Bloomberg Expands Arts Grant Program to Seven More Cities

Bloomberg Philanthropies is investing $43 million in more than 200 small and midsize cultural organizations in seven cities — Atlanta; Austin, Tex.; Baltimore; Denver; New Orleans; Pittsburgh; and Washington. “We wanted to reach cities that we thought had a really strong mix in the way they were serving up arts and culture,” said Kate Levin, who oversees arts programs at Bloomberg Philanthropies.

The funding is an expansion of the Arts Innovation and Management program, initiated by the former New York City Mayor Michael Bloomberg in 2011. The program has already given $65 million to some 500 smaller organizations across theater, visual arts, music, film, literature and dance in New York, Boston, Chicago, Dallas, Detroit, Los Angeles and San Francisco.

“Small and midsize organizations tend to do extraordinarily good work at anchoring neighborhoods and communities,” Ms. Levin said. “The program comes out of Mike Bloomberg’s conviction that these organizations, which often don’t get the attention larger institutions do, are really essential to not only the creative community’s health but the health of cities.”

By invitation only, selected organizations are being offered unrestricted support — roughly 10 percent of their annual operating budgets — in addition to arts-management training. That includes a consulting mentor for each organization and a series of seminars for all grantees in a given city on topics such as fund-raising, strategic planning, marketing and board development.

Mr. Bloomberg, whose Bloomberg Philanthropies is expanding an arts grant program.CreditChad Batka for The New York Times

“Part of the reason we fund city cohorts is that we’re trying to encourage the cultural communities to get better acquainted and bond,” Ms. Levin said. Each institution is asked to match 20 percent of the dollar amount it is given — a chance to put into practice some of the fund-raising tools offered through the program. In the previous round of grants, three-fourths of the organizations were able to surpass that 20 percent target, Ms. Levin said. “That’s a real, solid outcome that we think demonstrates the validity of the program.”

Eddie Hernandez Doesn’t Care if His Food Isn’t ‘Authentic’

“The country is irrelevant to me,” he said over a bowl of shrimp soup with pasta and peppers at an Atlanta branch of his restaurant, Taqueria del Sol. “It’s what’s available and what you can do with it.”

Too much emphasis is placed these days on culinary authenticity, he continued. “In Mexico, we eat what we like and don’t worry about what is authentic to this cuisine or that,” he said. “You make do, and you make it taste good.”

Mr. Hernandez, who learned to cook from his grandmother, first came to America when he was a teenager with his rock band Fascinación. They tried to land a recording contract in Houston. It didn’t go so well.


Mr. Hernandez’s book.

Patricia Wall/The New York Times

After a decade of working in factories and Tex-Mex restaurants while trying to break into the music business, he moved to Atlanta. He said that despite his chunky gold jewelry, pierced ear and long rocker hair, he got a job at a restaurant owned by Mike Klank, a low-key son of the South.

He and Mr. Klank, to whom the book is dedicated, are now partners in the seven-restaurant Taqueria del Sol chain. Mr. Hernandez sells plenty of carnitas folded into flour tortillas, and bowls of green pork chili. But the menu also has his own Southern-Mexican mash-ups like tacos stuffed with fried chicken and lime jalapeño mayonnaise, or Memphis-style smoked pork with spicy cabbage slaw.

Mr. Klank has helped Mr. Hernandez understand the Southern palate. They toured Atlanta’s meat-and-three restaurants, and sampled the dry-rub barbecue from Memphis, Mr. Klank’s hometown.

Some of Mr. Hernandez’s education was simple experimentation. Early on, a customer gave him a bag of turnip greens. He didn’t know what to do with them. Mr. Klank explained that Southerners simmer them for a long time with a ham hock to make a smoky, almost murky broth called potlikker.

Instead, Mr. Hernandez approached them the way his family used to cook lamb’s quarters, the greens called quelites in Spanish. He put them in a pot with chicken stock, tomatoes and garlic, and added a hit of chile de arbol. The dish is a mainstay at the restaurants, and the recipe is in his book.


Pork roast with roasted jalapeño gravy.

Melina Hammer for The New York Times

So is his take on pork roast, a Southern Sunday supper staple. A pork loin with a little cap of fat is rubbed with onion and garlic, both in granulated form, then roasted fast in a very hot oven whose residual heat is used to roast a couple of jalapeños. The chopped peppers are then folded into gravy made from a classic French roux and homemade stock.

The result is a decidedly Southern dish, punched up with the flavors he grew up eating in his hometown, Monterrey. Like most of his recipes, it’s thrifty, practical and delicious.

“My food doesn’t require an arm and a leg, and you don’t have to spend six hours in the kitchen,” he said.

That’s not to say they aren’t specific. Mr. Hernandez is, if nothing else, very specific. He prefers lemon juice to lime juice in his guacamole because lime is too acidic and “cooks” the avocado. And he blisters jalapeño in oil for the dip because it takes away the green taste of the pepper, which he thinks interferes with the flavor of the avocado — which, by the way, has to be Hass.

“This is the way I cook,” he said. “Either you like it or not. I don’t care.”

The point is to not fuss too much. “If you have something good and you want to make it better,” he advised, “be careful. You can ruin the good you’ve got already.”

Recipes: Pork Roast With Roasted Jalapeño Gravy | Green Peach Salad With Simple Lime Dressing

Follow NYT Food on Facebook, Instagram, Twitter and Pinterest. Get regular updates from NYT Cooking, with recipe suggestions, cooking tips and shopping advice.

Continue reading the main story

Hard Choice for Cities Under Cyberattack: Whether to Pay Ransom

Anyone hit with a ransomware attack must reckon with the dollars and cents: Will it cost more to pay up, or to try to eradicate the malware and restore the data without giving in? But government victims must also grapple with the dubious propriety — and dubious legality — of rewarding crime with taxpayers’ money.

The episodes are at once familiar and frightening. Hackers with no apparent motive other than curiosity and avarice indiscriminately scan the web for vulnerable servers and networks, and all too often find them.

Cybersecurity experts say local government agencies and universities tend to be at a particular disadvantage because they manage many public-facing web services and servers and employ many people who must have access.

Antivirus software tools can ward off some kinds of malicious attacks, but they often fail to stop ransomware because cybercriminals have found too many ways around them — whether by exploiting a security hole in a vulnerable server or tricking a naïve employee into opening a malicious email attachment.

“In cybersecurity, the more places you have where your door is sort of open — which it has to be in local government — the higher your risk is,” said Scott Smith, a former mayor of Mesa, Ariz.

In 2013, the year Mr. Smith became president of the United States Conference of Mayors, the group adopted a resolution identifying cybersecurity as “a critical public safety issue of concern to mayors and cities.”

But local governments are often working with antiquated systems, tight budgets and short-handed I.T. staffs. According to a 2016 survey of chief information officers for jurisdictions across the country, 38 percent of local governments were relying on technology that was at least one generation out of date, and fewer than half had bought cybersecurity insurance, which can help cover the costs of responding to a major attack.

The survey, by the International City/County Management Association and the University of Maryland, Baltimore County, found that extorting ransom was the most common purpose of cyberattacks on city or county governments, accounting for nearly one-third of all attacks. (Mischief and theft of private information were the next most common.)

Local governments were not always high on the ransom target list. In recent years, security experts say, criminal groups like SamSam, the shadowy hacking crew implicated in the Atlanta episode, had been zeroing in on health care providers, particularly hospitals, which they knew could ill afford to lose patient records or wait for weeks to restore normal operations. More than seven-eighths of all recorded ransomware attacks in the United States in 2016 were aimed at the health care industry, according to NTT Security.

That onslaught, experts say, prompted many in the industry to shore up their digital defenses — and the hackers to turn to new targets. “As health care has spent more on their security, we’ve seen attackers moving to local governments,” said Allan Liska, a senior intelligence analyst at Recorded Future, a security firm.

The past 16 months have seen high-profile ransomware attacks at public agencies ranging from a fire department in Ohio to the Bay Area Rapid Transit system, which offered free rides after attackers took down their ticketing systems. Recently, Mr. Liska said, cybercriminals who call themselves “The Dark Overlord” have said in an underground web forum that they had begun to attack state and local governments because their security is so poor.


This month’s cyberattack in Atlanta has curbed the operations of municipal government, causing police officers to prepare reports by hand.

David Goldman/Associated Press

In Atlanta, the attack apparently mounted by the SamSam group brought down many (though not all) city systems on the morning of March 22. Among other effects, residents have not been able to pay water bills or traffic tickets online, the court schedule has been upended, and police officers have had to file reports on paper. For days, city workers were not allowed even to turn on their computers.

Through a spokeswoman, Mayor Keisha Lance Bottoms of Atlanta declined to be interviewed about the ransom demanded by SamSam to end the attack: the Bitcoin equivalent of about $51,000.

But Atlanta’s leaders are likely to have weighed a host of concerns, including whether the SamSam hackers would keep their end of the bargain. Security experts said the city also had to decide whether it was willing, in effect, to finance a criminal enterprise, and whether it could stomach a reputation as an easy mark.

“Local governments often don’t feel comfortable using taxpayer funds to pay a criminal, especially when they consider where those funds may be going,” said Jason Rebholz, a vice president at Icebrg, a security firm. “On the other hand, they have to weigh a $51,000 ransom demand with the fact that they are likely going to pay a lot more to resume operations.”

Ransomware attacks used to be low-odds propositions. In 2012, by one estimate, only 2.9 percent of victims paid. But these days, the rate is as high as 48 percent, according the Ponemon Institute, a privacy research group.

Those who pay — from a Massachusetts town and police department to the Hancock Health hospital group — generally calculate that it is the cheapest way out. Mr. Rebholz estimated that the total cost for Atlanta to rebuild all its affected systems could run from “several hundred thousand dollars easily into millions of dollars.”

Though many of their concerns are the same, business leaders hit by cyberattacks are often able to respond more nimbly than politicians can.

Corporate executives “can compare and contrast different options in a much freer way,” said Mike Rawlings, the mayor of Dallas and a former president of Pizza Hut.

In the public sector, he said, “It’s not as simple as cost-benefit analysis — you are gambling the trust and the perception of what the city stands for at the same time.”

The Ponemon Institute found that the decision often turns on whether the victim has access to a full and accurate backup for the seized data. The hackers know it: Victims are finding that the first thing intruders like SamSam do is to search the compromised system for “back up” or the names of popular backup services, and delete those files.

“They now go out of their way to force you to pay,” Mr. Rebholz said. “It’s increasingly rare that victims can fully recover.”

The Colorado Department of Transportation awoke late last month to discover that SamSam had locked its employees out of their computers, email and timecard systems; encrypted the agency’s most important databases; and renamed files with the words “i’m sorry.”

Deborah Blyth, the state’s chief information security officer, said in an interview Wednesday that it was an easy decision not to pay. For one thing, the state has a policy forbidding ransom payments. For another, the data had been backed up offline, out of the attackers’ reach, making the department better prepared than most targets.

The department had everything back to normal in a little over a week — but the story was not over. SamSam’s attackers had planted some undetected digital footholds during the first attack that opened the door for a second attack with improved ransomware as soon as the systems came back online.

Three weeks later, Ms. Blyth said, the second restoration job is about 80 percent complete. She is scheduled to brief other state and local governments on Friday about the double whammy.

“I feel terrible for Atlanta,” she said. “I know exactly where they’re at. We need to give other local governments information on SamSam so it doesn’t happen to them. I’m really worried that other state agencies are at risk.”

Officials have been slow to awaken to that danger. After the mayors’ conference adopted its warning resolution in 2013, it tried to hold a cybersecurity forum in Washington for city officials. It was canceled for lack of interest.

“If you had a cybersecurity summit now,” Mr. Smith said this week, “it would be oversubscribed.”

Continue reading the main story

Global Health: South Sudan Halts Spread of Crippling Guinea Worms

Guinea worm — also known as dracunculiasis, or “affliction with little dragons” — is a minuscule parasite found in ponds. Inside anyone who drinks the water, it grows to be a yard long and emerges after a year, usually from a leg or foot, by exuding acid under the skin to form a blister.

The pain drives the victim to dunk the leg in water, and the worm releases millions of larvae, starting the cycle anew.


A pond in Terekeka once infested with Guinea worms. Pain caused as the parasite emerges from a host’s body leads an infected person to dunk a limb in water, where the worms release larvae.

Mariah Quesada/Associated Press

It can take two weeks to carefully pull each worm from the body so it does not break and cause infection.

The Carter Center fights the disease by recruiting a volunteer in each affected village to pour a mild pesticide into ponds, distribute cloth filters that remove copepods containing worm larvae, and treat victims before they walk into ponds.

South Sudan, which gained independence from Sudan in 2011, triumphed despite having many worm-laden ponds, a long rainy season, poor roads and irregular spasms of warfare, said Dr. Donald R. Hopkins, a former acting director of the Centers for Disease Control and Prevention who for years led the Carter Center campaign.

South Sudan has not had a case in 15 months, which is longer than the worm’s life cycle. The country will be certified worm-free by the World Health Organization only after there have been no cases for three years.

Because most worms emerge in July, the middle of the growing season, “you will get a complete village crippled,” Dr. Kok said. “And besides the pain, the community will not be productive and will be faced with hunger. To get water or prepare a meal is a nightmare.”

Dr. Kok thanked the Carter Center both for its help and for training thousands of village volunteers.

His ministry will hire 7,200 of them, he said, for its new Boma Health Initiative, which intends to place three health workers in every “Boma” — district — trained to give vaccines, treat malaria, check pregnant women, record births and deaths, and to identify malnutrition, H.I.V. and tuberculosis.

In countries with shortages of doctors and nurses, such as Ethiopia, Pakistan and Peru, villagers working for similar programs — sometimes called “lady health workers” or “community health promoters” — have dramatically cut death rates among mothers and children.

Continue reading the main story