INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from Security Management Magazine
Receiving executive buy-in for crisis planning and program development can be a daunting endeavor. Most private sector industries have few legal or regulatory requirements specific to security or crisis programing. Additionally, security and crisis management programming are sometimes not viewed as priorities or aligned with the corporate mission. Finally, most security and crisis professionals are left to try to influence executives with limited budgets and staff. I learned these challenges the hard way.
For more than 10 years in the U.S. federal government, I was part of several large-scale emergency responses and planning efforts at the executive level. I engaged with top-level government executives and foreign dignitaries. In 2012, I transitioned to a private sector emergency management role. I was hired to create comprehensive crisis response plans and to train all employees—including the C-suite—on their roles during a crisis. I assumed the importance of life safety would be an easy sell. I was wrong.
I quickly learned that I didn’t speak the language of my new environment and I no longer had the power I had in government to issue mandates and penalize non-compliance. For me to be successful in the private sector, I needed to rethink my approach and find a way to influence people without having many rules or regulations that I could lean on.
So, I developed a three-pronged strategy that helped me create successful crisis management programs for Fortune 500 organizations and other businesses and non-profits.
A major difference between private and public sector emergency management is what words are used to get financial buy-in. In the public sector, statements such as “leveraging the whole community” or “will save the most lives” are typical lead sentences when requesting federal grant dollars. In the private sector, though, the emphasis is on words that show how you can save the company money.
For instance, if you are trying to earn buy-in to launch an emergency notification system to communicate with your employees during a crisis, concentrate on the following: Show how the system will decrease the company’s risk, demonstrate how implementing this system positively impacts the corporate brand, and highlight what types of insurance coverage discounts the company can receive if the system is implemented.
A sample pitch to get funding for the system could be:
Investing in a company emergency notifications system:
There is no single better way to get funding and executive support for your crisis management program than a real-life crisis. This is the time the security lead or crisis manager can truly show how they can add value by stepping up to coordinate the company’s response. Use the crisis as the springboard to establish the process and protocol you want to build and document for future responses. Simply pulling together a basic situation briefing call with the core corporate functions provides an important example of how corporate response should be done, and it quickly defines your company’s duty of care to its employees.
Try to side-step the whole “who is in charge” issue. In the private sector, the CEO is always in charge, and no corporate crisis plan should suggest otherwise. It is the job of the security or crisis leader to showcase how they can facilitate the response by ensuring the appropriate corporate leaders are around the table and guiding them through the decision-making process.
I witnessed hours lost in one company’s response because the security director got into a shouting match with his C-suite executives by saying he was the incident commander, and they must follow his directions.
The title incident commander is standard public sector vernacular, but it doesn’t translate to the private sector. In any corporate crisis plan, designate an incident coordinator instead—that simple word change completely shifts dynamics and avoids many clashes over territory. Finally, remember the private sector is rarely required do anything when it comes to crisis planning.
In the United States, traditional public sector emergency planning is driven by a set process and protocol typically outlined by the U.S. Federal Emergency Management Agency’s (FEMA) rules and regulations. There are federal guidelines that specifically detail the requirements for hazard mitigation plans, emergency operations center plans, etc. Although there are industry best practice recommendations for crisis management and planning in the private sector, such as ISO 22361, requirements are few and far between. Often, businesses will recognize they need some sort of crisis response plan, but the focus will be on the management of a specific incident instead of looking at the big picture—how the company will respond as whole and what expectations, roles, and responsibilities employees have.
One of the best approaches to get engagement for corporate crisis planning is to conduct a very simple 30-minute tabletop discussion with your executives. This is the opposite of the public-sector approach of building your plan first then testing it with an exercise. I have found a lot of success by gently throwing executives into the deep end. Talking through a crisis scenario quickly opens executives’ eyes to their personal knowledge gaps and how these gaps pose a risk to the company.
I once did a tabletop discussion with executives that focused on their earthquake response protocol (knowing they had none). My 30-minute timeframe got extended to more than two hours because the executives realized they had no protocols in place. Of top concern was they had no plans on how to communicate with their employees nor knowledge of what do if the server in the building was damaged. A server that had no fail-over and held millions of dollars of intellectual property content. That conversation got me the support I needed to develop a comprehensive all-hazards response plan and crisis communication protocol for the company.
Although there are many differences between public and private sector crisis planning, no corporate plan should be done in a vacuum without engagement with local emergency response agencies. Many corporate plans have been written without communicating with local responders or even an understanding of local emergency response protocols, and this makes the company’s crisis response plan worthless. For example, if you don’t know in what type of situations local responders will shut off access to a company’s facilities, you and your employees can find yourselves not being able to work for days.
See Original Post
Reposted from NBC Connecticut
Dropping temperatures have played a role in the temporary closure of one of Hartford's libraries.
Officials say the city's Main Street library will be closed for at least a week after a four-inch water feed line to a chiller in a fourth floor penthouse broke around 10:30 Saturday morning.
All four floors of the library suffered water damage and a lengthy clean up process is currently underway.
“While this situation is serious, we are thankful the damage is not more extensive,” said Hartford Public Library President and CEO Bridget E. Quinn. “The Hartford Fire Department was incredible in their response, as well as library staff who assisted today.”
Most of the computer equipment and furniture on the first two floors, as well as a portion on the third floor, were damaged as a result of the pipe burst. However, the library collections suffered far less damage.
More information is expected to be released as clean up efforts and damage evaluations continue.
Reposted from Artnet News
A member of the Oklahoma City Museum of Art is facing a felony charge after stealing a small sculpture from an exhibition of the museum’s glass collection.
Roughly a third of the nearly 180-piece Rose Family Glass Collection is currently on view in a show of highlights of a recent donation from the children of Jerome and Judith Rose.
The thief is Christopher Lambert, who is accused of sticking a small but valuable glass artwork in his pocket and walking out of the museum.
But Lambert wasn’t done. It appears he hid the sculpture under his car tire and then returned to the scene of the crime, presumably to see the rest of the exhibition.
Fortunately, an observant employee quickly realized that it was missing from the display and sounded the alarm.
A quick review of the security footage made clear what had happened.
“We were able to identify a probable suspect. We didn’t immediately know all of the details of the theft upon discovering its absence, so of course we were concerned with the condition of it,” museum president and CEO, Michael Anderson, told local news outlet News 9.
The museum has not identified the stolen work, but it is worth $70,000, according to court records.
Even before the Rose donation, the institution had an extensive and collection of contemporary glass art.
The Roses began their collection in 1977, and, over the next 40 years, acquired work by 83 artists. Many were graduates of Seattle’s Pilchuck Glass School, co-founded by Dale Chihuly, with whom they became friendly through many trips from their home in Atherton, California.
Fortunately, it only took about a week to recover the stolen sculpture.
“Thankfully,” Michael said, “when we got it back it was still in pristine condition.”
Reposted from The New York Times
For Hans-Peter Wipplinger, the director of Vienna’s Leopold Museum, the last few weeks have been challenging. As climate protesters across Europe stepped up their attacks against art, Wipplinger took measures to protect his storied collection, which includes famous paintings by Gustav Klimt and Egon Schiele. Bags were banned; coats, too. The museum hired extra guards to patrol its five floors.
It didn’t work. Last week, members of a group called Last Generation walked into the museum and threw black liquid at one of Klimt’s major works, “Death and Life.” A protester had sneaked the liquid into the museum in a hot water bottle strapped to his chest, Wipplinger said.
The Klimt, protected by glass, was unharmed. But Wipplinger said his security team could only have stopped the attack by subjecting visitors to invasive body searches, “like at the airport.” He didn’t want to even consider that prospect, he added.
“If we start such procedures, the whole idea of what a museum is dies,” Wipplinger said. “A museum is a place that should always be open to the public,” adding: “We can’t stop being that.”
With the attacks showing no sign of abating, museum directors across Europe are settling into a nervous new equilibrium, fearful for the works in their care but unwilling to compromise on making visitors feel welcome. So far, nothing has been permanently damaged. But many fear that an accident, or an escalation in the protesters’ tactics, could result in a masterpiece being destroyed.
The actions, which began in Britain in June, are already increasing in frequency and daring. At first protesters glued themselves to the frames of famous paintings, but since footage of activists splattering Van Gogh’s “Sunflowers” with tomato soup spread rapidly on social media last month, masterpieces have been doused in pea soup, mashed potatoes and flour.
Those works were all protected by glass, and the protesters’ projectiles never touched an artist’s brush stroke. Yet last Friday, protesters in Paris poured orange paint directly onto a silver Charles Ray sculpture outside the Bourse de Commerce contemporary art space. (A Bourse de Commerce spokesman said the sculpture was cleaned within a few hours.)
In a statement earlier this month signed by the leaders of over 90 of the world’s largest art institutions — including Daniel H. Weiss, the chief executive of the Metropolitan Museum of Art, and Glenn D. Lowry of the Museum of Modern Art in New York — museum administrators said they were “deeply shaken” by the protesters’ “risky endangerment” of artworks. The activists “severely underestimate the fragility of these irreplaceable objects,” the statement added.
Yet few museums appear to have taken bold steps to protect their collections. Norway’s National Museum and the Barberini Museum in Potsdam, Germany, have, like the Leopold Museum, banned visitors from taking bags or jackets into their exhibition halls. Others have made no changes. In London, visitors may still carry bags around museums including the National Gallery, Tate Britain, Tate Modern and the British Museum. All four inspect bags at their entrances, but the checks are often cursory. At Tate Britain last Friday, security guards waved through several visitors without looking inside their backpacks.
Wipplinger, of the Leopold Museum, said there was little that a bag check could achieve, anyway, since items like tubes of glue were easy to conceal. “If a person wants to attack an art piece, they will find a way,” he said.
With museums reluctant to act, politicians are beginning to weigh in. On Sunday, Gennaro Sangiuliano, Italy’s culture minister, said in a news release that his department was considering the actions it could take, including a requirement to cover all paintings in Italy’s museums with glass. Such a program would be expensive and museum entrance fees would rise as a result, Sangiuliano added.
Wipplinger said his teams had been protectively glazing works in its collection for decades, but couldn’t do that quickly for every remaining piece. Nonreflective glass was costly, he said: Work on a painting of moderate size — a square yard, say — could come in at around $1,000.
Robert Read, the head of art at the insurance company Hiscox, said that he was advising museum clients to put more works in their collections behind glass, but Hiscox’s policies did not require it. A contemporary art installation, for instance, simply couldn’t be glazed, he said.
And sometimes a barrier between a painting and its audience is contrary to the work’s spirit. Mabel Tapia, the deputy artistic director of the Reina Sofia museum in Madrid, said she would never allow that collection’s highlight, Picasso’s 1937 antiwar masterpiece “Guernica,” to be displayed behind glass. It was “a symbol of freedom, and of the fight against fascism,” she added.
Tapia said she had recently redeployed security guards so they could focus on high-profile works — something she commonly does at times of protest — but she felt there was little more she could do. “The only measure that would actually do something is if we closed the museum,” Tapia said, “and we’re not going to do that.” Museums are meant to be places where people meet to think about important issues, she added. “We need to keep them open.”
There was “no silver bullet” for dealing with the protests, Read, the insurer, said. Museum administrators just had to hope the protesters remained “genteel, middle-class liberals” who took steps to avoid permanent damage, he added.
Florian Wagner, 30, the member of Last Generation who threw the black mixture at the Klimt painting in the Leopold Museum, said by phone that he knew before the protest that the work was protected by glass. He practiced the stunt five times at home, he said, and was convinced it would not disfigure the painting. “We are not trying to destroy beautiful pieces of art,” Wagner said, but to “shock people” into acting on climate change.
He wouldn’t be staging any more protests, he said, adding, “I think I’ve made my point.” But he said he was sure others in Austria and across Europe would continue. The actions would only stop, he added, once governments “act on this crisis.”
Reposted from ArtNews
Since 2020, art museums worldwide have faced mounting pressure to remedy inequity in their institutions, starting with plans to increase diversity and throughout their operations. According to two studies released today (one by the Mellon Foundation and the other by the Black Trustee Alliance for Art Museums), U.S. museum staff has diversified—though likely not to the degree most demonstrators had hoped.
Produced in partnership with the American Alliance of Museums and the Association of Art Museum Directors, the Mellon Foundation’s “Art Museum Staff Demographic Survey” found that compared to the previous two surveys it has published, in 2015 and 2017, museum staffs have seen “moderate” increases in number of people of color across all museum roles. In 2015, 27 percent of museum staff included in the report identified as people of color; in 2022, that number rose to 36 percent. The increase includes museum managerial roles, where the number of Black managers has more than doubled since 2015.
The data was gathered by Ithaka S+R between February and April of this year from the responses of more than 30,000 individual museum staffers across 328 participating museums in North America. “Substantial” increases in diversity were made in museum departments including security, facilities, and education—departments which are historically overrepresented by people of color, and which saw the greatest job losses as a result of the Covid-19 pandemic. However, participating museums reported that they have “dramatically” increased staffing in all of these areas since 2020.
Additionally, the gender ratio on museum staffs have been constant since the first 2015 survey, at 40 percent male and 60 percent female, with increases for women’s representation in museum leadership roles (58 percent in 2015 to 66 percent in 2022).
“Though progress remains slow and uneven, the demographics of museum employees across the country are becoming more reflective of the diverse communities their organizations serve,” Elizabeth Alexander, president of the Mellon Foundation, said in a statement. “We are pleased that the information and insights included in this latest survey will further equip and encourage American museums to build even more representative and robust arts and culture institutions throughout the United States.”
Also released today was the inaugural survey report by the Black Trustee Alliance for Art Museums, a network established in 2021 to “dismantle barriers that block the entry and advancement of Black staff and leadership in the cultural field,” according to the report materials. The alliance includes many of the world’s top collectors, such as Pamela J. Joyner, Denise B. Gardner, and Raymond J. McGuire, its co-chair.
The alliance’s report, titled “The BTA 2022 Art Museum Trustee Survey,” received responses from one of more trustees from 134 art museums, with 83 of those museums sending responses from at least one Black trustee. In total, the report includes data from over 900 trustees who responded, as well as follow-up interviews with 20 Black trustees. The report is intended to present data about the “the characteristics, roles, and experiences of Black trustees in North American art museums,” according to a release.
“BTA’s inaugural Art Museum Trustee Survey Report is the first to capture the unique position of a Black trustee. While one can more easily observe the low numbers of Black museum trustees, the extent of the racial disparity at the board level has not yet been clearly articulated or documented otherwise,” the report continued. One of the few data points on the subject was published in 2017 by the American Alliance of Museums and found that nearly 50 percent of museum boards lacked even one person of color.
With support from the Mellon Foundation, BTA partnered with Ithaka S+R to conduct interviews of 20 Black trustees to understand why they are so underrepresented on museum boards. Researchers concluded that most are simply not approached to join, and museum directors are more likely to invite individuals already in their social and professional circles—which, according to the report, are “racially stratified.” Black trustees, consequently, are less likely than white board members to have family members that already serve or have served on art museum boards.
The report shares several takeaways: Black trustees tend to be younger and are less likely to “show indications of intergenerational wealth” than white board members; Black trustees also hold more Ph.D.s and professional degrees than their counterparts on museum boards; and are more represented on DEI committees, compared to collections and acquisitions committees.
“Looking ahead, we understand the importance of establishing a benchmark from which we can measure changes in the field,” BTA said in a statement, which continued: “Creating an equitable institution takes time. And while our overall objective is clear, the way to get there is not—and rightfully so, since no two institutions operate the same way.”
Organizational stakeholders must invest more time and effort into gaining better insight into the prevention of and survival from active shooter incidents. With a clear understanding of the risks and opportunities involved in an active shooter situation, stakeholders should implement the following strategies to achieve a successful multidimensional response.
Many organizations still don’t have an active shooter response plan in place, and even fewer have trained their employees on what to do.
This is a huge mistake.
It’s crucial for organizational stakeholders to commit to active shooter response training so that all employees know what to do in this type of situation. In most cases, employees become more confident and interested in active shooter response training when leaders are supportive of it. Several studies found that employees gain confidence in the training programs when the organizational leadership is supportive of them. For details, see the studies Employee variables influencing ‘Run Hide Fight’ policy knowledge retention and perceptions of preparedness in the hospital setting; Implementation of a comprehensive intervention to reduce physical assaults and threats in the emergency department; or Managing aggression in organizations: what leaders must know.
Active shooter response training should be an ongoing process, not a one-time event. Employees should receive regular training on how to respond to an active shooter situation. The frequency of training will depend on the size and complexity of the organization. Small organizations may only need to train once per year, while large organizations may need to train multiple times per year.
Organizational stakeholders should commit to active shooter response training by providing the necessary resources and support. Training should be conducted by qualified instructors experienced in law enforcement or military operations. Employees should be given the opportunity to ask questions and receive feedback after the training. Employees should also be familiar with the layout of their workplace and have a plan of action in case of an emergency.
Employees should be physically and mentally prepared to face an active shooter. They should know how to identify potential threats and what to do if they find themselves in an active shooter situation.
The importance of mental training alongside physical preparation can’t be stressed enough. Natural survival responses are fight, flight, and freeze. Approximately 50 percent of those receiving training fully comprehend how to identify a threat and react during an attack, according to research in the report Freeze for action: Neurobiological mechanisms in animal and human freezing. This is one of the reasons victims fail to identify the situation as an emergency and freeze at the hands of the shooter in several active shooter incidents.
While this is a natural reaction to a terrifying and dangerous event, the inability to think or act decisively in such a critical moment can be deadly.
The first step in training your employees to face an active shooter is to understand why they may freeze—most often, it’s because of fear. When faced with a threat, the human brain goes into survival mode. This causes people to focus on the danger and tune out everything else. They become paralyzed by fear and are unable to act.
To overcome this response, employees need to train their brains to focus during a crisis. This can be done by practicing visualization exercises. The key is visualizing how you would respond if you were in an active shooter incident. Placing yourself in the environment through visualization creates familiarity and eliminates the feeling of being caught off guard because you’ve already experienced it. This accelerates the decision-making process and reduces the freeze response.
In these exercises, employees are instructed to picture themselves in a scenario where an active shooter is present. They should be able to visualize themselves confidently taking decisive action, escaping, and stopping the threat. With this powerful visualization, your employees can train their brains to respond differently in a real-life situation. When faced with an active shooter, they will be more capable to think straight and come up with an effective solution.
Another effective technique to help employees overcome the freeze response involves adding elements of stress during training, such as introducing a timing component. For example, monitor the time required by the staff to evacuate the building during an active assailant drill. Drills should be altered each time by changing the location of attack and available escape routes. This will instill the urgency of the situation in employees’ minds and prepare them to think and act consciously in the face of threats, ensuring their safety instead of freezing.
With that said, organizational stakeholders should openly embrace workplace violence training and invest in improving the employees’ defenses against active shooters.
A little effort will go a long way in boosting employees’ morale and instilling the much-needed confidence and courage to make conscious decisions in the face of an active threat.
Organizational stakeholders must realize their responsibility towards ensuring operational readiness to promote the effectiveness of security measures.
This includes installing and maintaining technology and training people to use it well. Security cameras, for example, are a vital piece of security equipment. They can help deter potential shooters from even attempting an attack and can provide critical information to law enforcement if an attack does occur. But if those cameras are not properly maintained, they may not be working and could even fail completely during an attack.
Fences can help keep potential shooters out of the premises while also providing a barrier that can slow down or stop an attacker who does manage to get onto the property. But if a fence is not maintained, it may have gaps or holes that an attacker can exploit.
Similarly, radio systems should be tested for transmissibility at multiple locations to identify possible dead spots.
Apart from this, all employees should receive training on the policies governing security locks, cameras, and entry card systems.
Stakeholders must ensure that all employees know how to use the security equipment during emergencies. They should also know how to protect and maintain it to effectively protect the premises and the people there.
In many active shooter incidents, the failure of a one-dimensional approach exposes employees to dangers that could have otherwise been prevented. Often, organizational stakeholders will have to face the consequences of the snowball effect of these failures. Failure to maintain security equipment leads to unrestricted access by assailants or intruders. Poor environmental design reduces the likelihood of observing an active shooter before an attack. Inadequate training leads to employee confusion during an attack resulting in increased casualties.
A multidimensional strategy should include:
There are a variety of pitfalls in developing an active assailant action plan. There have been instances where security guards fail to identify or report suspicious individuals, enabling active shooters to carry out their objectives. In addition to this, staff members that lack awareness of organizational safety policies may unknowingly violate rules. They often leave doors unlocked, allowing undetected access to intruders.
Just as good environmental design can deter an assailant, bad environmental design (overgrown foliage, unlit doorways) can offer a malicious actor places to hide, ambush people, or enter a facility unseen. Furthermore, if camera systems are inoperable or time-delayed, the intruder can advance his or her mission and attack.
This is why redundant measures are so critical for a successful security plan—they safeguard against a bypassed system, preventing an active shooter from entering the building and causing harm.
The multidimensional approach to active shooter response interweaves physical and mental training of the employees, installation of physical security measures, and integrating of environmental design elements that discourage deviant behavior.
This strategy lends the redundancy needed to strengthen the security structure of an organization.
Thankfully, there are multiple resources available to assist stakeholders with creating a multidimensional approach. These include online resources, well-trained and qualified security professionals, and local law enforcement agencies. Two online resources are the FBI’s Active Shooter Resources webpage and the U.S. Department of Homeland Security’s Active Shooter: How to Respondbooklet. Quality security professionals should have at a minimum military or law enforcement experience, and crime prevention through environmental design (CPTED) certification. Additional security certifications through ASIS are also desirable.
While the individual strategies against security threats used by physical and cyber security professionals are relevant and effective, combining these techniques into a single security management program is the best way to maximize protection against active shooters.
Last week, in what could be a major turning point in its war against Ukraine, Russia announced a retreat from the war-torn city of Kherson. But before the occupying troops left the strategic city, they emptied one of its most important artistic institutions.
According to the Ukrainian military’s National Resistance Center, Russian soldiers looted nearly 15,000 objects from the Oleksiy Shovkunenko Kherson Art Museum and other cultural venues in the region two weeks ago. The move came just days after Vladimir Putin imposed martial law in Kherson and three other Ukrainian territories, effectively legalizing the “evacuation” of cultural heritage.
The Kherson Art Museum confirmed the theft in a Facebook post, explaining that between October 31 and November 3, three or four dozen Russian troops arrived at the institution and “took out works of art and office equipment—everything they saw, everything their raking hands could reach.”
Paintings and other works of art were “wrapped in some kind of rag,” rather than proper packing supplies, according to the museum, and loaded on trucks and buses. The looted goods were then transferred to Simferopol in Crimea.
The museum explained at the time that its administrators did not know what was stolen, but said there was little doubt that the “most valuable” items in the collection were targeted.
“In their opinion, this is called ‘evacuation,’” the museum’s post read. “In our opinion, [it is] looting under the slogans of ‘preserving cultural values.’”
Prior to the incident, the museum’s collection included religious paintings from the 17th and 20th centuries, Ukrainian art from the second half of the 19th and early 20th centuries, and contemporary art from the last 100 years. In a media briefing addressing the theft, the head of the Kherson City Council’s Department for Culture, Svitlana Dumynska, called it “one of the most impressive collections of regional museums in Ukraine.”
Dumynska added that the Kherson local history museum was also targeted by Russian Troops, “but we have much less information about it.”
By November 3, Kherson police opened a criminal investigation into the theft, classifying it and other attacks in the region as a war crime.
Days later, images that allegedly showed the stolen Kherson Art Museum objects being unloaded at the Central Museum of Taurida in Simferopol circulated on Ukrainian social media. In another Facebook post, the museum identified several works of art in the pictures, including paintings by Ukrainian modernists Ivan Pokhytonov and Mykhailo Andrienko-Nechitaylo.
In a November 10 interview with the Moscow Times—an independent news outlet—the Taurida museum’s director, Andrei Malgin, confirmed that the looted artworks had indeed landed in Simferopol.
“Due to the introduction of martial law on the territory of the Kherson region, I have been instructed to take the exhibits of the Kherson Art Museum for temporary storage and ensure their safety until they are returned to their rightful owner,” Malgin said.
The Kherson Art Museum has been closed since the city was seized by Russian soldiers in the early days of the invasion. The institution’s director, Alina Dotsenko, departed for Kyiv in May after Russian occupiers demanded that the museum stage a propagandistic exhibition, according to the Art Newspaper.
This month, Dotsenko told Ukrainian media that, before she left, she convinced the Russians that the museum’s collection had been relocated in preparation for a planned renovation. She also deleted information about the institution’s holdings from its computers.
But Dotensko said that another museum employee, curator Natalya Koltsova, led Russian troops to the stored collection in July. Koltsova, whom Dotsenko had fired the year prior, was brought back in to the work with the Russians, and a former cabaret singer was installed as a puppet director.
Seventeen years ago, two security professional organizations began promoting the philosophy of security convergence. ASIS International and the Information Systems Audit and Control Association (ISACA) banded together in 2005 to create the Alliance for Enterprise Security Risk Management (AESRM) to promote the concept of security convergence.
To them, security convergence consisted not only of physical and cybersecurity combined, but also security responsibility within human resources, crisis management, and operational lines of responsibility, according to a 2007 Deloitte whitepaper on the concept. But just 24 percent of surveyed respondents’ organizations had some form of convergence in place.
“How security is perceived may also be an obstacle to convergence. At present, physical and information security are viewed as separate functions with major differences,” wrote Adel Melek, partner, global leader, Security and Privacy Services, Deloitte, and Ray O’Hara, CPP, then chairman of AESRM, in the whitepaper. “There is little doubt that perceptions will have to change before the convergence of physical and information security functions becomes an accepted way of managing security risk. Convergence is intuitive and logical—but it has not yet arrived.”
But the post-9/11 wars, the rapid advancement of technology, the explosion of Internet of Things devices, extreme stress on the supply chain, a lasting security workforce shortage, and the COVID-19 pandemic may have led to a change in perception that will usher in the moment for security convergence. That seems to be the finding in the most recent research on the topic, Security Convergence and Business Continuity: Reflecting on the Pandemic Experience, published in September 2022.
The ASIS Foundation sponsored research conducted by Justice & Security Strategies, Inc. (JSS), and DTE Consulting, which surveyed and analyzed responses from 1,092 individuals from 89 countries and regions about their convergence status and views. The researchers also conducted 21 interviews to explore the survey responses further, following separate research conducted by the foundation in 2019 on convergence.
More than 60 percent of those respondents indicated that their organizations had now fully or partially converged their security functions (29.3 percent complete, 31.2 partially, and 39.5 percent not converged). Similar to the 2007 report, the foundation convergence research focused on the melding of cyber and physical security with business continuity planning.
“Most companies that reported partial convergence merged their physical security and business continuity practices,” according to the report. “One of the reasons that convergence with cybersecurity appears to be lagging behind physical security and business continuity convergence may be due to differences in the skill sets required for oversight of each function.”
In a follow-up interview to the survey, for instance, one respondent said that the specialization for cybersecurity and physical security makes it difficult to find someone who excels in both arenas—slowing the organization’s ability to converge these functions.
Martin Gill, managing director of Perpetuity Research and Consultancy International and vice chair of the ASIS Foundation, says one reason for this discrepancy might be that the historical backgrounds of the physical security profession and the cybersecurity profession—which evolved from the IT world—could attract different types of individuals.
And these individuals may possess vastly diverse skill sets, with cyber practitioners having a more robust knowledge of cybersecurity threats and tactics, hardware, and software, versus a physical security professional who is more familiar with security guards, technology to support access control measures, and facility management.
“Over time, that’s beginning to wear away with the modern thinking and approach to enterprise security—to treat all your risks as risk,” Gill says. “If there are risks, there’s a process on how they should be managed. In theory, this brings cyber and physical together.”
For converged organizations, most survey respondents said a CSO—or equivalent position—was responsible for the enterprise security risk management function, and all aspects of the organization responsible for critical asset protection reported to that person.
Within that organizational structure, approaches to convergence varied, with some taking functional approaches while others took procedural approaches. A functional approach could consist of structural changes, holding security trainings and awareness courses, developing policies, and making other real-world changes.
“An international security company with converged business continuity planning and physical security implemented a training program that temporarily placed physical security personnel in business continuity planning-related positions, while also putting internal business continuity planning personnel staff out in the field,” the report explained. “The idea of this program was to allow personnel from both sides to gain a better understanding of security procedures with a holistic view. This assisted the organization in obtaining better adherence to policy while individuals gained a broader perspective of security.”
On the flip side, procedural approaches to convergence focused on the organization’s missions and adopting a holistic framework for security functions.
“These methods were less concerned with action items or check boxes, and more concerned with the organization’s problem-solving approach,” the report explained.
Additionally, smaller organizations were more likely to be further along in their convergence journey than large organizations. The report revealed that nearly 74 percent of respondents from small and “micro” companies were fully or partially converged, compared to 52.5 percent of large companies and 64.4 percent of medium-sized companies.
Darrell Darnell, president of DTE Consulting and a lead author of the report, says he was surprised to find that smaller organizations were leading the way on convergence.
“I would have thought that larger agencies would have converged at a higher rate because of their reputations and the potential for more government oversight if a major incident occurred on their watch,” he explains.
Despite their convergence status, 80 percent of respondents said that convergence strengthens various business functions: 83 percent said it was good for business continuity, 81 percent said it strengthened physical security, and 86 percent said it enhanced overall security.
There was an outlier, though—the enthusiasm for cyber convergence was markedly lower. Just 73 percent of respondents said convergence strengthened cybersecurity at their organization, with 23.7 percent saying it would make no change in the overall security posture.
This might be because the cyber function is often siloed within companies and there is a lack of understanding of how the cyber function integrates and impacts physical security and business continuity, until an incident occurs—such as the Colonial Pipeline ransomware attack in 2021.
“Colonial Pipeline was thinking like that—that we’re a pipeline and not really understanding how a separate physical, cyber, and business continuity approach affects them,” Darnell says. “Now they’re fighting to merge that physical security with them.”
While this might be the response for now, many respondents who said their organizations were not converged noted that they would be taking steps to do so in the future. Nearly 44 percent said they anticipated converging two or more security functions in the future, compared to previous ASIS Foundation research in 2019 that found that just 30 percent of respondents were prepared to take similar steps.
One of the reasons behind this move could be that more security practitioners are expected to place an emphasis on business continuity in the wake of the COVID-19 pandemic.
“Clearly organizations understand the importance of having business continuity planning for all types of contingencies,” says Craig Uchida, president and co-owner of JSS and another lead author of the report. “I also think they are starting to reassess exactly what business continuity planning means to their organizations, as it will look different depending on your organization, industry, size, and other factors.”
Respondents also said that demonstrations and social unrest were affecting how their organizations viewed security measures, and they were changing their approach to business continuity planning and convergence in response. One respondent said, “these events forced us to be prepared to identify and respond to events globally 24/7/365 and be able to understand the impact on our assets; escalate issues to appropriate response teams quickly; reach out and account for our employees and their safety; and assure we can have a resilient supply chain in the face of disruptive events,” according to the report.
To assist security practitioners who may work for an organization that is not converged, the report’s authors made six recommendations: clearly define convergence and its benefits to the organization; assess the need and determine if convergence is practical; create and develop a convergence strategy that fits the organization’s goals; recognize the inherent difficulties in merging different personalities and processes; implement evidence-based best practices and strategies aligned with the overall goals of the organization; and conduct and provide convergence training and educational opportunities for staff.
The owner of a security company out of South Africa, for instance, has a firm that provides physical security to clients. But to ensure that the firm was considering cybersecurity risks as part of a converged approach, security officers were required to work with the IT team to understand the work it was doing.
“And he would have the IT folks do a tour with the physical security folks, so they could understand how the equipment was being used,” Darnell says, adding that it was a way to educate the entire organization about various risks and habits that might play into its overall security posture.
The report’s authors also emphasized that leadership—from the CEO to the president and other executives—is extremely important for organizations considering converging their security functions.
“There are people, places, and technology that are intertwined with these functions,” they wrote. “A strategic plan has to be developed. There has to be communication and transparency, and a good explanation for why convergence is taking place and the benefits for employees and the organization. Employees at all levels must be given an opportunity to play a part in the convergence process, including opportunities for re-training if necessary.”
This requires a recognition that while convergence will impact how the organization functions from an operational perspective, it also has ramifications for employees.
“The CEO needs to be involved to say how it’s going to affect the workforce. ‘How is this going to affect me? When we converge, am I going to lose my job or be retrained? Will I have more responsibility but my pay stay the same?’” Darnell says, adding that executives will need to clearly communicate with their employees to successfully converge.
Reposted from Forbes
Last month, the leading public health authority in the United States released a new report that outlines mental health standards for the workplace and comes packed with actionable recommendations. Executives that want to support the wellbeing of employees now have an assignment: putting the framework for workplace mental health into action.
COVID-19 alerted everyone to the depth and breadth of mental health challenges: 76% of U.S. workers reported at least one symptom of a mental health condition (anxiety, depression), up 17 percentage points in just two years. And 84% said at least one workplace factor had a negative impact on their mental health.
The first-ever U.S. surgeon general’s report on workplace mental health outlined the foundational role companies can play in promoting and protecting mental health. It provides a roadmap for employers as to why they should invest in mental health and wellbeing and how they can strengthen their organizations by doing so.
The report identifies five essential human needs that create the foundation for a mentally strong and resilient workplace:
Protection from harm. Companies must create the conditions for physical and psychological safety. To promote practices that protect workers, executives can: prioritize worker safety, provide adequate rest to combat fatigue, normalize mental health support, and operationalize diversity, equity, inclusion and accessibility norms, policies, and programs.
Connection & community. Workplaces should foster positive social interactions and relationships to assure worker social support and belonging, a critical foundation for wellbeing. Recommended practices include: creating cultures of inclusion and belonging, cultivating trusted relationships, and encouraging collaboration and teamwork.
Work-life harmony empowers employees with autonomy and flexibility to integrate work and non-work demands. Key components include: giving people more control over how work is done; making schedules as flexible as possible; increasing access to paid leave; respecting boundaries between professional and personal time.
Mattering at work validates worker’s dignity to make them feel respected and valued and infuses purpose and significance into the work itself. To create this culture, workplaces can: provide a living wage, engage workers in workplace decisions, build a culture of gratitude and recognition, and connect individual work with the organization’s mission.
Opportunity for growth. Organizations must create more avenues to help workers accomplish goals and recognize their contributions to organizational success. Companies can achieve these goals by offering quality training, education and mentoring, fostering clear and equitable pathways for career advancement, and ensuring relevant and reciprocal feedback. Such efforts can then be measured with comprehensive and data driven tools that are able to self-assess, benchmark programming and services, and access resources to improve efforts. In order to continue to grow, organizations must be able to measure their progress and make the necessary changes to support employee’s mental health and wellbeing.
Every employer is affected by the mental health crisis. Now there are practical steps employers can and should take. It’s no longer enough to acknowledge mental health challenges in the workplace; there is now a framework to respond.
In 1914, activist Mary Richardson entered London’s National Gallery armed with a meat cleaver and slashed Diego Velazquez’s 17th-century painting The Rokeby Venus. The attack, she explained, was intended as a form of protest against the arrest of suffragette Emmeline Pankhurst.
“I have tried to destroy the picture of the most beautiful woman in mythological history as a protest against the government for destroying Mrs. Pankhurst, who is the most beautiful character in modern history,” Richardson wrote at the time. “Justice is an element of beauty as much as color and outline on canvas.”
Now, more than a century later, the climate activists of Just Stop Oil may look to Richardson’s attack for inspiration as they attempt to “escalate” their own protest campaign, which has heretofore involved defacing—but not damaging—some of the world’s best-known artworks.
In an interview with Sky News, Just Stop Oil spokesperson Alex De Koning said that his group may soon follow in the footsteps of suffragettes who “violently slashed paintings in order to get their messages across.”
“If things need to escalate then we’re going to take inspiration from past successful movements and we’re going to do everything we can,” De Koning went on. “If that’s unfortunately what it needs to come to, then that’s unfortunately what it needs to come to.”
When asked by the interviewer if that means that upcoming protests could include slashing artworks, the activist simply said, “It could potentially come to that at one point in the future, yeah.”
De Koning’s warning will surely sit uneasily with museum administrators in Europe and beyond who, for months now, have worked under the constant threat that their own institution’s masterpieces could be targeted next. Since this summer, nearly two dozen—and perhaps more—iconic artworks, including pieces by Picasso, Vermeer, and Monet, have been attacked by different climate activist collectives.
In late June and early July, for example, Just Stop Oil members glued themselves to four paintings across the U.K. A pair of protestors from Germany’s Letzte Generation group threw buckets of mashed potatoes on Monet’s Haystacks (1890) in October, while three activists from Italy’s Ultima Generazione tossed pea soup at Van Gogh’s The Sower (1888) the following month. Each episode went viral.
In all cases, the attacks were purposely orchestrated in ways that left the targeted artworks without permanent damage. However, many of the demonstrators now face the prospect of jail time for their stunts.
The incidents, which have now occurred in multiple countries around the world, fomented a wave of debates about the efficacy of protest tactics. One critic called the vandals “embarrassing”; another referred to them as “pathetic.” “Take it out on the oil companies you morons, not on innocent art,” the latter tweeted.
Last month, 92 representatives from cultural institutions published an open letter decrying the environmental groups’ campaigns. The activists “severely underestimate the fragility of these irreplaceable objects, which must be preserved as part of our world cultural heritage,” the letter read. “As museum directors entrusted with the care of these works, we have been deeply shaken by their risky endangerment.”
But De Koning and his group have not been deterred by the backlash or the prospect of punishment. Quite the opposite, it seems.
The activists are “not going to be intimidated by potential prison time,” the spokesperson said. “At least in prison you get three meals a day and shelter and water. In 20 years’ time, who knows if that’s still the case for millions of people.”
Last month, London police warned that the climate protestors may intensify their campaign in the lead-up to Christmas.
De Koning, for his part, said Just Stop Oil will “continue to escalate unless the government meets our demand” to halt future gas and oil projects.
“We’re fighting for our lives, why would we do any less?”
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 1999 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us
