This DAP highlights – Neo-Nazis in Ohio and faith-based organizations targeted by multiple ransomware gangs. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
FB-ISAO Threat Level Update – March 2022
This message is TLP:WHITE. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
The FB-ISAO Cyber Threat Intelligence, Operational Resilience (together, the Threat and Incident Response) working groups, have been actively monitoring and sharing information, reports, and perspective regarding our threat environment, to include any possible spillovers from Russia’s invasion of Ukraine. We have determined to return all threat levels to GUARDED at this time.
- The Pandemic Threat Level at “GUARDED.” GUARDED means FB-ISAO has determined that there is no specific threat at this time – in the context of the pandemic, meaning there is no specific outbreak or variant of significant concern – but a general risk of further outbreaks exists.
- The Physical Threat Level as “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific events, but a general risk of incidents exists.
- The Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists.
PANDEMIC THREAT: The TIG has determined to decrease the Pandemic Threat Level to “GUARDED.” GUARDED means FB-ISAO has determined that there is no specific threat at this time and there is no specific outbreak or variant of significant concern. We continue to be alert to a general risk of further outbreaks, and we continue to monitor rising cases occurring other parts of the world. The success of vaccinations and availability of boosters has been encouraging. We continue to monitor the spread of the BA.2 and other emerging variants, but see no major threat of concern. The potential of a new significant variant exists, and we believe that maintaining vaccinations, and being prepared to reestablish necessary safety protocols is important. The TIG will continue to assess the Pandemic Threat Level regularly and provide updates accordingly.
PHYSICAL THREAT: The TIG has determined to decrease the Physical Threat Level to “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific events, but a general risk of incidents exists. As the United States returns to a level of near normalcy, we remain concerned of ongoing stressors that cause concern to FBOs, workplaces, and public settings as they re-open and return to more normal operations. Among those are stressors and potential sparks relating to COVID (issues such as masking, vaccines, safeguards, etc. that may trigger people as they return to in-person activities), economic uncertainty (supply chain disruptions, shortages of goods, inflation, etc.), polarizing issues (including the war in Ukraine and the coming 2022 election campaign, media and political hyperbole) and other considerations. These concerns are coupled with continued foreign ideological extremist and domestic extremist propaganda and encouragement for violence.
Of note, we are approaching the seasonal confluence of major religious events for Judaism, Islam, and Christianity: with Purim (17 Mar) is followed by Pesach/Passover (16-23 April); Ramadan begins on 02 Apr and through 02 May, and Easter is 17 Apr. Additionally, with warmer weather coming, non-religious mass gatherings for public events – from demonstrations to festivals, concerts and more – will increase. These significant religious events and increase in mass gatherings create enticing targets for would-be attackers at a time that has seen a lot of workforce turnover, including among security personnel, and a decrease in practice for managing and responding to large events. More routinely, we continue to see near-daily incidents of violence and vandalism at places of worship and continued acts of antisemitism, racial, and other hateful vandalism, threats, and violence at grade schools and in higher education, and elsewhere. With respect to Russia, extremists have promoted conspiracy theories and other hateful rhetoric aimed at the Jewish people and the nation of Israel. While all of these are of continued concern, much of it regrettably is part of our routine threat environment. We are not aware of specific threats but do believe a general risk of incidents exists.
CYBER THREAT: The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists. We continue to encourage preparedness and vigilance against routine threats and ongoing challenges, such as the Log4j vulnerabilities. Regarding potential threats associated with Russia’s attack on Ukraine, we echo CISA’s SHIELDS UP statement that, “while there are no specific or credible cyber threats to the U.S. at this time, Russia’s invasion of Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, could impact organizations both within and beyond the region, to include the U.S. homeland. Every organization—large and small—must be prepared to respond to disruptive cyber activity.” We do not see an increased threat aimed at Faith-Based Organizations (FBOs) specifically but recognize that there is a general concern for all U.S. entities at this time. As part of the broad threat environment, we expect to see continued mal-, mis-, and dis-information from Russia as well as continued cyber espionage, disruptive and destructive cyberattacks. While we don’t anticipate such activity targeting FBOs, it may be a useful time to remind our communities to be extra cautious and to avoid clicking on attachments contained in emails and texts that may appear as alerts, offering photos of damage, appeal letters containing lists of items needed, resources, prayer wheels, or other attempts to lure victims; and avoid forwarding such items to members or other congregations. Ransomware, both direct attacks and indirect attacks to vendors and supply chain partners, is a concern and organizations are encouraged to develop and exercise incident response plans, to include communications, outreach, and reporting procedures.
The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.
GENERAL. To reiterate our recent statement, this is an excellent opportunity to recognize the difference between actual threat and threat perception. While Russia’s invasion is a significant event in and of itself, it doesn’t directly change the local threat environment directly, with respect to bad actors in the neighborhood and others who may intend to do harm and pose an actual threat to FBOs. As individuals being barraged with news and alerts, perhaps with connections to FBOs and others in and around Ukraine, we may feel a heightened sense of threat because of what is happening. We encourage members to pause, reexamine local threat vectors, assess site vulnerabilities and mitigations, and ask, “what if anything has changed that might warrant a change to my security posture.” Fear, uncertainty, and doubt (FUD) can distract us from our primary focus to reduce risk while enhancing preparedness, security, and resilience.
Members at the Champion and Hero levels are encouraged to review recent weekly reports that have included some related information and mitigation ideas. Additionally:
- Please refer to this post for an explainer on the FB-ISAO Threat Levels.
- Please refer to the current National Terrorism Advisory System (NTAS) Bulletin, date 07 Feb 2022 (expires, 07 June 2022)
- CISA SHIELDS UP information and guidance regarding Ukraine invasion-related threats.
- Please refer to this valuable resource developed by the Cybersecurity and Infrastructure Security Agency: Mitigating Attacks on Houses of Worship Security Guide.
Additional resources.
FB-ISAO maintains a resources page which may be accessed here and includes:
- Physical Threat
- Preparedness
- Cybersecurity
- Insider Threat
- Domestic Terrorism Threat
- Health and Natural Disaster
- Preparedness Videos and Training
- Resources for Schools
- COVID-19 and Pandemic Resources
- Domestic Terrorism Threat
Regular updates are being shared in the Faith-Based Daily Journal.
A good reference: NJCCIC Advisory: Cybersecurity Considerations as Geopolitical Tensions Increase
Cybersecurity Resources:
- CISA SHIELDS UP in particular.
- U.K. NCSC guidance on steps to take when the cyber threat is heightened
- Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
- Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
- Russia Cyber Threat Overview and Advisories
International Travel Resources:
- U.S. Department of State—Bureau of Consular Affairs: Ukraine Travel Advisory
- U.S. Department of State—Bureau of Consular Affairs: Information for U.S. Citizens in Ukraine
- U.K. Foreign travel advice—Ukraine
Business Continuity Resources
- Continuity of Operations (COOP), Federal Emergency Management Agency (FEMA)