This DAP highlights – Neo-Nazis in Ohio and faith-based organizations targeted by multiple ransomware gangs. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
FB-ISAO Threat Level Update, June 2023
The FB-ISAO Cyber Threat Intelligence, Operational Resilience (together, the Threat and Incident Response) working groups have been actively monitoring and sharing information, reports, and perspective regarding our threat environment. We have reviewed the most recent National Terrorism Advisory System (NTAS) Bulletin (May 2023) and considered that alongside our continued observance of a broad array of general threats and hostility to people and places of faith. These threats include widespread acts of faith-based hostilities including antisemitism, open threats to faith-based organizations based on their beliefs – both relating to religion and political issues, regularly occurring acts of violence including arson, vandalism, and low-level attacks, as well as commodity cyberattacks seen in all communities including Business Email Compromise (BEC) and ransomware. Additionally, the TIG has considered the continued high levels of rhetoric, political polarization, threats and conflict stemming from the 2022 Supreme Court’s Dobbs ruling, the arrival of LGBTQ Pride Month, warmer weather and an anticipated increase in mass gatherings to include faith-based events and protests and demonstrations, as well as the start of the 2024 U.S. election season, along with other considerations.
Of note with this update, we will cease to publish the Pandemic Threat Level for the time-being, while we continue to monitor health threats, including COVID, and the potential for local or broader significant health threats and outbreaks. One takeaway from our collective pandemic experience that we would like to note is the devastating effect that an illness sweeping the community can have on FBO operations. The global COVID pandemic demonstrated that organizational resilience and Continuity of Operations (COOP) planning should take community health and wellness into consideration. Situational awareness and current threat dashboards should include community health indicators. The COVID pandemic may be over, but its effects are still with us; and there remain many other ways to get sick that we should be and remain aware of. Moreover, the pandemic response and risk reduction measures also introduced and exacerbated a number of threats and challenges, including those associated with threats such as Zoom-bombing and those relating to mis- dis- and mal-information (MDM). Those threats, now heightened, will continue to develop.
Based on this review, we have determined to maintain all threat levels at GUARDED, meaning that FB-ISAO is aware that a general risk of incidents exists, but there are no target or time specific threats requiring an escalation in our overall preparedness at this time.
- The Physical Threat Level is “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific impending terrorism events although a general risk of incidents exists.
- The Cyber Threat Level is “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists.
PHYSICAL THREAT: The TIG has determined to keep the Physical Threat Level to “GUARDED.” GUARDED means that FB-ISAO is unaware of any specific events, but a general risk of incidents exists.
We assess: Faith-Based Organizations (FBO) will continue to face vandalism, property damage, theft, harassment, and communicated threats. The possibility that an active assailant may target an FBO remains an enduring threat. The above referenced NTAS Bulletin highlights two recent faith-based incidents and states that “Likely targets of potential violence include US critical infrastructure, faith-based institutions, individuals or events associated with the LGBTQIA+ community, schools, racial and ethnic minorities, and government facilities and personnel, including law enforcement.” FB-ISAO concurs with that assessment.
There have been at least 272 attacks or threat incidents at Faith Based Organization this year through 25 May 2023, in 42 states. A quarter of the attacks took place in three states: California, New York, and Florida. Sixty percent of the attacks are Vandalism (36%), Theft (14%), and Graffiti (10%). Threats and Harassment make up another 12%; Acts of Violence – Assault (13%) and Arson (10%) – make up less than a quarter. The majority of incidents occurred at Protestant (54%) and Catholic (18%) institutions, which makes sense insofar as Christians constitute 71% of the population according to the last PEW survey. Yet Jews, who constitute fewer that 2% of the population were targets of more than 13% of incidents; and Muslims, 1% of the population, were targeted in 8% of incidents.
Attacks related to abortion issues continue to be of concern to Faith Based Organizations: On 26 April, FB-ISAO shared a TLP:GREEN report, “Analytical Reporting on Hostile Events, Related to the Dobbs Ruling that Targeted Faith-Based Organizations” which noted that as of 30 March:
- There were 11 attacks on pro-life institutions from 01 January-19 March 2023.
- Attacks against pro-life institutions occurred in nine states, with the largest percentage of attacks directed towards Catholic churches. Vandalism was the predominant attack type, with two recorded instances of assault.
- There was one identified instance of an attack directed towards a pro-choice facility.
- Additionally, while the data presented in NAF 2022 Violence & Disruption Statistics is a little dated, and subsequent analysis has identified that associated threats are dissipating, it is worth noting that there have been other threats to abortion providers.
Also of concern are attacks related to LGBTQ issues: the Gay and Lesbian Alliance Against Defamation (GLAAD) reports that as of 25 April, GLAAD found 166 incidents of anti-LGBTQ protests and threats targeting drag events since early 2022, with a sharp uptick beginning in Pride season 2022 and continuing through the midterm election cycle. We anticipate this to continue as we head into Pride 2023 and the 2024 election season. 2023 has seen an additional 25 reported incidents, and participation in anti-drag incidents in 2023 has included the Proud Boys, white supremacists, and religious extremists. ADL has tracked at least seven events where members of known extremist groups showed up.
While we assess that places of worship and other FBOs that host or show solidarity with LGBTQ events heighten their risk of repercussions, it is important to note that despite what you read in the press or social media, less than 10% of incidents at houses of worship were tied directly to LGBTQ- or abortion related themes (1% pro and 8% anti). This suggests that, like antisemitism, the majority of these incidents occur in public spaces, on the streets, or target businesses and residences, rather than houses of worship.
Other threat considerations include, but are not limited to:
- Concerns over the normalization of Nazi-ism and antisemitism. Recent FB-ISAO Daily Journals (FBJ) and Slack reports have documented numerous incidents of pro-Nazi and other antisemitic behavior and other hate incidents. While we are encouraged by actions such as Biden-Harris Administration Releases First-Ever U.S. National Strategy to Counter Antisemitism (though, important to note that not all Jewish organizations are convinced as to the efficacy of this Strategy, assessing that it downplays the subject of antisemitism and weaves it into other hate actions which are less prevalent), we remain concerned about hostile individuals and groups.
- Pro-choice and pro-life extremism. As the report above and other incidents note, some individuals and groups firmly believe that violent protest and action are justified against those they disagree with regarding abortion and the Dobbs ruling. These disagreements have manifested as hostile confrontations, harassment, threats, and attacks on individuals and FBOs. We assess this is likely to continue as we enter the 2024 election season.
- Summer Camps. Faith based organizations operating summer camps should review the horribly violent 2022-23 school year, which saw a record number of campus shootings and highly destructive acts of vandalism. The cultural issues that attract threats to hosting FBOs – LGBTQ rights, abortion, antisemitism, and ethnicity – will likely transfer to FBO-sponsored summer camp activities as well. Camp staff (including CITs), as FBO staffs, should be trained on situational awareness, threat detection, and de-escalation techniques. The same protocols – detect, deter, deny, defend apply and should be practiced with the same determination as apply to other FBO activities. Procedures should be established for dealing with weapons (guns, knives) being brought to camp, detecting and handling children under the stress of broken homes, custody battles, grief, trauma, or transition. Camp leadership should identify a staff member to be responsible for security and responding to threats. Counsellors should be trained and encouraged to check in with their campers daily, assess and report any indicators to the security focal.
- Elections. The 2023 state and local- and the 2024 national election season have already started, and look to be more raucous than 2016 and 2020. The nation is experiencing a high level of political and cultural divisiveness; and it seems at times that the ties that bind us are no longer stronger than the forces tearing us apart. Political opponents are cast as enemies, and we seem to have lost a sense of common purpose. FBOs should be aware that open identification with any political or cultural stance may invite threats or attacks, and FBOs should be attuned to political, cultural, and social issues driving wedges within their memberships.
- Public Health Concerns: As noted above, though we are suspending the Pandemic Threat Level for the time-being, we continue to monitor health threats, including COVID, and the potential for local or broader significant health threats and outbreaks, and will report on some of those through the FBJ and Slack. In addition to the comments noted above, organizations are encouraged to get or stay connected with local Health Departments. With the ending of the COVID-19 public health emergency on 11 May, various reporting and monitoring tools are no longer being used and there is an increased reliance on local wastewater data. This may create some potential challenges with measuring local COVID spread. FBOs should maintain awareness of local COVID and other health threats and may want to review recent CDC Ventilation in Buildings guidance (12 May). Regarding both COVID and other local health threats, it is also important to recognize that threat awareness and mitigation guidance and procedures are mostly handled through local Health Departments. FBOs should strive to be aware of and follow Health Dept guidelines when a malady or emerging threat has been locally identified.
- Acts of God: It is also important to note environmental threats as part of all-hazards preparedness, especially as we continue to deal with flooding and wildfire threats, the arrival of hurricane season and other seasonal challenges. Given current threats, emerging challenges, and enduring concerns, it remains important for organizations to regularly reassess their security processes and procedures. In addition, it is a good time to remind all employees, as well as members of their role in identifying suspicious events and how to respond appropriately to incidents.
Despite the lack of credible, specific threats, FB-ISAO and the ORG remain concerned about ongoing stressors that cause risks to FBOs, workplaces, and public settings. Some domestic violent extremists continue to associate FBOs with divisive political and cultural issues, as well as with policies and beliefs that continue to carry over from the pandemic. These concerns are coupled with continued foreign ideological extremist and domestic extremist propaganda and encouragement for violence. These carry related risks and threats of violence that FBOs should consider as they may relate to their operations. We advise continued caution and situational awareness; FBOs should continue to monitor the FBJ and Slack channels for threat information, and review organizational security measures, incident response plans and procedures to maintain adequate precautions against possible acts of violence and response readiness. Consult with local law enforcement regarding any special intelligence they may have that could impact on your plans.
Since our last update there have been many threats, but also successful security response. An April incident in Arkansas demonstrated the value of an aware and ready FBO. This incident is worth noting: Man Arrested at Church Service After Members Believe he was Testing Security of Church.
CYBER THREAT: The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists. We continue to encourage preparedness and vigilance against routine threats and ongoing challenges such as ransomware and known exploited vulnerabilities.
- Common cybersecurity threats are an enduring threat to FBOs, as they are to all organizations. BEC and ransomware continue to be significant areas of concern. Beyond direct attacks on an FBO, these attacks may occur with vendors and other supply chain partners, with cascading risks and impacts to members. FB-ISAO has noted, and reported, on an uptick in cyber threats as that affect faith-based organizations.
- As always, geopolitical events and perceived political positions and other high-profile issue positions by FBOs or their leadership – real or perceived – may result in hacktivism or other online attacks, such as was experienced in an attack on the Papal website believed to be a related to Russia’s invasion of Ukraine.
- Spring and summer bring warmer weather, and seasonal natural hazards and severe weather, as well as associated scams. On 25 May, CISA released CISA Warns of Hurricane/Typhoon-Related Scams urging that individuals remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to solicit personal information by posing as a trustworthy organization, notably as charities providing relief. Exercise caution in handling emails with hurricane/typhoon-related subject lines, attachments, or hyperlinks to avoid compromise. In addition, be wary of social media pleas, texts, or door-to-door solicitations related to severe weather events. CISA encourages users to review the Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, and CISA’s Using Caution with Email Attachments and Tips on Avoiding Social Engineering and Phishing Attacks to avoid falling victim to malicious attacks.
- It is important to take at least basic actions to reduce risk.
- Keeping staff aware of threats, tactics, techniques, and procedures used in common attacks, and how to protect themselves and the FBO is an important basic risk reduction measure.
- FBOs are encouraged to develop and exercise incident response plans, to include communications, outreach, and reporting procedures.
- A best way to reduce risk remains to keep all devices updated with current operating systems and software. In addition, despite improvements in defensive security posture, ransomware remains a viable and disruptive event.
The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.
GENERAL. The continuous threat against Faith-Based Organizations in particular led DHS to reconstitute the Faith-Based Security Advisory Council (FBSAC) which “serves as an advisory body with the purpose of providing guidance and recommendations to the Secretary” on a variety of matters. FB-ISAO Executive Director Mayya Saab is a member of the FBSAC. Members at the Champion and Hero levels are encouraged to review recent weekly reports that have included some related information and mitigation ideas. Additionally:
Additional resources.
- Please refer to this post for an explainer on the FB-ISAO Threat Levels.
- Please refer to the current National Terrorism Advisory System (NTAS) Bulletin (24 May 2023; expires 24 Nov 2023)
- Newly released in May 2023: CISA – Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence; Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence Fact Sheet. The Cybersecurity and Infrastructure Security Agency, in partnership with the Federal Bureau of Investigation, developed the Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence Fact Sheet to outline actions that faith-based organizations and community leaders can take to increase security, focusing on six overarching steps. The product details how taking these six steps can help protect places of worship against potential threats of targeted violence in a cost-effective manner that maintains an open and welcoming environment. The product also provides training, exercise, and grant resources, and interagency contact points to assist places of worship in identifying their security needs, develop actionable plans, obtain funds for security improvements, and recognize and report potential threats in their area. Protecting Places of Worship: Six Steps to Enhance Security Against Targeted Violence Fact Sheet.
- DHS CISA Guidance: Mitigating Attacks on Houses of Worship Security Guide.
- FB-ISAO – Catalogue of 2021 Hostile Events Affecting Faith-Based Organizations.
- FB-ISAO Post: The Nonprofit Security Grant Program- A Resource to Faith-Based Organizations
- CISA SHIELDS UP information and guidance regarding Ukraine invasion-related threats.
FB-ISAO maintains a resources page which may be accessed here and includes:
- Physical Threat (and given recent mail threats in Europe, members may want to review the Mail and Package and Bag Checks resources)
- Preparedness
- Cybersecurity
- Insider Threat
- Domestic Terrorism Threat
- Health and Natural Disaster
- Preparedness Videos and Training
- Resources for Schools
- COVID-19 and Pandemic Resources
- Domestic Terrorism Threat
Regular updates are being shared in the Faith-Based Daily Journal.
A good reference: NJCCIC Advisory: Cybersecurity Considerations as Geopolitical Tensions Increase
Cybersecurity Resources:
- CISA SHIELDS UP in particular.
- U.K. NCSC guidance on steps to take when the cyber threat is heightened
- Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
- Russia Cyber Threat Overview and Advisories
International Travel Resources:
- U.S. Department of State—Bureau of Consular Affairs: Ukraine Travel Advisory
- U.S. Department of State—Bureau of Consular Affairs: Information for U.S. Citizens in Ukraine
- U.K. Foreign travel advice—Ukraine
Business Continuity Resources
- Continuity of Operations (COOP), Federal Emergency Management Agency (FEMA)