Faith-Based Daily Awareness Post 16 January 2026

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

In honor of MLK Day we will not be reporting on Monday January 20^th. Reporting will resume Tuesday January 21^st.

DHS prepares replacement for critical infrastructure collaboration framework after CIPAC removal

The Department of Homeland Security is preparing a new framework called the Alliance of National Councils for Homeland Operational Resilience (ANCHOR) to take over the role of the now-disbanded Critical Infrastructure Partnership Advisory Council (CIPAC) as a hub for government-industry coordination on critical infrastructure security, including cybersecurity threats. CIPAC, long used to facilitate sensitive discussions between federal agencies and private sector operators under liability protections, was eliminated last year, disrupting established collaboration channels. ANCHOR is intended to streamline and broaden this engagement by reducing bureaucratic hurdles associated with multiple council charters and potentially allowing greater transparency, such as more public meetings or shared transcripts.

However, a key unresolved issue is whether and how liability protections like those under CIPAC for “one-to-many” discussions will apply under ANCHOR protections that industry leaders argue are essential for candid threat sharing. While CyberScoop reports that DHS has briefed sector coordinating councils on ANCHOR and is finalizing the regulatory text, Cybersecurity Dive highlights uncertainty about how closely DHS worked with infrastructure operators during its development and notes that many in the industry have received little detailed information about the new program.

Analyst Comments: The transition from CIPAC to ANCHOR underscores the continued importance of structured, trusted collaboration between government and critical infrastructure owners and operators, particularly in the cybersecurity domain. Regardless of governance changes, effective information sharing depends on clarity around participation, protections, and expectations, especially when discussions involve sensitive operational or threat-related details. Any uncertainty around liability protections or information handling could discourage candid engagement, reducing the overall effectiveness of collective defense efforts. As DHS finalizes ANCHOR, organizations should stay informed about how the new framework will function in practice and be prepared to adapt their engagement strategies to ensure they can continue to share timely insights, learn from peer experiences, and strengthen sector-wide resilience against evolving cyber and physical threats.

Most Small Business Owners Overestimate Their Ability to Spot AI Scams, Survey Shows

A recent survey highlighted by Bitdefender shows that many small business owners overestimate their ability to recognize AI-powered scams, such as deepfake emails or impersonations. Although a majority expressed confidence in spotting fraudulent content, actual test results revealed that participants correctly identified only about 42% of deepfake attempts, indicating a significant gap between perceived and real preparedness. The research also found that familiarity with deepfake scams was relatively low, with only around four in ten small business owners aware of them, and that most scam attempts were delivered via email a channel where verification practices are often weak.

To reduce risk, experts recommend habits like pausing before responding to urgent requests, verifying details through trusted channels rather than the original message thread, and strengthening email and account security with measures like strong passwords and two-factor authentication. The findings emphasize that as AI makes scams faster and more convincing, heightened awareness and proactive verification processes are critical for small businesses to avoid falling victim.

Analyst Comments: The findings reinforce that confidence alone is not a reliable indicator of cyber resilience, particularly as AI-enabled scams become more convincing and easier to scale. Organizations that rely heavily on trust, familiarity, and informal communication patterns may be especially vulnerable when verification steps are skipped in response to urgent or emotionally compelling messages. Regular training, simple verification procedures, and a culture that encourages slowing down before acting on requests for money or sensitive information remain critical defenses.

This is especially relevant for faith-based institutions, which often operate with limited technical resources and depend on volunteer staff, making them attractive targets for impersonation and payment fraud. Houses of worship should assume they face similar risks as small businesses and prioritize basic safeguards, such as out-of-band verification for financial requests, clear internal approval processes, and awareness that AI-driven scams can convincingly mimic trusted leaders or known community members.