Menu
Log in


INTERNATIONAL FOUNDATION FOR
CULTURAL PROPERTY PROTECTION

Log in

News


  • September 24, 2019 12:31 PM | Anonymous

    Reposted from Insurance Journal

    When it comes to cybersecurity, Americans say they are concerned, but many are not taking the preventative steps needed to protect themselves from a cyber attack.

    According to Chubb’s Third Annual Cyber Report, complacency seems to have taken hold: eight-in-10 Americans continue to be concerned about a cyber breach, yet only 41% use cybersecurity software and 31% regularly change their passwords. These numbers are virtually unchanged from 2018.

    “When it comes to your cybersecurity, there’s no such thing as being over prepared,” said Fran O’Brien, division president of Chubb North America Personal Risk Services. “While it’s important that the vast majority of respondents remain concerned about a breach, concern itself isn’t enough. ”

    O’Brien said the lack of cybersecurity action is because people think it’s too time consuming. “But implementing cyber safeguards today will save time and financial resources tomorrow, should a breach occur,” she said.

    Workplace Responsibilities

    Businesses aren’t much better about cybersecurity.

    For instance, while a consistent number of individuals (75% and 70%) say that their company has “excellent” or “good” cybersecurity practices in place from 2018 and 2019, many companies continue to fail to implement the most basics of safeguards. From 2018 to 2019, there was virtually no change in the percentage of companies that hold annual employee trainings (31% and 33%), deploy filters for online content (38% and 40%) and leverage social media blocks (32% and 33%).

    About 19% of respondents say they learn about cybersecurity protections through their employer, while more than a third say they most often learn about how to protect against cybersecurity risks from mainstream media (35%), and family and friends (34%). Chubb says this “education gap” means employees and individuals cannot spot incoming attacks — while 54% of respondents correctly defined ransomware—a form of malware that restricts access to files unless a ransom is paid—this was the only common form of attack that a majority of individuals could correctly identify.

    According to Chubb, the continued failure to implement cybersecurity safeguards means a breach is inevitable. Yet, just 10% of respondents report having a cyber insurance policy in place.

    According to Chubb’s online study, individuals don’t recognize the value of individual pieces of personal data. For example, just 18% of respondents are concerned about their email addresses being compromised. Similarly, only 27% of respondents cite concern about their medical records being breached.

    Survey results indicate that a consistently large portion of older respondents employ better cyber practices than younger generations. Per the survey, 77% of those 55 years and older delete suspicious emails, compared to half (55%) of respondents between 35 to 54 and just a third (36%) of respondents from 18 to 34. Similar patterns arise when looking at those enrolled in cybersecurity monitoring services, ac cording to the survey.

    More concerning is that the behavior of younger generations appears to be getting worse. For example, 76% and 74% of adults over 55+ regularly deleted suspicious emails in 2017 and 2018, respectively, as compared to just 47% and 40% of adults between 18 and 34 during the same time period.

    Conducted by Dynata, the online survey was fielded between May 7 – May 17, 2019. The results are based on 1,223 completed surveys.

    See Original Post

  • September 24, 2019 12:25 PM | Anonymous

    Reposted from The LA Times

    The gunman paced the hallways of the charter school, passing framed paintings of George Washington and Thomas Jefferson before stopping outside classroom 138. There, he took a deep breath, yanked open the door and began firing.

    “Shooter!” shouted someone inside the classroom. “He has a gun!”

    Two people seated at desks near the door jumped up and rushed the perpetrator, pinning his legs and arms against a wall, while everyone else sprinted out.

    It was over in 15 seconds, and tiny yellow Nerf balls sprayed from the toy rifle littered the room. One of the men who rushed the gunman was struck in the thigh by a ball, a reminder of the personal danger involved in confronting an armed assailant.

    The recent exercise was part of a two-day, $700 active shooter training course being offered at schools and churches across the country by an Ohio-based firm founded soon after the 1999 Columbine High School shooting rampage, which took place just a few miles from here.

    The ALICE Training Institute, whose instructors have law enforcement or military backgrounds, provides courses for educators, church workers and small-business employees concerned about how to react if catastrophe strikes.

    In packets handed out at its training sessions, the company says its aim is to empower “individuals to participate in their own survival using proactive response strategies in the face of violence.”

    ALICE — which stands for Alert, Lockdown, Inform, Counter and Evacuate — was established by a retired police officer and has held sessions in roughly 3,700 K-12 school districts nationwide, as well as more than 1,300 healthcare facilities. Dozens of companies across the U.S. offer training for dealing with active shooters.

    Standard shelter-in-place advice — “locks, lights and out of sight” — came into vogue after Columbine, when two students killed a teacher and 12 schoolmates. But that has been changing since federal education officials issued a report in 2013 suggesting staff (not students) should seek to counter shooters as a last resort.

    While there’s no official database tracking instructional methods, the focus of courses across the nation has been shifting to a more “options-based” approach, analysts say.

    Many trainers now promote a less passive philosophy that includes running, if possible, and fighting back, if warranted. Companies acknowledge the potential for death or injury, but say that declining to act can itself carry grave risks.

    “Having a plan can mean the difference in life or death,” Andrea Nester, an ALICE instructor, told her class of about two dozen school officials, hospital workers and small-business owners.

    On a recent afternoon inside Golden View Classical Academy, Nester — a U.S. Army veteran who served in Iraq — asked the students, “Why are you all here? Just blurt it out.”

    “Workplace violence,” one man replied.

    “Too many mass shootings,” said a woman. “They never seem to end.”

    To safety consultant Rene Flores, who had traveled from Texas, attending the class felt like a necessity. He thought of El Paso and of Dayton, Ohio, he said, where 22 people were shot to death last month at a Walmart and nine more outside a nightclub, respectively. Days later, seven apparently random people were killed on the streets of Midland and Odessa, Texas, when a gunman hijacked a U.S. Postal Service van and went on a rampage.

    At this point, nearly 300 Americans have been slain in mass shootings this year, according to the Gun Violence Archive, a Washington-based nonprofit. The group defines mass shootings as those in which four or more victims are shot or killed.

    “Look around,” said Flores, who works with businesses as well as homeless and transitional shelters. “To me, it’s not a matter of if, but when the next shooting will happen. I just want to always be prepared. Always know my options.”

    Training programs like ALICE’s are gaining momentum. Last fall, Baltimore County Public Schools, which has 114,000 students and 9,800 teachers, implemented the institute’s methodology.

    “If the shooting starts in your room, locking down doesn’t make sense,” said Pete Blair, a criminal justice professor and executive director of the Advanced Law Enforcement Rapid Response Training Center at Texas State University.

    In such a scenario, he said, it might be more productive to try running away or defending yourself.

    “We do not train people to seek out the attacker,” said Blair, whose program says that “if other options don’t work, they should try to defend themselves rather than doing something like playing dead.”

    ALICE’s curriculum teaches that while going into lockdown is an option, it might not be enough to survive. In classes, participants practice barricading doors, evacuating and engaging a gunman.

    Most active shooters are untrained, according to the firm. During a “violent critical incident,” estimated to last on average five minutes, there are often pockets of time to intervene.

    Nester said people near the gunman should try to subdue — “counter” in training lingo — the shooter. Throw books, ram a shopping cart, tackle. But never focus solely on hiding and hoping the killer won’t find you.

    “Do something,” Nester said. “You always have options.”

    Some analysts disagree.

    Ken Trump, a school security expert based in Ohio, calls efforts to flee or counter a gunman “high-risk.”

    If K-12 schools urged all students to evacuate, Trump said, their movements could delay police from entering a campus. And barricading doors, he said, can create a lot of noise, thus alerting the gunman to an occupied classroom.

    “Traditional lockdowns still work,” said Trump.

    Other analysts expressed concern that training can itself have negative psychological effects.

    The drills — particularly highly realistic simulations — can traumatize students, said Suffolk University psychology professor David Langer.

    “Furthermore, intense fear during active shooter drills may interrupt student and staff learning, making the drills less effective,” said the Boston-based professor.

    ALICE contends its techniques work, citing among other examples a 2018 case in which a teacher who had taken its course wrestled to the ground a student who had entered a suburban Indianapolis middle school with two handguns. The teacher was shot but survived, and was able to secure the situation until police arrived.

    In May, an Oregon high school football coach was able to tackle a student who entered a classroom with a shotgun. Everyone at the school survived.

    On the other hand, two students died last spring after charging gunmen.

    Riley Howell, an undergraduate at UNC-Charlotte, and Kendrick Castillo, a high school student in Highlands Ranch, Colo., were credited with saving dozens of their fellow students’ lives.

    While mass shootings are a nationwide epidemic, perhaps no place in the country is more accustomed to such tragedies than this area along Colorado’s Front Range. More than a decade after Columbine, a gunman entered a side exit of a crowded Aurora, Colo., movie theater and began shooting into the crowd gathered for the premiere of “The Dark Knight Rises.” He killed 12 people and injured 70.

    In the Denver metro area, the May shooting at STEM School Highlands Ranch that took the life of Castillo, 18, remains a raw wound.

    When a gunman entered his classroom and began firing, Castillo and a pair of classmates lunged at the shooter.

    Castillo — a week from graduation — was shot twice and died; more than two dozen other students in the classroom survived.

    While Castillo was not trained in counter-techniques, his actions have been lauded by school staff, peers, family and many in law enforcement.

    “He’s not a victim; he’s a hero,” said Castillo’s father, John. “He chose to act in that moment — he had no other choice.… He saved lives.

    “Sometimes it’s the price a person pays for saving lives. If Kendrick didn’t do something, more people would have died.”

    John and his wife, Maria, remember a son who loved robotics and rebuilding computers. With no other relatives in Colorado, the three were particularly close. During summers, they took Kendrick to Florida to see SpaceX launches and visited the campuses of Apple and Google in the Bay Area.

    “His eyes would light up on those trips,” John said on a recent afternoon while seated in the family’s living room. Pictures of Kendrick and loving messages from classmates dot the house. Kendrick’s dark green Jeep is still parked in the driveway.

    Kendrick had planned to enroll at a local community college this fall and study engineering.

    These days, the Castillos spend most evenings at a small cemetery along the Front Range where Kendrick is buried. They watch as the sun sets, slipping over his headstone and behind the foothills.

    When grief consumes them, they try to focus on the gift their son gave to the families of the students who survived.

    Their son’s legacy loomed large during the Golden training course.

    As the two-day session ended, Nester closed, as she often does, with a pep talk of sorts.

    “If your life is ever threatened, the last thing you want to do is be passive,” she said.

    Many in the classroom sat still, staring intently at the instructor. Some nodded in support. A few had tears in their eyes, thinking about what they would do if confronted by a gunman.

    Nester picked up a black dry-erase maker and stood in front of a whiteboard.

    “I’m going to write down four heroes, who … saved lives,” she said.

    Professor Liviu Librescu, Jake Ryker, Jesse Lewis — those credited with saving lives during mass shootings at Virginia Tech, a high school in Oregon and Sandy Hook Elementary School in Connecticut.

    Nester sighed and wrote a final name, one she knew they’d recognize:

    Kendrick Castillo.

    See Original Post

  • September 24, 2019 12:19 PM | Anonymous

    Reposted from NBC Bay Area

    A man posing as a technician stole an ATM from the lobby of the Children's Discovery Museum in downtown San Jose last month, and the machine was found Wednesday in Monterey County, according to the San Jose Police Department.

    At about 9:30 a.m. Wednesday, San Jose police received a call from the Discovery Museum reporting the theft that occurred on Aug. 7, when a man entered the museum and told workers he was a technician, and he was there to service the ATM, police said.

    The suspect left with the ATM.

    On Wednesday morning, the museum got a call from the Monterey County Sheriff’s Office notifying the museum the ATM had been found, police said. The museum was unaware the ATM was stolen until it received the call from the Sheriff’s Department.

    The museum then contacted San Jose police regarding the theft, police said.

    The suspect in the case is still on the loose.

    See Original Post

  • September 24, 2019 12:16 PM | Anonymous

    Reposted from KWTX

    A Waco psychologist says there are red flags that could signal a potential for violence in the workplace, but most training on how to respond to active-shooter situations doesn’t include them.

    “There are red flags you can identify and look for,” said Dr. William Lee Carter, a Waco psychologist who routinely works with courts, prosecutors and police on cases that might involve a suspect with a mental or behavioral disability.

    For the most part police have systems in place to teach people how to survive a mass casualty event when one happens, “but that only after the shooting has started,” Lacy Lakeview police Chief John Truehitt said.

    McLennan County Sheriff Parnell McNamara said his deputies will hold seminars and classes for businesses to train employees how to respond to an active shooting situation, how to hide and what to do, but they don’t include training on how to spot a potentially violent person.

    “We probably should have training like that, but we don’t have any right now,” he said.

    “We (police) are trained to spot tendencies, that’s our world,” Waco police Sgt. W. Patrick Swanton said.

    But he said that training doesn’t or at least hasn’t, extended to the public.

    Robinson police Chief Bernie Prasifka said while he’s not aware of any specific training on spotting workplace violence potential, “It would seem to come down to some common sense.

    Such training, he said, likely would be beneficial: “I think that’s a big discussion we ought to have.”

    The man who attacked both civilians and police in Midland/Odessa was denied the legal purchase of a weapon, investigation has shown, but the background check he failed “isn’t really a background check at all,” Truehitt said.

    “What it amounts to is a simple criminal case history and has no detail about that person’s background or mental stability,” Truehitt said.

    Carter said there are definite red flags.

    “Things that always concern me are imperative thinking, like holding very strong opinions about something, an unwillingness to listen to others’ viewpoints and always insisting that, regardless of the situation, they are right and everyone else is wrong,” Carter said.

    Also: “a lack of empathy for others. Those simple can’t display any empathy or concern for others and are overly self-focused.

    Carter went on to say anyone with anger issues, whether rooted in the workplace or somewhere else, especially if that person has a history of encounters with law enforcement, especially if aggression was a problem.

    Carter said interaction between employees can defuse such a situation, but those with such issues can be hard to reach.

    The expression in the workplace can be very different from the one shown at home, Carter said.

    “It’s important to defuse a situation before it escalates,” Carter said.

    “Sometimes it’s as simple as making that person feel like you truly care about them and are willing to listen to them.

    “Don’t judge, it won’t help,” Carter said.

    Carter deals frequently with individuals who display such behavior.

    “I see about 100 a year in the county jail to determine if that person is competent to stand trial or needs additional mental intervention,” Carter said.

    If potential can be recognized and intervention can take place, “it can prevent an explosive event from happening,” but left unchecked it can become what Carter called “malignant narcissism and that’s always trouble.

    Carter said if you see something that troubles you, “rather than sit around and gossip about, share it with someone.

    See Original Post

  • September 24, 2019 12:11 PM | Anonymous

    Reposted from ZDNet

    There is plenty of evidence to suggest that ransomware attacks are getting bigger and more sophisticated. In the space of just a few years ransomware has gone from a minor irritation for PC users to being a significant threat to large corporations and even nations. Major cybercrime gangs are looking to cash in on attacks, and state-backed attackers have realised the potential for creating both chaos and profit.

    A few examples of the scale of the ransomware problem:

    • WannaCry, the biggest cyber incident of 2017, with than 300,000 victims in over 150 countries, was a form of ransomware most likely unleashed by North Korea (it was rapidly followed by NotPetya, an attempt by the Russian authorities to cause havoc in Ukraine with ransomware which rapidly spread beyond those borders).
    • Earlier this year the authors of one ransomware strain announced they were retiring because they had already earned $2 billion.  "We have proved that by doing evil deeds, retribution does not come," they said at the time.
    • The past summer of ransomware that has seen dozens of small towns and cities across the US hit by ransomware; many have been forced to pay out tens or hundreds of thousands of dollars in ransom to get their systems up and running again.

    Ransomware is now the defining internet crime of our current age. It's the inevitable consequence of the corporate world's obsession with hoarding as much data as possible, about anything and anyone, and its relaxed attitude towards keeping that data safe. 

    Businesses have been urged to gather up every bit of data about every customer engagement, every supplier interaction, in the hope that it can be trawled by artificial intelligence and big data technologies to provide insight and direction. But for many organisations the security of that data remains an afterthought at best. That leaves many in the situation of having vast piles of sensitive information but no guidelines for keeping it safe. If organisations aren't sure why they're collecting data they won't be clear about why they need to protect it, either.

    In another twist, ransomware uses encryption, one of the key technologies we use to do business and communicate online, as a tool to lock away data from its rightful owner. 

    In some respects, the solution to the ransomware crisis is relatively simple. Basic internet security hygiene will prevent the vast majority of attacks before they have a chance to gain a foothold. A few of the most obvious steps to take:

    • Train staff to recognise suspicious emails
    • Apply software patches to keep systems up to date
    • Change default passwords across all access points
    • Use two-factor authentication
    • Understand what your most important data is and create an effective backup strategy
    • Have a plan for how to respond to a ransomware attack – and test it

    Sadly, there will still be organisations large and small that fall victim to ransomware, as gangs become more sophisticated in how they work. Managed service providers and network attached storage are among the recent additions to the ransomware gangs' targets; they won't be the last.

    There's every sign that this is an epidemic that will get worse, not better. The willingness for victims and their insurers to pay out means more crooks will be tempted to try their hand. Ransomware-as-a-service kits mean even wannabes with limited skills can try their hand at a running a scam. While some law enforcement agencies have done a good job of providing the tools to let victims decrypt their systems few ransomware gangs have faced justice. 

    Already there are fears that ransomware could be used against voter databases in the run up to the 2020 US presidential election. A ransomeware attack which makes it impossible for some people to cast their vote would have huge consequences. And it's hardly implausible to see criminals and state-backed hacking groups trying to expand the use of ransomware across more devices and scenarios in the near future. As we get more reliant on everything from smart cities to driverless cars the risks get greater.

    Ransomware offers crooks a vast number of potential victims, who they can target with a cheap-to-deploy scam with a big payday and very little chance of getting caught. Perhaps the real surprise is not that there are so many ransomware attacks, but that there are not many, many more.

    See Original Post

  • September 24, 2019 11:57 AM | Anonymous

    Reposted from Inovonics

    LOUISVILLE, Colo., September 17, 2019 – Inovonics, an industry leader in high-performance wireless sensor networks, announces the retirement of Dan Spark, Inovonics Northwest Regional Sales Manager, on October 1, 2019.

    Dan Spark has been an integral part of the Inovonics sales team for the last 22 years. His development and growth of northwestern regional sales pipeline fulfillment process, in addition to the creation of numerous sales presentations, are just a couple of the many contributions he will be remembered for.

    Eric Banghart, Manager of Global Sales at Inovonics, had the following to say: “Dan has been a hardworking and esteemed member of the Inovonics sales team. Although he’ll be greatly missed, we wish him well in his upcoming retirement”.

    Following his retirement, Dan plans to relax at home in Ogden, Utah, enjoy trips to Cuba, enroll in surf camp in Mexico, and of course to ski Snowbasin all winter long.

    Although Dan is an important member of the team, Inovonics wants to assure current customers that they will continue to be in the best of hands moving forward. Customers will be contacted with their newly assigned Inovonics regional sales manager prior to October 1, 2019.

    We are confident that our team can and will effectively continue to serve our valued Inovonics customers in the Northwest territory.

    If you have any questions regarding this transition, please contact Eric Banghart, Manager of Global Sales, at ebanghart@inovonics.com or 303-209-7298.

    See Original Post

  • September 10, 2019 3:37 PM | Anonymous

    Reposted from Securitas Security Services, USA, Inc.

    The Federal Emergency Management Agency (FEMA) defines civil unrest as an activity such as a demonstration, riot, or strike that disrupts a community and requires intervention to maintain public safety. During such events, employees and employers have a critical role and shared responsibility to take appropriate actions to protect themselves, their coworkers and organizations, and their properties.

    Have a Plan

    As with any potential emergency situation, it is best to have a plan of what you will do if something happens. By thinking ahead, you can save yourself valuable time in an emergency. All organizations should develop a workplace safety strategy and conduct practice drills. Make sure your workplace has a plan in place so that every employee knows what to do. A civil unrest preparedness plan can fit into your organization’s larger security plan that may already include plans for fire evacuation, severe weather, bomb threats, and other emergency events.

    Depending on the situation, your workplace may need to be secured in case of civil unrest. Remember that your personal safety is the most important goal before securing the workplace. Know your role in your workplace safety plan for civil unrest. Always listen to the instructions of emergency personnel if applicable. Listen for instructions about whether your workplace is in “lockdown,” if you should move to shelter or shelter-in-place, or if you should evacuate the premises. Just as for fire safety, know the emergency exit routes out of the building and out of the area ahead of time. Know the locations of safe havens such as hospitals, public buildings, etc. Have a plan to account for all personnel and guests and set up pre-designated meeting points for yourself and your coworkers. Have a transportation plan for yourself in case you are separated from your car. If possible, always carry a small amount of cash on you. Employees should also consider their family’s emergency plan in tandem with their workplace security plan so they can ensure communication with their families.

    If Civil Unrest Occurs

    Emergency personnel, such as local, state and federal law enforcement, may not be available if civil unrest is occurring. Refer to your company’s security plan for guidance. Alert other employees and your supervisor. If you are responsible for securing your area, do so, and then follow your company’s plan of action, which may include emergency evacuation. Your safety is a priority so make sure you have taken all precautions to keep yourself safe. Make your way to your pre-designated meeting point, and if necessary, try to blend in while working your way towards a safe location. Do not draw attention to yourself and work your way out of the area.

    Keep Calm and Act Quickly

    As in any emergency, one of the keys to your safety is to remain calm. There may be a lot of confusion, and news and social media may give inaccurate or contradictory information. Remain observant and adaptable to the developing situation.

    Be Prepared

    Your workplace safety strategy and emergency plan should always be kept up to date and include communication with local, state and federal law enforcement. Your workplace should conduct regular safety drills and conduct both threat analyses and security audits regularly.

    Make sure your workplace has an Emergency Plan and ensure everyone knows what they would do if confronted with a situation that involves civil unrest.

    • Develop a notification system. Look for the two nearest exits anywhere you go.
    • Have an escape path in mind and identify places you could hide.
    • Understand the plans for individuals with disabilities or other access and functional needs.
    • Account for personnel and guests.
    • Coordinate preparation with existing plans.
    • Train employees to recognize and report concerns.

    Be Informed

    • If you see something, say something to a supervisor or the authorities right away.
    • Sign up to receive local emergency alerts and register your work and personal contact information with any work sponsored alert system.
    • Be aware of your environment and any possible dangers.
    • Learn and practice first aid skills and use of tourniquets.

    Property Conservation

    • Identify preparations before an emergency situation occurs.
    • Identify how you will assess damage; salvage undamaged goods; and cleanup the building following an incident.
    • Identify the contractors, equipment, and materials that would be needed.

    For more information on this and other security related topics, visit the Securitas Safety Awareness Knowledge Center at: http://www.securitasinc.com/en/knowledge-center/security-and-safety-awareness-tip


  • September 10, 2019 3:19 PM | Anonymous

    Reposted from The Hill

    Acting Homeland Security Secretary Kevin McAleenan said on Sunday that mass shootings "absolutely are a homeland security threat" after seven people were killed and more than 20 wounded in West Texas one day earlier.

    McAleenan told ABC's "This Week" that his office is monitoring the situation, saying "it's extraordinarily concerning to have that level, that length of an event, to have that many people injured and five killed at this point, it's devastating and, you know, 300 miles from El Paso, a region that's really felt the impact of mass attacks in recent weeks and we're very concerned and we'll be following up aggressively."

    He added: "They absolutely are a homeland security threat. In our counterterrorism strategy and approach domestic terrorism has taken a frontline focus for us. Since April when I became acting secretary we set up a new office targeting violence and terrorism prevention, with an explicit focus on domestic terrorism including racially-motivated violent extremism, which we've seen too much of in the recent weeks and months."

    Host Martha Raddatz also asked McAleenan if more resources should be devoted to fighting this form of domestic terrorism.

    "That's a conversation we're having as an interagency team with the FBI, with the Office of Management and Budget, to see what the right resource level is going forward, to make sure we can continue our very strong focus on the international terrorism threat and prevention level we've achieved but also make sure we're balancing that out with effective efforts on domestic terrorism as well," McAleenan said.

    Twenty-two people were also killed in a separate mass shooting last month at a Walmart in El Paso, Texas.

    See Original Post

  • September 10, 2019 2:52 PM | Anonymous

    Reposted from Bothell-Kenmore Reporter

    They’re most known for their appearances on PBS Television’s “Antiques Roadshow.” Russell Pritchard III and George Juno were experts on the show, giving bad and sometimes good news to people who brought their treasures and junk in for appraising.

    But they used this reputation off-camera to gain the trust of unsuspecting owners of Civil War military-related artifacts. They defrauded people of their valuables by undervaluing their items, reselling them for higher prices and pocketing the profits. The scheme landed them in prison.

    This was just one story shared by Lynne McKee, former manager of the FBI Art Theft Program, on Aug. 27. The Haynes’ Hall at McMenamins Anderson School in Bothell was filled to the brim and standing room only for those who wanted to hear McKee talk about her dealings in recovering stolen pieces. McKee coordinated the investigations into illicit trafficking and recovered more than $300 million in art and antiquities during her eight years as manager.

    The talk was part of Pub Night Talks, a free monthly lecture series cosponsored by the University of Washington Bothell and McMenamins.

    Based on McKee’s presentation, it’s easy to see that art theft comes in many shapes and forms. And the thieves of fine art are of all backgrounds.

    Stéphane Breitwieser managed to steal 239 artworks from 172 museums around Europe, from 1995-2001. His most valuable stolen piece would fetch more than $6 million at auction.

    He was also a waiter who lived with his mother.

    Breitwieser and his girlfriend, in tandem, worked to take the artworks he was enamored with — that was until they got caught.

    While Breitwieser was arrested, his girlfriend called his mother, alerting her that the police had detained the art thief. In response the mother began to destroy the fine works. Some of the art was recovered while some never was.

    In the United States, it’s not typically waiters committing theft from museums, McKee said. Most museum theft in the country is not committed by hardened criminal, but rather internal people who take advantage of storage units where works are stored for years before being put on display.

    McKee also spoke on the many fakes and forgeries she comes across. They’re often offered on the market as being “stolen from a museum in France,” McKee said. “It’s always the same story.” 

    See Original Post

  • September 10, 2019 2:32 PM | Anonymous

    Reposted from Buildings

    Internet of Things (IoT)-enabled HVAC systems are more energy efficient, reliable and user-friendly for your occupants. But because of those cloud-enabled features, they’re also a target for hacking into.

    Since it’s likely less protected, attackers might use any vulnerabilities in your HVAC system’s network to infiltrate your building’s larger network, therefore potentially affecting or disrupting physical operations. This hypothetical situation demonstrates how physical security and cybersecurity can overlap.

    Many companies today still treat their physical security and cybersecurity departments as separate entities. But as more building systems become digitized—from HVAC to access controls—experts agree that it’s time to consider converging on a departmental level to keep up with the technical level.

    “People have been talking about [converging departments] for at least 10 years—having one person responsible for the whole thing,” says Michael Gips, chief global knowledge officer for ASIS International. “The advantages there, they say, are cost savings; more efficiency having one department, one leader, one common mission; and you have cross-training, so physical security personnel is learning about cybersecurity and vice versa.”

    What Is Physical Security vs. Cybersecurity?

    Understanding the difference and what it means is important.

    Physical Security:

    When experts say physical security, they are referring to protecting occupants, equipment, infrastructure, etc., from physical harm. This could include fires, theft or a physical attack such as an active shooter event.

    Cybersecurity:

    Also referred to as logical security, cybersecurity refers to preventing unauthorized access to your building or company’s network and data.

    Physical security and cybersecurity have long been treated as separate systems.

    “It used to be years ago that corporate IT departments didn’t want security departments hogging bandwidth—like with alarms and [closed-circuit television] footage,” says Gips. “It would slow everything down. Now with cyber being so vast and storage being much cheaper, it’s not that big of a deal anymore.”

    But what’s more addressed these days, Gips adds, is the convergence of security departments, processes and cultures.

    “The decision-making process within an enterprise has moved away from the traditional facilities or real estate team to IT and the [chief security officer] position—they’re thinking about physical and logical security and combining those with a comprehensive strategy,” says James Segil, co-founder and president of Openpath, a mobile access control system.

    Gips says there are many reasons why many companies today aren’t interested in converging their physical security and cybersecurity departments, including:

    • Perceived cost
    • Not trusting of the other department
    • Fear over lost jobs

    “We’ve found when [companies] do converge, there are far more positives than negatives,” Gips says. “It’s just getting over that hurdle.”

    Where to Begin

    Matthew Bohne, vice president and chief product security officer at Honeywell, reiterates the idea that a departmental convergence revolves around changing the workplace culture.

    “There is culture that we all need to drive, which is inclusivity versus exclusivity,” he says. “Over the years, [physical security and cybersecurity] have been independent of each other. You have to be open minded and drive that inclusive behavior to bring those communities together and share information.”

    Bohne explains that convergence doesn’t have to mean one department, one leader—but rather more effective communication.

    “The answer oftentimes is: Are you allowing good communication? Are you effectively sharing information between those two communities so that things happen correctly? Because there are good reasons why you have a physical team and why you have a cyber team. Sometimes there are challenges with saying, ‘Let’s make them all report to one person.’ That may not work in every case.”

    Bohne recommends these steps when starting the process of convergence.

    1. Know who the players are.

    Does the physical security team have awareness of who the members of the cybersecurity team are, and vice versa? You might find key players don’t want to share information because they don’t know the other team well enough.

    2. Physically bring the two teams together.

    Have a kick-off meeting where the two teams are physically together. They might see they have similar credentials and be more willing to accept security confidence. This can form a sense of trust between the two.

    3. Work through how to communicate better.

    After the initial kick-off meeting, make sure the two teams are meeting regularly to work through how they prefer to better communicate.

    “What I’ve seen happen is that they may start off with an informal meeting, but then will leave it at that and never go back to having those interactions or conversations,” Bohne says. Keep teams accountable.

    4. Offer more cross-training.

    With an ever-evolving digital world, Bohne says companies have an obligation to help teams with training and education. Help physical security personnel better understand cybersecurity best practices and the digital components of your building. Or have cybersecurity personnel do rounds with a physical security team member to see a different perspective.

    “You can get some really exceptional talent out of that,” Bohne says, adding: “That helps glue the communities much closer together.”

    Why Converge Physical Security and Cybersecurity?

    Imagine that one of your security guards is patrolling the corridors at night, and he or she sees a door open that shouldn’t be. And the doors are controlled digitally.

    If the security guard is in tune with that digital access control system, then “if they see something unusual, they can act accordingly,” Bohne says.

    Benefits of converging the two realms include streamlining processes for potential cost savings. Streamlined processes, as well as symbiotic relationships between physical security and cybersecurity leaders, can also cover any vulnerabilities that were there before convergence.

    It can also lead to happier occupants. Building IoT devices and systems bring convenience, and knowing they’re safe and their data is protected brings peace of mind.

    Convergence “improves the user experience, which I think is what we all want at the end of the day when we go to work,” Segil says.

    A Changed World

    As buildings become smarter and more digitized, it’s important that security personnel and procedures keep up with the technological changes.

    “We need to understand that the world is changed,” Bohne says. “There is a changing workforce, which sometimes can make one group or another hesitant to grow this knowledge or expand into that area.”

    People are key. A culture of inclusivity is vital to successfully converging your physical security and cybersecurity sectors, or to just foster more efficient communication between the two. Bohne describes it as a team sport.

    Honeywell took that to heart as it joined the Global Cybersecurity Alliance, created by the International Society of Automation. The goal is to “build awareness, provide education, share best practices and accelerate the development and adoption of cybersecurity standards,” according to a press release.

    At the Global Security Exchange 2019 conference and expo, Gips plans to share with attendees a survey conducted by ASIS International that polled 1,000 chief information security offices, chief security officers and business continuity professionals in the U.S., Europe and India.

    The survey asked, among other questions, if their companies had converged, and if not, why not? If they had, what were the results?

    Gips will reveal the survey results in more detail at the conference, but tells BUILDINGS that the data shows most companies aren’t converged—though many have worked together collaboratively but have not formally converged.

    He adds that it depends on the building or company’s circumstances—the two sectors might be so different that it doesn’t make sense to converge. But effective communication can still bolster security measures and bring a holistic perspective to protecting a building and its occupants and data.

    See Original Post

  
 

1305 Krameria, Unit H-129, Denver, CO  80220  Local: 303.322.9667
Copyright © 2015 - 2018 International Foundation for Cultural Property Protection.  All Rights Reserved