The Khmer-era sculptures are linked to an art dealer suspected of selling looted antiquities, authorities said
2 min
The Metropolitan Museum of Art has agreed to return 14 sculptures to Cambodia and two to Thailand, removing from its collection all Khmer-era artworks associated with an art dealer accused of selling antiquities illegally.
The Met said Friday it will temporarily display a selection of the 16 sculptures while arrangements are made for their repatriation. The works were made between the ninth and 14th centuries in the Angkorian period, the museum said. The Khmer empire ruled much of what is now Cambodia, Laos, Thailand and Vietnam from about 802 to 1431.
The sculptures are associated with art dealer Douglas Latchford, who was indicted in 2019 by the U.S. attorney’s office for the Southern District of New York, which said he orchestrated a multiyear scheme to sell looted Cambodian antiquities on the international art market. The indictment was dropped after Latchford’s death in 2020. Authorities later secured a $12 million civil forfeiture against his estate for stolen Southeast Asian antiquities they alleged Latchford had sold.
The Met said it cooperated with authorities in the U.S. and Cambodia following Latchford’s indictment and received information that made it clear the sculptures should be returned.
“The Met is pleased to enter into this agreement with the U.S. attorney’s office, and greatly values our open dialogue with Cambodia and Thailand,” said Max Hollein, the director and chief executive of the Met.
U.S. Attorney Damian Williams said in a statement Latchford was believed to have run “a vast antiquities trafficking network,” an allegation Latchford had denied. He urged cultural institutions and private collectors to remain vigilant about antiquity trafficking.
Many countries and cultures that were colonised have for decades asked institutions to return stolen artefacts. That effort has gained more traction in recent years, with many museums now openly acknowledging that some items in collections were gained through colonial exploitation and looting.
The Cambodian government in recent years has asked the Met and other museums to return artworks taken from their countries of origin under murky circumstances.
In 2013, the Met returned two 10th-century Cambodian stone statues, known as the “Kneeling Attendants,” which were also associated with Latchford. The statues were from the Koh Ker temple in the same province as the Angkor Wat temples. Officials said they believe they were stolen from the temple in the 1970s. The Met had acquired the statues from donors between 1987 and 1992, it said at the time.
One of the most high-profile repatriation efforts involves the Benin Bronzes, West African artefacts stolen more than a century ago from what is now Nigeria.
Roughly 3,000 to 5,000 artefacts were pillaged from the Kingdom of Benin by British soldiers in the late-19th century as the U.K. expanded its colonial empire in West Africa.
Many of the Benin Bronzes—a name used to cover a variety of artwork, including carved elephant tusks, brass plaques, and wooden heads—wound up in private collections and museums in Europe and the U.S. The Met returned three artefacts to Nigeria in 2021.
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
What a quarter-million dollars gets you in the western capital.
Alexandre de Betak and his wife are focusing on their most personal project yet.
CIOs can take steps now to reduce risks associated with today’s IT landscape
3 min
As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.
IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.
“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.
That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.
“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.
While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.
“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.
Automation, and maybe even artificial intelligence-based IT tools, can help.
“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”
An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.
One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.
Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.
Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.
For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.
“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.
If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.
The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.
This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.
The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.
CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.
Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”
