Faith-Based Daily Awareness Post 6 December 2024

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Man arrested after messaging threats of violence against Harpeth Hills Church of Christ

NewsChannel 5 Nashville reports:

A man accused of making threats against Harpeth Hills Church of Christ was arrested Thursday in Spring Hill.

(Name omitted), 26, has been charged with making a threat of mass violence, says Metro police.

(Name omitted) reportedly sent messages threatening the church through Instagram to a peer that he knew from school, according to Metro police, who say that he had prior incidents “displaying concerning behavior towards the church.” One of these incidents resulted in (name omitted) being involuntarily committed.

Related Articles:

• ‘I’m willing to die for this’: Nashville man arrested after alleged threats against church
• CEO of UnitedHealthcare had received threats, wife tells NBC News

Analyst Comments:

The shooting of UnitedHealthcare CEO is a sad reminder that threats can turn into actual attacks. The above incident appears to be a case of If You See Something, Say Something®. The 4 December 2024 Daily Awareness Post highlighted a case where the report of a suspicious van may have prevented an attack on a Texas church.

The above incidents show the need to take threats seriously and the value of reporting threats and suspicious activities. Graffiti threats, vandalism, and small arson fires should be considered possible lead ups to more serious attacks.  

Six password takeaways from the updated NIST cybersecurity framework

From the BleepingComputer item:

Password security is changing — and updated guidelines from the National Institute of Standards and Technology reject outdated practices in favor of more effective protections. 

Don’t have time to read the 35,000-word guidelines? No problem. Here are the six takeaways from NIST’s new guidance that your organization needs to know to create password policies that work.

The article then details the following:

• Password length > password complexity 
• Facilitate longer passwords 
• Implement MFA
• Avoid frequent password changes
• Prevent the use of already-breached passwords
• Discontinue password hints and other knowledge-based recovery

Additionally, BleepingComputer provides a wide range of Tutorials & Tech Support Guides.

Analyst Comments:

The President’s Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity was issued on May 12, 2021. The directive charges multiple agencies, including the National Institute of Standards and Technology (NIST) with enhancing cybersecurity through a variety of initiatives. Section 4 directs NIST to solicit input from the private sector, academia, government agencies, and others and to identify existing or develop new standards, tools, best practices, and other guidelines to enhance software supply chain security.

Faith-Based Organizations should consider adopting the password guidelines from the updated NIST cybersecurity framework.

Additionally, BleepingComputer provides a wide range of Tutorials & Tech Support Guides. These tutorials and guides may be of use to members of the faith community in their professional and private IT operations.

A Beginner’s Guide to Cybersecurity: Start with the ABCs

From the SANS blog post:

If you’re new to cybersecurity, you might feel overwhelmed by all the jargon and technical terms. That’s where our ABCs of Cybersecurity comes in! In this guide, I break down essential concepts in a way that’s easy to understand to give you a solid foundation to build upon. Let’s explore some of the fundamental terms that every beginner should know.

The post then details the following safeguards:

A is for Authentication & Access Control

B is for Backups & Data Security

C is for Cloud Security & Cyber Hygiene

Analyst Comments:

Members of Faith-Based Organizations that are new to cybersecurity may consider reviewing this short blog as a start to improving their organization’s cybersecurity.

DHS Center for Prevention Programs and Partnerships: CP3 101

From the DHS announcement:

CP3 works to create a culture of prevention for targeted violence and terrorism in the United States, similar to what we see for other types of violence prevention, so that individuals know that targeted violence is preventable and understand the role they play in prevention. 

We seek to empower ‘prevention providers’, skilled and knowledgeable professionals who directly or indirectly prevents violence by helping people develop the knowledge, attitudes, and skills they need to achieve safe, positive, healthy outcomes.

This ‘CP3101’ will provide an overview of the mission and activities of CP3, and go through the resources that CP3 can provide or recommend so that you can be an effective prevention provider. 

Please see below for additional resources to review: 

• CP3 Website: dhs.gov/cp3
• Learn more about TVTP Grants: dhs.gov/tvtpgrants
• Federal Prevention Resources: dhs.gov/prevention

Wed, Dec 18

3:00 PM – 4:00 PM EST

Online event

REGISTER HERE

Analyst Comments:

Those responsible for security at houses of worship should consider attending the DHS Center for Prevention Programs and Partnerships (CP3) informational webinar to learn about CP3’s approach to targeted violence and terrorism prevention. 

CP3’s programs and resources, to include:

• Evidence-Based Prevention Resources
• The Targeted Violence and Terrorism Prevention Grant Program
• Local Engagement and Technical Assistance
• Prevention Forums 
• The Prevention Resource Finder