from a museum in the Azov Sea port of Mariupol. Officials said on April 29 that more than 250 cultural institutions had been damaged or destroyed since the Russians invaded on February 24. Kyiv has accused the Russian government of carrying out a policy of “genocide” against the Ukrainian nation.
In an interview on Russian television, the Russian-appointed de facto museum head, Yevhen Horlachev, said the artifacts “are of great culture value for the entire former Soviet Union” and accused the museum staff of expending “a lot of effort and energy” to hide them.
He did not say where the artifacts had been taken.
Russia and Ukraine have been locked in a dispute over other Scythian artifacts currently located in the Netherlands since the Russian annexation of Ukraine’s Crimea region in 2014.
The artifacts from several Crimean museums were on display in Amsterdam when Russia seized the Black Sea peninsula, and both Russia and Ukraine claimed ownership. In October 2021, a Dutch court awarded control of the treasures to Ukraine, but they remain in the Netherlands.
Melitopol Museum Director Ibrahimova said the museum’s caretaker was abducted from her home at gunpoint on April 29 and has not been heard from since.
Frequent museum goers may notice that they aren’t just expanding their minds but also unwinding them by relieving stress.
A pilot study at Brugmann University Hospital in Brussels, Belgium, is testing whether art and culture can relieve people’s everyday anxiety by focusing their minds on more positive stimuli. As part of a new six-month pilot project, some patients suffering from poor mental health will be offered a “museum prescription.”
The scheme will offer up to five free visits to Brussels cultural institutions, accompanied by friends or family. The voluntary treatment would be added to the range of existing services, including medication and therapy, and is reserved for those suffering from relatively mild conditions, such as burnout, depression, and anxiety.
Participating organizations include contemporary art space Centrale, the Fashion and Lace Museum, the Sewer Museum, and the extensive wardrobe that dresses up the city’s infamous public statue Mannekin Pis, a little boy peeing.
The initiative also aims to foster reconnection among a society that spent years locked up during the pandemic. It is hoped that the free visits will serve as a catalyst to encourage more active participation in Brussels’s rich offerings.
“I want everybody back in our cultural institutions,” the city’s deputy mayor for culture, Delphine Houba, told the Guardian. But there have long been financial and cultural barriers to access. “They don’t feel at least, they don’t think that it’s for them.”
She said the project was inspired by a 2018 scheme which saw Canadian doctors prescribe free visits to the Montreal Museum of Fine Arts.
One of the organizers, Hélène Boyer, vice-president of Médecins francophones du Canada, told the Montreal Gazette at the time that art therapy has scientifically proven health benefits. “It increases our level of cortisol and our level of serotonin. We secrete hormones when we visit a museum and these hormones are responsible for our well-being.”
The success of the pilot program in Brussels will be measured by patient feedback to their doctor. If it appears to be having a positive effect, the initiative may be extended to include more museums and other activities, such as visiting the cinema.
Often oversimplified as “See Something, Say Something,” situational awareness (SA) is a consequence of the mental process of collecting an observation, using expertise to orient or understand what was observed, and then, if needed, making a prediction of potential outcome to inform a response.
These predictions may be imperfect, but they can offer potentially life-saving glimpses into the future. As with most skill sets, experience makes all the difference, and SA can be honed. One way to improve SA is through understanding its core elements. SA applies to nearly every aspect of life, but its value is perhaps most apparent in the moments prior to an active shooter attack. Situational awareness can provide the forewarning needed to save lives.
Imagine being a security officer outside of a high school. The human eye is drawn to movement, so you observe a vehicle arriving. Nothing suspicious, just a change to the normal or baseline traffic pattern. You notice an Uber sign on the car as a student-aged male exits. You realize it is odd for students to arrive via Uber, especially near the end of the school day. The student moves away from the car, and you observe he is carrying a large black nylon case. As you orient or assess the situation, you realize it might be a rifle case. Highly focused, you recognize the person is an expelled student. The survival aspects of SA kick in, and you predict the situation is dangerous. You decide to act, implementing a campuswide lockdown and calling for police. This is an example of how SA could provide forewarning and save lives.
The ultimate function of SA is to enhance survival by predicting dangerousness. This requires recognition and analysis. The more effective the analysis, the more accurate the subsequent prediction. Occasionally, this process happens so rapidly it can be described as intuition.
“Intuition is recognition. Nothing more, nothing less,” said Nobel laureate, economist, and psychiatrist Daniel Kahneman.
People are hardwired for survival, but the programming is incomplete—it needs additional data, especially when dealing with modern environments and hazards. Our brains eagerly complete the coding by cataloging potential dangers in mental file folders called schema.
Each schema contains information about an experience, and while they are not limited to dangerous incidents, this type of schema seems to be more easily created and more readily accessible to help protect us from future hazards. For instance, touching a hot stove once is usually sufficient to form a schema that lasts a lifetime.
Schema also help with more complicated processes, and the more comprehensive and accurate the file folders on a specific topic, the greater the person’s expertise. This allows the person to orient more effectively and decide the best possible response faster. In time-critical situations, these mental file folders create tactical shortcuts. These rapid conclusions are often referred to as intuition.
Intuition is not innate, but as expertise is developed, people can rapidly access their library of knowledge to apply case-based reasoning to solve novel or new problems. When a new problem is presented, it is compared with all the cases in the library, and the case that matches most closely is used to solve the new problem. A toddler walking toward a busy street can observe the moving cars, but he or she does not have the expertise to appropriately predict danger. A 5-year-old, on the other hand, can use case-based reasoning to refrain from walking in front of something that is harmful, even if he or she has not seen the hazard before—applying knowledge about the danger of moving cars to trains or other vehicles.
The mind’s ability to recall and apply lessons learned is astounding; but also, imperfect. In his best-selling book Thinking, Fast and Slow, Kahneman explains how our brains process information. The mind has two systems, he says: system one handles reflexive tasks, like 2 + 2, and system two takes over when the task calls for deliberate thought, like 17 x 34. Whenever possible, the brain will default to system one to save energy. Kahneman calls this the law of least effort.
Intuition, which is sometimes described as rapid recognition or “knowing without knowing why,” is reflexive and resides in system one. Problems arise when the situation requires more analysis than system one can handle. This is not to suggest intuition is always wrong—it is certainly not. Intuition is typically right in two ways: it acts in response to something, and it acts in your best interest. However, intuition is fallible and should be questioned, especially when making high-stakes predictions.
For an example, answer this basic math problem in your mind as fast as possible:
A baseball bat and ball cost $1.10. The bat costs $1.00 more than the ball. How much does the ball cost?
Unless you have seen this problem before, your intuition probably came up with 10 cents, which is wrong. System one thinking made a quick calculation of subtracting one dollar from the total and assumed the balance of 10 cents was the answer. The correct answer is the ball costs 5 cents, meaning the bat costs $1.05—bringing the total to $1.10.
While intuition is imperfect, the life-saving value of rapid recognition should not be discounted. The book Left of Bang, which is based on the U.S. Marine Corps Combat Hunter Program, provides the following example. In the summer of 2004 in Mosul, Iraq, Sgt. First Class Edward Tierney was with his squad on patrol when the group observed a car parked on the sidewalk. Inside were two boys staring at the soldiers. The car was not aligned with traffic, the windows were up, and it was extremely hot. One soldier asked if he could provide the boys with water. Tierney observed, rapidly oriented, and correctly predicted danger. He ordered his men to fall back, and the vehicle exploded. No soldiers were killed or seriously injured.
People are the only creatures that willingly ignore warning signs. When a gazelle in the wild perceives danger, it will flee. It will not try to convince itself to be braver or less paranoid. However, humans are also the only creature capable of questioning intuition. System one thinking is excellent at observation, but its strength is not orientation. Whenever time allows, break the law of least effort and fully orient before moving towards danger.
Like most abilities, there are varying levels of SA. Jeff Cooper, a U.S. Marine and innovator of tactical training, pioneered the concept of color-coding awareness levels, and his system—Cooper’s Color Code—has been used to train military and law enforcement for decades. There is often overlap between levels, but the code helps to organize SA into useful categories.
White is the lowest level of SA, but it is absolutely necessary. Being asleep is at the extreme end of this level, but no one can maintain SA during all waking hours. As the mind relaxes, it loses both system one and system two abilities.
Yellow is the goal for most situations. It represents being both prepared and relaxed. This state allows both systems one and two to function, bringing intuition and complex problem-solving abilities to the table.
Orange is a state of focus and alertness to possible danger. The downside is it can create focus lock, which occurs when the mind is focused on a single thing. Sometimes focus lock is needed. For instance, if a police officer is told be on the lookout for a red SUV, he or she will often experience focus lock. Officers will be somewhat oblivious to other criminal activity to maintain a heightened ability to observe a red SUV. Sometimes focus lock is the result of a distraction, like looking at a social media feed on a smartphone. There are times when focus lock is acceptable, or even desirable—just choose those times intentionally.
The orange state is mentally taxing and cannot be sustained for long periods. Neither can red—action mode, where all focus is on the emergency at hand. Black is panic mode, which is a breakdown in physical and mental abilities. Panic is a stress response often associated with fear, and it has no survival value.
These levels have varying shades, and the mind can easily transition from level to the next. Bypassing levels under stress is difficult, though, and surprises tend to make people skip over different levels. We have all experienced being startled awake by a simple phone call that poses no threat. If the startle out of white mode—whether the person was asleep or just zoned out—came from imminent danger, panic is more likely to set in. Actively choosing when you are in the white or unfocused level of SA will help to mitigate the risk of such surprise escalations.
White should be reserved for places that you reasonably believe you are safe, such as your home. If you need to relax or focus on your phone in an unfamiliar area, take a moment to familiarize yourself with the nearest entrances and exits. This way, if an emergency startles you out of white mode, you can orient your escape faster. Mobility is survivability.
Yellow should be the goal when in public or at work. Being prepared, alert, and relaxed allows access to both systems of thinking, and it is sustainable for long periods. When something is observed that requires greater focus, it is easy to transition from yellow to orange. In the rare instances the situation requires an emergency action, progression from orange to red is efficient. Typically, a de-escalation from orange back to yellow is easy.
For most people, safety is the norm, and most of our patterns of life are routine. Recognizing these normal patterns as the baseline makes changes, or anomalies, more obvious. This also reduces what we have to observe. It does, however, require you to be alert.
Developing good habits and practicing them are critical to sustaining SA. And, because people are almost always the greatest risk, a system of observing people is vital. Sam Walton, the founder of Walmart, is credited with instructing employees to make eye contact and greet every customer they meet. Many major luxury hotel chains used this concept to create the 10/5 rule for guest interactions.
This makes for excellent customer service, but with a little understanding of what makes people dangerous, it enhances SA by engaging system one thinking to identify potential threats. A slight modification to the rule is the 20/10 guide: At around 20 feet away, make eye contact and either smile at the person or maintain a neutral expression. Quickly glance at the person to notice their attire and any objects they are carrying. At around 10 feet away, offer a friendly greeting. This approach allows you to notice carried objects, body language, and facial expressions.
Facial expressions can be an effective way to estimate the emotion of someone near you. Research studies have shown people can identify six basic categories of emotions: happiness, surprise, sadness, anger, fear, and disgust. The emotional expressions of a dangerous person are most likely to be fear and anger, but a broader SA approach should consider other factors such as carried objects and body language, not just facial expressions. Another element to consider is if the facial expression aligns with the general mood of the situation. For instance, a person showing disgust at a political rally, when most other people are happy, could be a concern.
In almost all cases, the person most responsible for your safety is you. To quote retired special operations veteran and author Patrick McNamara, “You are the agent in charge of your own personal protection detail.” In crowded environments, pay attention to the general mood of the crowd. Is it relaxed, anxious, happy, volatile? If people sense danger or intend to inflict violence, their demeanours will change. If you are attuned to these moods or atmospherics, you can respond more quickly.
Atmospherics describes the collective attitudes or mood within an environment. Sometimes that is controlled by the space, such as a casino that wants you to stay longer, but other times atmospherics are driven by the people around you. If you have ever arrived at a friend’s home and interrupted a spousal quarrel, you understand. No one needed to tell you something was off.
Reading atmospherics helps in crowded public places because it is impossible to scan everyone. Universal indicators of imminent danger—like a person aiming a weapon, major anomalies, or changes to the baseline—are easily observed. But other indicators are more subtle. Rather than trying to observe everyone, there are groups of people that, absent an overt hostile act, can be statistically discounted as a threat. Outliers exist in any statistical groupings, but past attacks indicate that members of these groups do not pose a significant risk of an active shooter type attack.
Families. While family groups are usually uninvolved in mass violence events, this does not mean attackers cannot pose as a family to try and lessen their profile.
Children younger than 10. The 1998 Westside Middle School shooting was carried out by an 11-year-old and a 13-year-old. After triggering a fire alarm to force evacuation, the killers waited in the woods to ambush staff and students, killing five and wounding 10. However, young children have rarely been perpetrators of mass violence incidents.
Men older than 70. This age may increase. The killer in the Las Vegas Route 91 Harvest Music Festival shooting was 64, and the shooter in the 2010 U.S. Holocaust Museum shooting that killed a museum special police officer was 88 years old.
Groups of intended users. A group of five or more people who are using the location for its intended purpose are unlikely to pose a threat of mass violence, such as an active shooter. However, an attacker could attempt to piggyback or join intended users to soften his or her profile. Large groups may be a greater risk for assault, as being part of a group can lead to heightened emotional states that include excitement, anger, and hostility.
Watching people is critical, but not enough. SA requires understanding your environment. An operational environment analysis (OEA) is the process of assessing a location as it pertains to your safety. Far less in depth than a security assessment, an OEA involves locating exits or paths of escape, defining intended users, and determining patterns of movement and typical behavior, which can include attire and carried objects. Understanding the environment enhances your ability to make decisions when it is time to act. Pay special attention to places where you spend the most time.
At home. Consider interior rooms that could provide a layer of safety from an intruder or severe weather. Ensure these areas have access to communication and tools for protection. Note all paths of escape, including windows. Practice opening them or place an object nearby to break and clear away glass.
At work. Consider areas that will provide protection—remember that thin walls or cubicles offer little to no cover from gunfire. Evading a human threat may be your best option. Locate objects that could provide cover along paths of escape. In a rapid evacuation, most people will attempt to flee via their same path of entry. This causes unacceptable risks and delays. At the 2003 fire at the Station nightclub in Rhode Island, the vast majority of the incident’s 100 victims became trapped at the main entrance, despite numerous other exits and ground floor windows.
Escaping a building via a window may be the best option in an emergency. Obviously lower windows are safer, but there is no way to guarantee safety.
Escaping from a ground floor window offers virtually no risk. From the second floor (10 feet), a jump is highly survivable if the person’s head is protected, but leg injuries are possible. From the third floor (20 feet), serious injuries should be expected, but the fall is survivable if the head is protected. Dropping from above 25 feet poses an extreme risk to life. The higher the distance, the lower the probability of survival.
A 2005 French study, Prognostic factors in victims of falls from height, examined 287 victims of falls. Factors that determined survivability included height of fall, age, impact surface nature, and body part that first touches the ground. In this study, 100 percent of falls from higher than 30 meters (98 feet) were fatal. Knowing the approximate height of windows before an emergency helps prepare people to make decisions under stress.
“In a moment of decision, the best thing you can do is the right thing, the worst thing you can do is nothing,” said U.S. President Theodore Roosevelt. The predictive element of SA allows people to prepare for action. In a time-critical situation, you simply cannot allow perfect to be the enemy of good.
In the OODA loop, observe and orient are elements of situational awareness. Decide and act complete the cycle, and they represent situational action.
The amount of time you have to decide or formulate a plan is dependent upon a number of factors that are likely out of your control. When time is of the essence, it may be necessary to sacrifice perfection for timeliness. One philosophy is to aim for an 80 percent solution, meaning that the decision maker can move quickly to implement a plan that most likely addresses most of the problem. In an emergency, recognizing the extent of peril and rapidly developing an 80 percent solution can save lives compared to taking the time to attempt to develop a theoretically perfect response.
While the 80 percent approach has countless non-emergency applications, in an emergency, the priority must be saving lives. For instance, if an active shooter is in a crowded school hallway, an 80 percent solution could be ordering students to run away from the shooter to the nearest exit. Is this response perfect? No. There could be another shooter, and this rapid evacuation will make student accountability a challenge. However, the response will likely remove the most students from direct contact with a shooter as fast as possible. SA comes into play here as well—it helps people better predict danger and quickly develop a plan of action.
A key premise of the 80 percent solution is training. In an emergency, people do not rise to the occasion—they drop to their lowest level of training. If they are unprepared, fear will bring about panic and system two thinking will shut down and greatly reduce problem-solving abilities. It is imperative that organizations provide sufficient training so that 80 percent solutions are viable.
Proper training should instill the confidence to react under stress. An 80/20 solution accepts an imperfect plan and embraces change during execution. For instance, if a shooter is in a classroom, the priority must be to enter the classroom. There are numerous unknowns: Do I have adequate firepower? Where is the shooter in the room? Will students be in the way? A theoretically perfect plan may attempt to address these issues, but the cost is time. Sufficient training prepares an officer to move forward with an 80 percent solution that prioritizes entry.
Fear and panic are connected. But in an emergency, fear is manageable; panic can be deadly.
Fear is generally classified as an emotion, whereas panic is defined as a physical response to stress. We can feel fear with panic, and we can panic without fear. When fear and panic are combined, the experience is more severe and can be termed extreme survival stress. This process starts with an observation that is perceived as threat to survival. Once the threat is perceived, absent a more logical survival plan, the brain’s amygdala sends an all-systems alert that triggers extreme survival stress or a severe level of black on Cooper’s Color Code.
Symptoms of extreme survival stress—none of which are conducive to surviving a modern-day emergency—include freezing, irrational decision making, submissive behavior, perception of slowed movement or time, high heart rate, shaking, or poor communication.
Surprise, when coupled with fear, can initiate panic and extreme survival stress. Often, SA can prevent or mitigate the surprise, preventing the subsequent stress response. If you have observed a person, oriented their movement, attire, body language and/or facial expression, and predicted that something is off, you are less likely to be surprised if the person is violent. Ideally, that prediction will prompt an 80 percent solution if things escalate. If you failed to observe the person until he or she is already in the process of an attack, panic is far more likely.
When properly honed, SA is your most valuable survival tool. It isn’t a mystical force, or a superpower limited to special operations. SA is a mental process that can be enhanced by comprehending how it works, observing people, understanding your environment, and continually improving your knowledge about the patterns of life.
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 1999 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us
