Title: Museum security and the Thomas Crown Affair.

Over the years, I've daydreamed about stealing a Vermeer, a Picasso, or Rembrandt. It tickles me, as much as watching the reboot of The Thomas Crown Affair. Why is it, do you suppose, so much fun to think about stealing a world renowned piece off the wall of a major metropolitan museum? Is it the romantic thoughts of getting away with it, walking past infrared detectors, and pressure sensors ala Indiana Jones with the sack of sand to remove the idol without triggering the security system? Is it the idea of snatching items with such fantastic prices, where the romance of possessing an item of such value is less intoxicating than selling it to a private collector for it to never be seen again? I suspect others share my daydreams as they watch theater or hear of a brazen daylight heist at museums around the world, or from private collections. Though when reality sets in, the mind of the security professional kicks in. How could one do it, why would one do it, what should you do once it's done? The main issue a thief confronts when acquiring unique goods is how to process or fence them. They become very difficult to sell because they are one-of-a-kind, easy to identify, and could lead to the people involved with the theft. The whole issue of museum security takes up an ironic twist when one considers the secretive British street artist 'Banksy'. Banksy has made a name for himself by brazenly putting up interesting pieces of art in broad daylight (though many critics don't consider his work to be art) on building walls, rooftops, or even museums. I bring him up for a interesting take on what may become a trend in museum security. In March of 2005, Banksy snuck a piece of his called 'Vandalized Oil Painting' into the Brooklyn Museum's Great Historical Painting Wing, plus 3 other pieces into major museums in New York. Within several days, 2 paintings had been torn down, but 2 stayed up much longer. In his home country of the UK, a unauthorized piece he created and placed in the British Museum known as 'Early Man Goes to Market' received different treatment when placed inside the walls. It was adopted into the permanent collection! I like his story because it's so counter-intuitive. Who would have thought that modern museum security might involve preventing people not just from stealing art, but from sneaking 'unauthorized' art into museums? What is next, tampering with the archive records in order to make it look like the piece in question has always been there? To learn more about museum security, I interviewed multiple experts in the field. It turns out that the glamorous lifestyle of Thomas Crown is not particularly relevant. In fact, usually nobody can point to a Mr. Big of the underworld coordinating thefts, though some organized crime families have been known to use stolen art as black market chips to trade. The common consensus among experts in the field of art theft is that, instead of most high-value pieces being stolen by outsiders with a blue print in hand and rappelling from a ceiling skylight, in reality, 80 percent of art thefts involve insiders or accomplices that execute the crime over a period of time while working or volunteering in the museum. Indeed, according to FBI statistics, between 70 and 80 percent of all solved art theft cases involve insider participation of some kind, yet according to Tom Cremers of the Musuem Security Network, 'Having been involved in risk assessments in over hundreds of museums over the past ten years, it is quite astonishing how rarely the risk of insider participation is discussed.' In regards to the insider threat, a museum is not much different from any corporation or other organization. There are directors, employees, interns, and cleaning staff (very often outsourced), security guards (again outsourced, typically with very high turnover rates). Unlike corporations, most museums also have volunteer staff, docents, and authorized visiting scholars. All these people can potentially take advantage of their position, or to be exploited by a clever attacker on the outside or inside using social engineering. After discussing where museum security is headed with several people involved in the field, the consensus seems to be that it is going to be completely digital at the behest of companies designing new security products. By this I mean that nearly every security sensor and alarm is being designed so that it is compatible or adaptable to Cat 5/6 Ethernet cable. Museum security sensors are usually connected to the network infrastructure, which then gets tied back to a server monitoring the security sensors. This approach should make us feel uneasy. This is security that rides on top of technology that time and time again has proven to be highly vulnerable, and very often implemented by closed source vendors who do not release details of their code or hardware because of it being proprietary. Being proprietary is not consistent with having good security.