This DAP highlights – Neo-Nazis in Ohio and faith-based organizations targeted by multiple ransomware gangs. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
FB-ISAO Threat Level Updates: Change to Physical Threat Level
This message is TLP:WHITE. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
The ongoing COVID-19 global pandemic is a complex and blended threat that impacts members and the broader faith-based and charity community in numerous ways. As of July 2021, we have determined to maintain our current pandemic and cyber threat assessments with no change, but are lowering the physical threat level to ELEVATED. FB-ISAO’s Threat and Incident Response Group (TIG) continues to assess the ongoing threats and risks to our community and has made the following updates to our Threat Level Assessments:
The TIG has determined to maintain the Pandemic Threat Level at “ELEVATED.” ELEVATED means that FB-ISAO is unaware of any specific threats, but there is concern that an event is more likely than normal. While we are well aware of the specific threat of the pandemic, we do not believe that a serious nationwide U.S. outbreak at this time is likely, though the possibility of localized outbreaks remains, especially given the Delta Variant and in areas where the population has low vaccine levels. The success of vaccinations has been encouraging, but the significant decrease in demand coupled with uncertainty regarding virus variants, state, local, and sector re-openings, relaxed masking and distancing mandates, and warmer weather could see surges in some areas that could become problematic. The TIG will continue to assess the Pandemic Threat Level regularly and provide updates accordingly.
The TIG has determined to establish the Physical Threat Level as “ELEVATED.” ELEVATED means that FB-ISAO is unaware of any specific threats, but there is concern that an event is more likely than normal. At the end of June, members of the FB-ISAO’s Organizational Resilience Group (ORG) met to deliberately discuss the Physical Threat Level, and whether a change was needed. We noted an apparent increase in gun violence but we shy away from assessing that it reflects a “new normal” nor should it be viewed as a continued path. Many of the remaining COVID restrictions are being lifted, and COVID-related benefits and assistance given to individuals and organizations will expire in the coming months. This brings unique security challenges across many fronts for organizations and, coupled with several other key considerations, can create situations that escalate quickly and could catch organizations unprepared. Additional concerns regarding flashpoint issues, extremism, and enduring threats (such as arson), lead us to assess the Physical Threat Level as ELEVATED. A more detailed explanation has been sent to members. The TIG will continue to assess the Physical Threat Level regularly and provide updates accordingly. This determination will be periodically re-evaluated, especially with respect to non-COVID-19-related threats.
The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists, particularly with respect to scams using COVID-19 vaccinations, ransomware, and revenge motivated targeting across social media. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.
- Please refer to this post for an explainer on the FB-ISAO Threat Levels.
- Please see this 15 May 2020 post regarding the distribution of the FB-ISAO Pandemic Reopening Reentry Checklist.
- Please refer to this CDC guidance for FBOs: Considerations for Communities of Faith, which is periodically updated (this update, 19 Feb 2021).
- Please refer to this valuable resource developed by the Cybersecurity and Infrastructure Security Agency: Mitigating Attacks on Houses of Worship Security Guide.