INTERNATIONAL FOUNDATION FORCULTURAL PROPERTY PROTECTION
News
Reposted from Bothell-Kenmore Reporter
They’re most known for their appearances on PBS Television’s “Antiques Roadshow.” Russell Pritchard III and George Juno were experts on the show, giving bad and sometimes good news to people who brought their treasures and junk in for appraising.
But they used this reputation off-camera to gain the trust of unsuspecting owners of Civil War military-related artifacts. They defrauded people of their valuables by undervaluing their items, reselling them for higher prices and pocketing the profits. The scheme landed them in prison.
This was just one story shared by Lynne McKee, former manager of the FBI Art Theft Program, on Aug. 27. The Haynes’ Hall at McMenamins Anderson School in Bothell was filled to the brim and standing room only for those who wanted to hear McKee talk about her dealings in recovering stolen pieces. McKee coordinated the investigations into illicit trafficking and recovered more than $300 million in art and antiquities during her eight years as manager.
The talk was part of Pub Night Talks, a free monthly lecture series cosponsored by the University of Washington Bothell and McMenamins.
Based on McKee’s presentation, it’s easy to see that art theft comes in many shapes and forms. And the thieves of fine art are of all backgrounds.
Stéphane Breitwieser managed to steal 239 artworks from 172 museums around Europe, from 1995-2001. His most valuable stolen piece would fetch more than $6 million at auction.
He was also a waiter who lived with his mother.
Breitwieser and his girlfriend, in tandem, worked to take the artworks he was enamored with — that was until they got caught.
While Breitwieser was arrested, his girlfriend called his mother, alerting her that the police had detained the art thief. In response the mother began to destroy the fine works. Some of the art was recovered while some never was.
In the United States, it’s not typically waiters committing theft from museums, McKee said. Most museum theft in the country is not committed by hardened criminal, but rather internal people who take advantage of storage units where works are stored for years before being put on display.
McKee also spoke on the many fakes and forgeries she comes across. They’re often offered on the market as being “stolen from a museum in France,” McKee said. “It’s always the same story.”
See Original Post
Reposted from Buildings
Internet of Things (IoT)-enabled HVAC systems are more energy efficient, reliable and user-friendly for your occupants. But because of those cloud-enabled features, they’re also a target for hacking into.
Since it’s likely less protected, attackers might use any vulnerabilities in your HVAC system’s network to infiltrate your building’s larger network, therefore potentially affecting or disrupting physical operations. This hypothetical situation demonstrates how physical security and cybersecurity can overlap.
Many companies today still treat their physical security and cybersecurity departments as separate entities. But as more building systems become digitized—from HVAC to access controls—experts agree that it’s time to consider converging on a departmental level to keep up with the technical level.
“People have been talking about [converging departments] for at least 10 years—having one person responsible for the whole thing,” says Michael Gips, chief global knowledge officer for ASIS International. “The advantages there, they say, are cost savings; more efficiency having one department, one leader, one common mission; and you have cross-training, so physical security personnel is learning about cybersecurity and vice versa.”
Understanding the difference and what it means is important.
When experts say physical security, they are referring to protecting occupants, equipment, infrastructure, etc., from physical harm. This could include fires, theft or a physical attack such as an active shooter event.
Also referred to as logical security, cybersecurity refers to preventing unauthorized access to your building or company’s network and data.
Physical security and cybersecurity have long been treated as separate systems.
“It used to be years ago that corporate IT departments didn’t want security departments hogging bandwidth—like with alarms and [closed-circuit television] footage,” says Gips. “It would slow everything down. Now with cyber being so vast and storage being much cheaper, it’s not that big of a deal anymore.”
But what’s more addressed these days, Gips adds, is the convergence of security departments, processes and cultures.
“The decision-making process within an enterprise has moved away from the traditional facilities or real estate team to IT and the [chief security officer] position—they’re thinking about physical and logical security and combining those with a comprehensive strategy,” says James Segil, co-founder and president of Openpath, a mobile access control system.
Gips says there are many reasons why many companies today aren’t interested in converging their physical security and cybersecurity departments, including:
“We’ve found when [companies] do converge, there are far more positives than negatives,” Gips says. “It’s just getting over that hurdle.”
Matthew Bohne, vice president and chief product security officer at Honeywell, reiterates the idea that a departmental convergence revolves around changing the workplace culture.
“There is culture that we all need to drive, which is inclusivity versus exclusivity,” he says. “Over the years, [physical security and cybersecurity] have been independent of each other. You have to be open minded and drive that inclusive behavior to bring those communities together and share information.”
“The answer oftentimes is: Are you allowing good communication? Are you effectively sharing information between those two communities so that things happen correctly? Because there are good reasons why you have a physical team and why you have a cyber team. Sometimes there are challenges with saying, ‘Let’s make them all report to one person.’ That may not work in every case.”
Bohne recommends these steps when starting the process of convergence.
Does the physical security team have awareness of who the members of the cybersecurity team are, and vice versa? You might find key players don’t want to share information because they don’t know the other team well enough.
Have a kick-off meeting where the two teams are physically together. They might see they have similar credentials and be more willing to accept security confidence. This can form a sense of trust between the two.
After the initial kick-off meeting, make sure the two teams are meeting regularly to work through how they prefer to better communicate.
“What I’ve seen happen is that they may start off with an informal meeting, but then will leave it at that and never go back to having those interactions or conversations,” Bohne says. Keep teams accountable.
With an ever-evolving digital world, Bohne says companies have an obligation to help teams with training and education. Help physical security personnel better understand cybersecurity best practices and the digital components of your building. Or have cybersecurity personnel do rounds with a physical security team member to see a different perspective.
“You can get some really exceptional talent out of that,” Bohne says, adding: “That helps glue the communities much closer together.”
Imagine that one of your security guards is patrolling the corridors at night, and he or she sees a door open that shouldn’t be. And the doors are controlled digitally.
If the security guard is in tune with that digital access control system, then “if they see something unusual, they can act accordingly,” Bohne says.
Benefits of converging the two realms include streamlining processes for potential cost savings. Streamlined processes, as well as symbiotic relationships between physical security and cybersecurity leaders, can also cover any vulnerabilities that were there before convergence.
It can also lead to happier occupants. Building IoT devices and systems bring convenience, and knowing they’re safe and their data is protected brings peace of mind.
Convergence “improves the user experience, which I think is what we all want at the end of the day when we go to work,” Segil says.
As buildings become smarter and more digitized, it’s important that security personnel and procedures keep up with the technological changes.
“We need to understand that the world is changed,” Bohne says. “There is a changing workforce, which sometimes can make one group or another hesitant to grow this knowledge or expand into that area.”
People are key. A culture of inclusivity is vital to successfully converging your physical security and cybersecurity sectors, or to just foster more efficient communication between the two. Bohne describes it as a team sport.
Honeywell took that to heart as it joined the Global Cybersecurity Alliance, created by the International Society of Automation. The goal is to “build awareness, provide education, share best practices and accelerate the development and adoption of cybersecurity standards,” according to a press release.
At the Global Security Exchange 2019 conference and expo, Gips plans to share with attendees a survey conducted by ASIS International that polled 1,000 chief information security offices, chief security officers and business continuity professionals in the U.S., Europe and India.
The survey asked, among other questions, if their companies had converged, and if not, why not? If they had, what were the results?
Gips will reveal the survey results in more detail at the conference, but tells BUILDINGS that the data shows most companies aren’t converged—though many have worked together collaboratively but have not formally converged.
He adds that it depends on the building or company’s circumstances—the two sectors might be so different that it doesn’t make sense to converge. But effective communication can still bolster security measures and bring a holistic perspective to protecting a building and its occupants and data.
Reposted from Allied Universal
Clients often ask, how much is enough and how much is too much to spend when designing a security program?
My usual, tongue-in-cheek short answer is, depends on your tolerance for risk.
Without question there is always a pressure on reducing the cost of security spend. More and more frequently, enterprises are looking to technology to provide cost-saving solutions for risk mitigation. It is prudent to be cautious when implementing technology because the science is far from exact.
By the time you realize you’ve underspent it is often post incident.
Out Factoring Ourselves
In the span of just over a decade we have gone from the novelty of smart phones to smart houses to now depending on smarter than us virtual assistants named Alexa and Siri to make our lives easier. And, as of July 1, 2019, Florida joined the handful of states that allow self-driving cars on their roads. In the midst of this rapid, ever-evolving tech, we are still nowhere close to approaching the apex of the digital age.
As AI and adaptive processes streamline our busy lives and revolutionize every industry by enabling businesses to do more with less, it is also, at the same time, eliminating the need for a person to do it. Most of the tech solutions we encounter today fall under the category of the Internet of Things (IoT), but just around the corner is the “Internet of the Body and Mind.” The merging of human and machine is evidenced in recent announcements that 3D printing will soon print artificial hearts and, as Elon Musk hinted in April of this year, a brain-machine interface that hooks human brains to computers is “coming soon.”
No longer is it so far-fetched to wonder if by creating machines that can learn, are we making humans irrelevant? Competing with machines for jobs is more than pause-worthy. AI combined with machine learning and 5G will unlock data at warp speeds, generating analytics that will overwhelm humans, but not machines.
Balancing the Products
While technical solutions can certainly be less costly than employing people, most industries still prefer the thinking human over the well-oiled teaching-thinking machine. Considerations of compatibility, knowledge and skills necessary to help to optimize deployment of new technologies must be prioritized.
The ideal approach, in this middle stage (possibly golden age) of the digital evolution, especially for corporate security programs, is striking the right balance between technology and people. Understanding the limitations and strengths of each is key. For example, integrated systems help to reduce the delay between data collection, automate analysis and make recommendations that help humans make better decisions. This is technology that serves to improve productivity and enable security professionals to be more responsive and accurate in emergency situations. In another scenario, using mobile robots for monotonous patrols and leverage security personal for engagement and personal customer service delivery is a married solution that capitalizes on what each does best.
How Much Technology is Enough? How Much is too Much?
As these new technologies develop there arises a concurrent need for governance that must be consistently, even globally applied. If not humans, who will enforce that? Bill Gates posed an interesting perspective on the notion of robots taking over humans’ jobs: When we work, we pay taxes and generate revenue to support infrastructure and our governments. How will machines replace this revenue source?
At some point, we may reach the boundary where technology is too invasive and the pendulum will undoubtedly swing back and humans will resist machines. For now, the trick is in finding the equilibrium of people and technology.
Reposted from Toronto Life
The film adaptation of The Goldfinch, a Pulitzer Prize-winning novel, releases in theatres on September 13. Anyone lucky enough to have been wrapped up in the odyssey of the book will be understandably jazzed: the epic tale follows the journey of Theo Decker, a 13-year-old boy who visited the Metropolitan Museum with his mother the day it was bombed. His mother was killed, and Theo abandoned the building with a painting of a tiny goldfinch. The tragic incident altered the course of his life and sent him on a winding path of guilt, grief, reinvention and, ultimately, redemption. It’s both a touching coming-of-age story and an enthralling drama.
The film was directed by BAFTA winner John Crawley (who also directed Brooklyn) and stars Ansel Elgort and Nicole Kidman. To celebrate the film’s opening across Canada this fall, and the fact that it will have its world premiere here in Toronto during TIFF, we thought we’d share a handful of nearly-as-riveting stories of real-life works of art that have gone missing.
Leonardo Da Vinci, Mona LisaIn 1911, Italian handyman Vincenzo Peruggia and his two helpers were hired to craft some glass casings for the Louvre. They hid in a closet overnight and strolled out the door with the Mona Lisa. The painting was found two years later, after Peruggia attempted to sell it to an art dealer in Florence. The suspicious dealer turned him in, though Peruggia claimed he was merely trying to return the painting to Italy, the land of its birth, and only served eight months in prison. The media attention from the search for the painting is part of what catapulted it to its iconic present-day status—before the theft, it wasn’t even the most famous painting in the museum. Visitors can still see the Mona Lisa at the Louvre, though probably only over the tops of many heads and iPhones.
Rembrandt Van Rijn, Landscape With CottagesAnother huge unsolved art heist, one of the largest in Canadian history, happened in 1972 at the Montreal Museum of Fine Arts. The scheme was like something from an Ocean’s movie: around midnight, thieves clad in ski masks and hoods crept onto the roof of the museum, cut a hole in a skylight and shimmied down a rope. They threatened the guards, tied them up and made off with about $2 million worth of art. The whole thing took about 30 minutes, and they managed to snag a Rembrandt drawing worth about $1 million. It has yet to be recovered, and the thieves were never caught.
Paul Cézanne, View of Auvers-sur-OiseWhoever stole this Cézanne had a flair for the dramatic: the painting was taken moments after the world rang in the new millennium in 2000. It all went down at Oxford’s Ashmolean Museum just after 1 a.m. While the rest of the city was distracted by fireworks and revelry, someone hopped roof to roof before landing above the museum, then lowered themselves down through a skylight (a popular move, apparently) and set off a smoke bomb to obscure camera footage before triggering a fire alarm. The only piece stolen was the Cézanne, and the thief climbed back up the rope and escaped off the roof while the fire department was still en route.
Vincent van Gogh, Poppy FlowersVan Gogh’s paintings are some of the most frequently stolen—at least 13 of them have been taken and recovered, and another 85 remain missing. One of the most famous is Poppy Flowers, which was stolen from the Mohamed Mahmoud Khalil Museum in Cairo in 2010. That was actually the second time the painting had been stolen from the same museum: the first was in 1977, and it was found two years later in an undisclosed location in Kuwait. The Egyptian government released very few details on the theft and the subsequent recovery, although the culprits are said to be a trio of Egyptian bandits. Since 2010, police have been unable to locate the masterpiece, which is currently worth at least $50 million.
On September 13, we highly recommend hitting up your local theatre to be enchanted by the haunting world of The Goldfinch, which could have been inspired by any of the actual events in this article.
Reposted from Emergency Management and Response - Information Sharing and Analysis Center (EMR-ISAC)
Organizations, agencies and businesses are at risk from insider threats, employees who may use their position within the workplace to cause the organization or other employees harm through negligence or malicious intent. Examples can include workplace violence, sabotage, theft or unintentionally clicking on an email containing a phishing or ransomware attack. September has been deemed “Insider Threat Awareness Month” by a partnership of federal agencies. The goal of this campaign is to raise awareness of insider threat risks and educate people on how to recognize indicators and report suspicious activities. While many federal agencies and the military may need to focus on espionage, emergency responder agencies could focus more on cybersecurity phishing and ransomware education and employee morale. Unhappy or disenfranchised employees are more likely to commit acts consistent with what is considered an insider threat, including violence. The Office of the Director of National Intelligence (ODNI) offers free insider threat training through its National Insider Threat Task Force. The free training could be incorporated into a staff briefing or internal company training program. ODNI also offers a host of other guides, multi-media and links to other federal resources. During this month, emphasize the importance of safeguarding our workplaces, fellow employees and our nation from the risks posed by insider threats and continue to work diligently to mitigate these risks.
Reposted from The National Law Review
New York Supreme Court dismissed the lawsuit by the London-based The Mayor Gallery (The Mayor) against the owners of the Pace Gallery based on allegations that defendants “unlawfully declared that thirteen authentic Agnes Martin artworks are fakes, resulting in a loss … of more than $7 million.” The lawsuit asserted that defendants were financially motivated to exclude the works from their catalogue raisonné. In a 16-page decision dismissing the lawsuit, Justice Andrea Masley called the claims “vague” and “speculative.” The Mayor’s initial complaint was dismissed in 2018 as lacking merit; now, the court found that the new complaint did not assert any new facts to avoid dismissal. The Mayor reportedly anticipates appealing the decision.
Artist Cady Noland has filed her third complaint in a lawsuit alleging that a German collector’s unauthorized restoration of her famous Log Cabin Blank With Screw Eyes and Cafe Door (1990) sculpture “amounted to the creation of an unauthorized copy of the original.” Her lawsuit was dismissed twice before, with leave to re-plead, on the grounds that Ms. Noland’s complaint failed to state legally viable copyright infringement claims under the U.S. Copyright Act. Her latest complaint needs to demonstrate that an act of alleged infringement occurred in the United States and not abroad in order to survive another motion to dismiss. The defense has filed yet another motion to dismiss, arguing that the third complaint does not state that the alleged infringement first took place in the United States, but rather in Germany, and as such, Ms. Noland’s challenges in this case are not actionable under the U.S. Copyright Act.
A “part time art handler” who frequents second-hand shops purchased a sketch from a New York Habitat for Humanity thrift store that he believed to be an original by the expressionist Egon Schiele. The sketch now has been authenticated by Jane Kallir, owner of the Galerie St. Etienne, leading expert on Egon Schiele and the author of his catalogue raisonné. Ms. Kallir believes that Schiele sketched the work in 1918, the same year he died. The work appears to be a study for Schiele’s final lithograph, Girl, which also was completed in 1918. The sketch is now for sale and the owner, who wishes to remain anonymous, announced plans to donate a portion of the sale proceeds to Habitat for Humanity.
Timothy Sammons, a British art dealer who operated from offices in London, Zurich and New York, was sentenced to up to 12 years in prison by a New York court after pleading guilty to grand larceny, a scheme to defraud and other counts. It was alleged that Sammons misappropriated the proceeds from sales of art on behalf of his clients and used art that did not belong to him as collateral to obtain personal loans. District Attorney Cyrus Vance noted that besides suffering monetary losses, victims lost “valuable pieces of artwork that had been in their families for generations.” Sammons will reportedly serve his sentence in a New York state prison.
The Baltimore Museum of Art is expanding its campaign to minimize diversity gaps by focusing on women in the coming year. The program, called 2020 Vision, begins in October 2019 by focusing on American Women Modernists such as Georgia O’Keefe. The program also will include a large-scale installation by Mickalene Thomas that will transform the museum’s East Lobby into a “living room.” Other highlights reportedly include “an exploration of Candice Breitz’s socio-political video works, a Joan Mitchell retrospective, an exhibition of beaded works by 19th-century Lakota women and African Art and the Matrilineage, a show documenting the role of maternal power in African art in the 19th through mid-20th centuries.”
Exceeding last year’s record-setting allocation of $198.4 million with this year’s $212 million budget, the New York Department of Cultural Affairs is poised to expand on the success of its CreateNYC Action Plan, a program with the goal of having “a vibrant, diverse, and sustainable cultural sector with access to the arts for all citizens of New York.” This year the program expanded its tenets to include commitments to increase funding to underserved communities, emphasize inclusive practices, solidify its relationship with the city government, address the affordability crisis, and improve public school art education. Since 2017, New York City has distributed more than $1.1 billion in arts and culture financing, more than any other U.S. city.
Reposted from Arts & Collections
Arguably, the legal issue causing most concern in the art world at the moment is the introduction of the Fifth Anti-Money Laundering Directive (5 AMLD), which is expected to be implemented into UK law by the 10th January 2020, regardless of Brexit.
The art market is perceived as an easy target for criminals wishing to purchase art as a means of laundering the proceeds of crime. This directive applies to dealers, auction houses and other entities transacting in art and aims to tighten up the current requirements on money laundering and tackle the risks that are commonly associated with the trade. The directive will affect all non-EU buyers purchasing works of art at galleries, fairs and auction houses in the UK and thus requiring the seller to undertake the same level of risk-based due diligence enquiries on purchases, or a series of related purchases, amounting to €10,000 or more, that are currently undertaken by the legal and financial sectors.
Collectors should therefore expect to be asked for up to date photo ID, proof of current address and the source of funds being used for the new year’s transaction.
ID itself, however, is not enough. Sellers are additionally required to do a risk analysis for “high risk” transactions, which will include items of “archaeological, historical, cultural and religious importance”. This includes scrutinising linked transactions, irregularities and suspicious transactions and keeping records evidencing compliance with their money laundering obligations.
Any knowledge or suspicion of money laundering must be reported to the national crime agency (NCA) and sellers cannot “tip-off” their buyer that a report has been made. Sanctions for failure to comply with the regulations are similar to those, in relation to other service-based industries and will include a civil financial penalty or criminal prosecution, that would result in an unlimited fine and/or a prison term of up to two years.
This concept is wholly alien to many who operate in a world where deals can be conducted on the basis of reputation alone and where the trade is renowned for its secrecy, trust and relationship-based transactions. What effect it has on the market remains to be seen.
We live in a time of immense political uncertainty. We have a new Prime Minister, no Withdrawal Agreement, and no assurance that we will leave the EU on 31st October, with or without a deal in place.
The impact in the art market of Brexit, or a no deal Brexit, remains to be seen, but what is clear is that a weak pound has already attracted more foreign collectors to the UK markets and auctions themselves have been strong over the last 12 months.
Regardless, concerns are raised in relation to the restriction of the free movement of people in a no deal scenario and how new bureaucratic requirements will affect artists and employees of art and cultural organisations, who regularly travel to the EU for work including travelling exhibitions and art loans. EU nationals currently residing (and working) in the UK will need to register under the EU Settlement Scheme, which should secure their status in UK law. Travelling to the UK post a no deal Brexit is likely to impose new Visa requirements, documentation at the borders and information on driving and use of mobile phones.
The UK current import tax is only 5%, which is one of the lowest in the EU. If the UK leaves the EU Customs Union, then imports from the EU will be treated in the same way as from outside the EU. The UK government could, in theory, lower the input tax below 5% as there will be nothing to then limit it, which would again attract more collectors to the UK art market.
Collectors would be well advised to allow more time for exporting and importing consignments in the event of a no-deal Brexit and should use experienced carriers and professional agents to deal with the formalities. Export licences are not likely to be affected by a no-deal Brexit, but collectors will be more reliant on shippers to ensure the correct documentation is in place before exporting, as customs clearances or transit documents will be required to take stock into the EU post-Brexit.
All art related businesses or organisations must ensure that they are compliant with the relevant data protection laws, if they send personal data outside the UK or receive date from the EEA. Cross border copyright is also likely to be affected in the event of the UK leaving the EU without a deal. Correspondingly, organisations may need the copyright holder’s consent to export intellectual property-protected goods, that have been legitimately put on the market in the UK to the EU.
In the event of a no deal Brexit, the government have warned that CITES-related animal or plant species (and their parts) will no longer pass through Dover or the Euro tunnel. If Britain leaves the EU without a deal, then new specimens will need a permit to be transported between the UK and the EU and will only be able to travel through designated ports.
The art market has generally reacted with dismay to the Ivory Act 2018, which was expected to come into force later this year. It will introduce a ban on “dealing” in elephant ivory, which includes buying, selling and hiring ivory, offering to arrange or buy, sell or keep it for sale or hire. This extends to exporting it from or importing into the UK for sale or hire.
The small number of exceptions to the ban include objects containing less than 10% of ivory by volume and which were made prior to 1947, the “rarest and most important” objects pre 1918, and musical instruments pre-1975 that contain less than 20% of ivory by volume and portrait miniatures pre-1918.
The prohibition applies to buying, selling or hiring elephant ivory and will not affect private collectors to the extent that they already own, inherit, gift, donate or bequeath items made of or containing ivory. Nonetheless, it will affect collectors wishing to sell ivory items and their collection, which means they will be restricted to selling to a qualifying museum.
Dealers will be most affected by the Act and whilst many agree that the poaching of elephant ivory must be stopped, a blanket restriction on the sale of antique ivory works is not seen a solution. Activists also argue that a ban on elephant ivory only creates demand for other forms of ivory and are campaigning for an extension of the Bill to cover hippos, warthogs and narwhals.
Recently a small group of dealers and collectors have mounted a challenge in the High Court claiming that the Ivory Act should not focus on antiquities, but instead ensure that ivory objects that are traded are in fact antiques rather than modern fakes. The argument that trade in pre-1947 worked ivory is already covered in EU legislation has resonated with the court, and an application for a Judicial Review of the Act has been granted will take place later this year while the UK is still part of the EU. Watch this space.
The issue of repatriation/restitution of art and cultural property is one that has attracted much recent press attention. Historical plunder and request for its return has always been a contentious and emotional subject and one, which has been addressed by the UK government in relation to Nazi-looted art and the issue of holding human remains in publicly funded museums and collections.
Recently there have been calls for return of artefacts of African cultural heritage both in France and the UK, and German museums are also analysing their collections with a view to returning artefacts acquired in the colonial era. The issue of consent to the removal of the artefacts is a key theme. The Declaration of Rights of Indigenous People in 2007 legislates to restore “cultural intellectual religious and spiritual property taken from indigenous people without their free, prior and informed consent and in violation of their laws, traditions and customs”. In short, if items are removed in circumstances of oppression, often following violent conquest, then their refusal to return these items following peaceful request can often be seen as a perpetuation of the relationship of control. Literally adding insult to injury.
Museums in response argue that by acceding to one request for the return of cultural property, they would open the floodgates to others and result in the emptying of museums, which should be a world resource rather than having a nationalistic focus. The uncomfortable truth about the acquisition of these items is a story that should be told by setting out the full provenance and the historical context, so there is a better understanding of the circumstances in which they came to be where they now are. There is no easy answer, but the debate evokes emotional arguments on both sides.
In the meantime, on 12th March 2019 the European Parliament adopted the Regulation on the import of cultural goods which is designed to control the import into the EU member states of certain items of cultural property. The object of this legislation is to protect against illicit trading of cultural goods and the “preservation of humanities cultural heritage”. This supports other measures in place that have been intended to restrict the illicit trade in cultural goods, particularly from the Middle East, and fill in any gaps across the EU. As a regulation, it is already directly applicable in the UK and if the UK leave the EU on the terms of the Withdrawal Agreement, as currently proposed, it will form part of UK law on the date of exit.
It remains to be seen whether the combination of restriction on import of cultural goods, and request for return of cultural goods that have been illicitly or illegally obtained will result in a change in requests for return of items. Museum directors can still rely on statutory restrictions that prohibit the return of items and, until they are allowed to do so, perhaps cultural collaboration between the museum community and the claimants will at least enable the full story to be told and the claimant’s voice heard.
The International Foundation for Cultural Property Protection (IFCPP) is very proud to be celebrating its 20th Anniversary this year. Since its formation as a 501(c)(3) non-profit trade association in Colorado in 1999, the Foundation has grown by leaps and bounds.
As a member-based association that serves the cultural property protection community worldwide, IFCPP provides a host of benefits to industry practitioners in all areas of the field. Member benefits include a variety of valuable resources - professional development, industry-specific training and education, resource-sharing, peer-to-peer networking, job placement, reporting of current events and industry news, professional certification, and much more.
The Foundation offers comprehensive live and online training for security, safety, fire protection, and emergency preparedness, bringing together the world’s leading experts on every conceivable topic that impacts the protection of our institutions. Presenters and instructors are members, partners, professional speakers, leadership gurus, subject matter experts, and those individuals that set industry standards and best practices.
IFCPP’s certification programs now include course work that addresses the concerns of security practitioners at every level, from line officers, to supervisors, to managers, to instructors/trainers. Standardized content includes emergency management, fire protection, business continuity, personnel management, protecting collections, violence prevention and response, legal considerations and restrictions, emergency medical response, staff and visitor screening, evacuations & lockdowns, code of conduct, visitor/guest relations, patrolling, technology, and more. Our new Learning Management System provides online training in Customer Service-Centric Security, Conflict Resolution, Protecting Collections, and Entry Screening. An all-new course on Developing/Enhancing Emergency Operations Plans is currently under development.
The Foundation’s 20th Anniversary Conference will be held this October in our home state of Colorado. The 3-part symposium includes 2 days of pre-conference tours and networking activities at local institutions, 2 days of educational sessions and out-of-the-classroom activities in downtown Denver (the mile-high capitol), and 2 days of workshops in the Rocky Mountain resort town of Vail. Our 20th anniversary gathering will host participants from near and far, including veteran instructors and first-time presenters. Sessions address the protection concerns of all types of cultural institutions, and include library-specific breakout sessions and workshops for institutions with unique and specific needs. Please join us if you can!
IFCPP is also proud to work closely with numerous cultural property associations, strengthening our offerings by partnering with dozens of related organizations. Regular partners include ASIS International and the ASIS Cultural Properties Council; American Alliance of Museums and AAM Museum Association Security Committee; American Library Association; American Association for State & Location History; Association of Tribal Archives, Libraries & Museums; Performing Arts Readiness initiative; and scores of additional state, regional, national, and international cultural organizations.
Lest not forget IFCPP’s ambitious and devoted staff, from frontline to founder – the best we could ever hope for! The programs that our team has developed in the last couple of years, and over the last couple of decades, has greatly expanded daily operations, and allowed us to produce and distribute an impressive array of resources. Kudos to our Founding Director, Program Manager, Lesson Developer, Web Designer, Marketing Consultant, and Strategic Development Consultant!
IFCPP’s success over the last 20 years is directly related to the dedication, enthusiasm, and professionalism of its members, advisors, partners, staff, volunteers, and instructors. We’re very proud of the vast number of relationships that have been established, and grateful to each and every individual and organization that has contributed to the mission of protecting our nations’ treasures. Our sincere appreciation to everyone that has participated, and continues to help make our institutions a safe place to live and work! We are forever in your debt!
Reposted from Homeland Preparedness News
The U.S. Government Accountability Office (GAO) recently identified several challenges related to the nation’s ability to detect and respond to biological events. These hurdles transcend what any one federal department or agency can individually address.
The GAO found four precarious areas, including assessing enterprise-wide threats; situational awareness and data integration; biodetection technologies; and biological laboratory safety and security, according to a study released earlier this summer that discussed GAO reports issued from December 2009 through March 2019 on various biological threats and biodefense efforts.
“Catastrophic biological events have the potential to cause loss of life and sustained damage to the economy, societal stability, and global security,” said Chris P. Currie, director of Homeland Security and Justice at the GAO. He told the U.S. House Oversight and Reform Subcommittee on National Security in June that, “Among those biological threats is the unpredictable nature of naturally occurring disease, which could affect human and animal health and agricultural security. Further, while the revolution in biotechnology presents opportunities to advance the life sciences, that same technology in the wrong hands could be used to create crippling biological weapons.”
Catastrophic biological events have the potential to cause loss of life and sustained damage to the economy, societal stability, and global security.
In 2011, the GAO reported that there was no broad, integrated national strategy that encompassed all stakeholders with biodefense responsibilities. The organization called for the development of a national biodefense strategy. Since that time, efforts have been made to coordinate and collaborate across the complex interagency, intergovernmental, and intersectoral biodefense enterprise. Although in October 2017, the GAO found there was no existing mechanism across the federal government that could leverage threat awareness information to direct resources and set budgetary priorities across all agencies for biodefense, the organization said a new biodefense strategy may address this.
In September 2018, the White House released a National Biodefense Strategy. However, because implementation of the strategy is in early stages, it remains to be seen how or to what extent the agencies responsible for implementation will institutionalize mechanisms to help the nation make the best use of limited biodefense resources. The GAO is currently reviewing the strategy and will release a report later this year.
When it comes to situational awareness and data integration, the GAO reported in 2009 and 2015 that the Department of Homeland Security’s (DHS) National Biosurveillance Integration Center (NBIC) — created to integrate data across the federal government to enhance detection and situational awareness of biological events — has suffered from longstanding challenges related to its clarity of purpose and collaboration with other agencies. DHS implemented GAO’s 2009 recommendation to develop a strategy, but in 2015 GAO found NBIC continued to face complications, such as limited partner participation in the center’s activities.
The GAO reports that DHS has faced biodetection technologies challenges in clearly justifying the need for and establishing the capabilities of the BioWatch program — a system designed to detect an aerosolized biological terrorist attack. In October 2015, the GAO recommended that DHS not pursue upgrades until it takes steps to establish BioWatch’s technical capabilities. While DHS agreed and described a series of tests to establish these capabilities, it continued to pursue upgrades, according to the press release.
Since 2008, the GAO has identified challenges and areas for improvement related to the safety, security, and oversight of high-containment laboratories, which, among other things, conduct research on hazardous pathogens, such as the Ebola virus. The GAO recommended that agencies take actions to avoid safety and security lapses at laboratories, such as better assessing risks, coordinating inspections, and reporting inspection results. Many recommendations have been addressed, but others remain open, such as finalizing guidance on documenting the shipment of dangerous biological material.
“The biological threat landscape is vast and requires a multidisciplinary approach,” Currie said. “The biodefense enterprise is the whole combination of systems at every level of government and the private sector that contribute to protecting the nation and its citizens from potentially catastrophic effects of a biological event.”
Reposted from Stratfor Worldview
For companies and other organizations, sometimes the biggest threat comes from within. An "insider" is generally someone with intimate knowledge of a facility being targeted, as well as natural covers for status and action that an "outsider" would lack. But beyond knowing the ins and outs of a facility and having a reason to be there, an insider can also develop a detailed understanding of internal security programs, policies and procedures to help them plan and conduct their crime.
At Stratfor, we think about the insider threat a lot as our team frequently analyzes incidents pertaining to our clients and subscribers. Insiders can pose an array of threats depending on the nature of the targeted organization. In other words, an elementary school will be more concerned about protecting the physical safety of children than, say, a manufacturing company. Thus, it is important to ensure that security programs protect against the full scope of threats most relevant to specific institutions. But before being able to design the types of comprehensive efforts needed to do so, it's crucial to first have a good grasp of what the actual insider threat is.
Anyone who has an understanding of the inner workings of a certain organization can feasibly cause harm to an organization, whether it's intentional, through error or by negligence. Current employees can become malicious as a result of some real or perceived grievance, or after being recruited by an external threat actor. An engineer who worked at Apple's autonomous vehicle program, for example, leveraged his detailed knowledge of the company's new security procedures to share proprietary information with a Chinese competitor. Following a previous security breach, Apple had made it impossible to download sensitive files to a thumb drive. But to defeat this new restriction, the employee simply used his phone to take photos of documents on his computer screen.
Other insiders can become threats upon or after losing their job, as evidenced by the Virginia Beach shooter, or the two former CIA officers who were recently convicted for spying on China's behalf. The recent Capital One hack — in which an ex-Amazon employee gained access to more than 100 million credit card applications — shows how even former employees of a business partner can still cause significant harm by utilizing the unique knowledge gained while working with another organization. Contractors (like Edward Snowden) and service providers (like members of a janitorial staff) also pose a risk.
Some insiders can even seek out employment at a targeted organization with the sole intent of becoming a mole to cause some sort of harm. There are some very good screening and vetting tools available to protect against hiring such applicants. But employees and their circumstances change over time. Mental illness, debt, traumatic life experiences and addiction can have a dramatic effect on a person's behavior and character. Thus, vetting must not be viewed as something done only when a person is hired, but rather as an ongoing process.
Many organizations also focus their insider threat programs on a narrow area, such as workplace violence or industrial espionage and protecting intellectual property. However, a malicious insider can pose a number of other threats that must be guarded against. A growing number of information technology companies, for example, are developing artificial intelligence tools to help do just that. These programs are often designed to monitor the information that employees access as well as what they're doing with it, to make note of any anomalous behavior. But such programs are focused only on certain risks like intellectual property theft, and thus do not help guard against workplace violence incidents or the many other non-cyber threats that insiders pose.
Chief among these, obviously, is the threat of physical harm. This includes workplace violence (such as shootings or bombings) but can also include things like sexual assault — especially at places in which children can be victimized, such as schools, youth sports organizations and houses of worship. Insiders can also damage facilities, business operations and assets (such as computer systems), and can steal items of value (such as data and intellectual property) as well — whether through diversion, fraud, embezzlement or outright theft.
Thus, in developing a program to effectively monitor and counter insider threats, organizational leadership must first clearly identify the most critical assets to protect. Hopefully, all organizations have a primary focus on safeguarding human life. But after that, priorities will vary depending on the type of institution or business. Compared with a tech company, for example, a school or a house of worship would prioritize safeguarding kids (although child safety is becoming increasingly important in the business world, as more companies offer on-site daycare) over defending against intellectual property theft.
The wide array of potential threats is why insider threat programs must also be cross-functional and include not just information systems and security personnel, but also protective intelligence, human resources and corporate legal. Because while insiders do have some significant advantages over outside attackers by understanding the inner workings of an organization, they also have a big disadvantage in that their frequent contact with colleagues provides many opportunities to be observed (and caught) as they progress through their attack cycle. In the Apple case, for instance, a co-worker spotted the suspect taking photos of his computer screen and reported his behavior.
With this in mind, the workforce-at-large is generally going to have far more contact with a threat actor than will corporate security, human resources or, arguably, supervisors. This is why it's critical that all employees be educated not only on the types of behaviors that threat actors can employ but also be clearly instructed on who to report any suspicious behavior to while being encouraged and empowered to do so. Thus, an effective insider threat program will also contain a training component to educate an organization's entire workforce — from the receptionist to the CEO. Open and ongoing communication between whoever's in charge of combating the insider threat and the rest of the organization is also crucial and must function both ways.
QUICK LINKS
ConferenceMembershipTraining & CertificationDonate to IFCPP
TRAINING & EVENTS
1305 Krameria, Unit H-129, Denver, CO 80220 Local: 303.322.9667 Copyright © 2015 - 2018 International Foundation for Cultural Property Protection. All Rights Reserved
Contact Us
