FB-ISAO

Category: General

  • FB-ISAO Newsletter, v2, Issue 1

    TLP White| FB-ISAO Newsletter was distributed on January 15, and may be accessed below.

    FB-newsletter-January-2020Download

  • FB-ISAO Newsletter, v1, issue 2

    The second TLP White | FB-ISAO Newsletter was distributed on 02 July, and may be accessed below.

    FB-newsletter-July-2019Download
    To access links, download the FB-ISAO Newsletter from the link above.

  • Vizsafe Partners with FB-ISAO to Offer Incident Reporting Capabilities at No Cost!

    Vizsafe Partners with FB-ISAO to Offer Incident Reporting Capabilities at No Cost!

    In cognizance of our mission to provide members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience, our team at Faith-Based Information Sharing & Analysis Organization (FB-ISAO) is always eager to find like-minded partners.

    The Department of Homeland Security has identified Houses of Worship as a prime category of ST-CP, or Soft Targets-Crowded Places, as noted by Assistant Director Brian Harrell in his letter introducing the updated Security of Soft Targets and Crowded Places–Resource Guide last month. He wrote, “The cornerstone of our democracy is a free and open society where citizens can enjoy a wide range of activities without fear of harm. People across the U.S. should expect that they will be safe and secure as they cheer on a favorite team at a sporting event, shop at a mall, attend a house of worship, go to school, dine out with family and friends, or go to a concert.”

    The threats and risks houses of worship and the broader community of faith-based organizations face have been made all to clear in recent headlines and FB-ISAO reporting.  As our team strives to execute our mission, we are always searching for safety services partners who share our commitment to protecting worshipers.  One such partner is Vizsafe, which provides an intuitive and easy to use mobile incident reporting and management platform. 

    Their cloud-based Geoaware®️ platform is currently protecting some of the world’s most valuable facilities where it is used by employees, visitors and first responders.  Vizsafe has generously agreed to provide their base incident reporting and sharing platform to registered Faith Based-ISAO Professional Member organizations at no charge.  We are proud to partner with Vizsafe to provide this service to our members.  Please review the quick reference and visit vizsafe.com to learn more on this mission-enhancing capability.

    Contact FB-ISAO at [email protected] for more and if you’re not already, consider joining FB-ISAO!

    Here is where you can find everything you need to know about joining The Faith Based Information Sharing and Analysis Organization.

  • Truth and Consequences of Digital Extortion

    by Jennifer Lyn Walker and Omar Tisza

    This post was originally informed by a TLP: GREEN FB-ISAO report distributed on 14 February 2019.

    Like every other business type, faith-based organizations (FBOs) are susceptible to digital extortion attacks. History has shown many cyber criminals are not selective in their targets – they exploit vulnerabilities in people, processes, and technology regardless of industry or sector.

    What is Digital Extortion?

    At its core, digital extortion is a psychological tactic designed–through social engineering–to elicit an emotional response primarily through fear, embarrassment, or humiliation, and often aims to profit through ransom payments.According to the FBI, in 2018 extortion by email complaints increased 242%, totaling $83 million in losses.

    Some types of extortion threats are credible, in so far as the threat actor is able to inflict, or has already inflicted disruption or damage to some degree; however, there has also been an uptick in non-credible extortion-based threats during the past year. These empty threats may use personal information, such as passwords or email addresses as intimidation, but are nothing more than hoaxes. While ransomware may be the most well-known type of extortion attempt, there are many variants including the increasingly popular “sextortion” campaign.

    Below is an overview of common types of digital extortion, including ransomware and sextortion, that faith-based organizations are likely to encounter.

    Potentially Destructive, but at the Very Least, Disruptive

    Nary a week goes by without reports of organizations who have fallen victim to ransomware. Ransomware is malicious software (malware) that encrypts files on infected computers, making the files inaccessible until (presumably) unlocked with a decryption key. The malware displays a warning message along with a ransom demand and instructions for payment. The ransom is usually requested to be paid in Bitcoin or other cryptocurrency in exchange for ‘said’ decryption key – which may or may not work, let alone be provided.

    In many cases, organizations have had to rebuild their computers and file systems from scratch, costing valuable time and money – and causing many headaches. Recently there has been a spate of incidents affecting cities, municipalities – and other government entities, charities, non-profit organizations, and FBOs, including a food bank, and a catholic archdiocese.

    Non-Credible Extortion Threats

    In the past year, other extortion-based threats have been known to be non-credible, such as bomb threats and hitman scams. In December 2018, emails containing bomb threats and hitman schemes went viral. These messages gained worldwide attention and awareness for the hoaxes they were, but not before causing major disruptions to countless businesses and individuals.

    The majority of email extortion complaints to the FBI were comprised of sextortion. While not a “credible” threat, perpetrators are adept at crafting sextortion emails that appear believable enough to evoke fear or concern. A recipient receives an email purporting that the scammer has compromised their computer and stolen all their files, including contacts and browser history. The email further threatens the victim with public disclosure of unsavory pictures or videos to family, friends, and colleagues (allegedly captured with malware they placed on an “adult” website they visited) unless a ransom is paid for the scammer to keep quiet. These fraudsters do not have the “dirt” they claim; nonetheless, some include personal details to make the ruse seem more credible to increase the chance victims will pay the ransom. There is even a variation that looks like it comes from your own email address as the fraudsters want you to think they have also compromised your email account. 

    Conclusion

    In addition to ransomware, FB-ISAO believes that FBOs are likely to observe sextortion-based attacks. Given the personal and sensitive nature and appearance of impropriety, malicious actors would victimize the community of faith on what could be perceived as the need to protect image and reputation by succumbing to ransom demands. Yet, contrary to the majority of FBI complaints, for those same reasons, it is plausible that sextortion emails in the faith-based community are likely to go unreported.


    Incident Reporting

    It is also important to report digital extortion incidents to the appropriate authorities and share with the broader faith-based community to improve security and resiliency.

    o   Report all incidents to the FBI through the Internet Crime Complaint Center (IC3)

    o   If there has been a financial loss, you should (and in some cases, may be required to) contact local law enforcement

    o   Report the incident to FB-ISAO for broader awareness among the Community of Faith

    Jennifer Lyn Walker is a cybersecurity professional with over nineteen years’ experience supporting critical infrastructure and SLTT governments. As Director, Cybersecurity Services for FB-ISAO and Gate 15, she advises and consults on cyber threats related to homeland security for critical infrastructure and vital lifeline sectors, including WaterISAC. She is experienced in malware analysis, threat assessments, cyber threat intelligence, compliance, and cybersecurity awareness.

    Omar Tisza graduated from American University in 2017 with a bachelor’s in International Relations. After a brief stint in business development on the federal market, he began his role as Jr. Risk Analyst at Gate 15 in 2018 and currently supports the Health Information Sharing and Analysis Center (H­ISAC) and the Healthcare Sector Coordinating Council – Cybersecurity under the leadership of Executive Director Greg Garcia, former Assistant Secretary for Cyber Security and Communications at DHS.

    Join FB-ISAO! We welcome faith-based organizations, charities and critical partners to join FB-ISAO. Access our TLP AMBER and TLP GREEN reports, join our collaborative forums, working groups, participate in leadership opportunities and take the next step in enhancing your organization’s preparedness, security and resilience!

  • Multi-Faith Targeted Violence Roundtable Meeting at the FBI

    Multi-Faith Targeted Violence Roundtable Meeting at the FBI

    Mayya Saab, of the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) had the honor of attending the Multi-Faith Targeted Violence Roundtable meeting at FBI Headquarters on 18 June 2019. This was a meeting between leaders of faith-based organizations (FBOs) and members of government, who are given the difficult task of preventing bias-based attacks on religious institutions. Safety of houses of worship is a mammoth task and one that government cannot do alone, so the task requires close collaboration between government, faith-based leaders and the community. Representatives from the Christian, Muslim, and Jewish faiths included leaders from the Christian Emergency Network, Secure Community Network and the Muslim Public Affairs Council.

    There were multiple presentations such as:

    • Counterterrorism and Criminal Investigative Divisions Threat Briefs
    • Communal Response to Mass Casualty Incidents
    • Pre-Attack Behaviors of Active Shooters

    Especially poignant were presentations on lessons learned from the Sutherland Springs Church Shooting. During that presentation, a deep discussion on the assailant’s behavior leading up to, and including, the day of the shooting took place. Another presentation covered the Oak Tree Temple Shooting. This presentation was particularly personal for the FBI agent who responded to the event since the Oak Tree Temple was his house of worship and some of the victims were his family members. There was a discussion about the effect of these types of incidents on law enforcement personnel. On multiple occasions, attendees expressed gratitude to law enforcement for their work on protecting houses of worship.

    The FBI provided information about the current threat environment. Here are some key points for the community to note:

    • Most perpetrators of crime against religious institutions are males between the ages of 19-25
    • As of late, violence comes first (that is an act is committed) and then the perpetrator picks an ideology after the attack
    • There were 66 cases of domestic terrorism in the first half of 2019 as compared to 115 in all of 2018
    • Domestic Terror Groups are less threatening than individuals based on reported cases of domestic terrorism
    • The internet and gaming are contributors to violent behavior
    • The average planning phase for a violent crime is 1-2 months
    • The average preparation phase for a violent crime is less than 24 hours
    • Most perpetrators of violence have bought their weapons legally

    The FBI and DHS issue and maintain multiple products designed to inform and educate FBOs and individuals on what they can do to prepare for hostile events. Here are publications that were specifically referenced during the meeting:

    What can an FBO do?

    • Reach out to local law enforcement and establish relationships
    • Start preparing an emergency plan. There are many resources available to help an FBO prepare for an emergency – which planning document you use depends on preference
    • Join FB-ISAO. FB-ISAO issues reports to help FBOs mitigate risk and to become more resilient. FB-ISAO also encourages collaboration between members so that they can learn from each other. Members can also share best practices and support each other’s preparedness activities

    The meeting concluded with a deep commitment to public private partnerships – that is partnership between government and private organizations, like FB-ISAO. Also affirmed was the need for greater communication and collaboration between government and faith-based groups. Although this meeting was the first of its kind, it is expected that there will be future meetings to follow-up on action items and to establish an on-going dialogue between government and faith-based leaders and their communities.

  • FB-ISAO Newsletter, v1, issue 1

    FB-ISAO Newsletter, v1, issue 1

    The first TLP WHITE | FB-ISAO Newsletter was distributed on 06 Jun, and may be accessed below.

    FB-newsletter-June-2019Download
    To access links, download the FB-ISAO Newsletter from the link above.
  • FB-ISAO: How We Got Here

    FB-ISAO: How We Got Here

    By Andy Jabbour

    TL;DR:

    • The idea of ISAOs was codified in 2015’s Executive Order 13691 and follows from the success of the ISACs, first developed in 1998.
    • The idea of FB-ISAO followed shortly after, and the initial undertaking began in late 2015.
    • Initially, the effort struggled and was reenergized in early 2018.
    • In May of 2018, FB-ISAO entered into its Initial Operating Capability phase, establishing capabilities, reporting, tools, and the community.
    • In May 2019, FB-ISAO is excited to enter the next phase of our operational development and organizational maturity as we transition to our membership model and enhanced engagement and capabilities.

    Information Sharing and Analysis Centers (ISACs) got their start in 1998 through an executive order from then-President Clinton. Over the ensuing years, ISACs developed across critical infrastructure, each developing uniquely to its community – or Sector. As the model succeeded, and as the cyber threat landscape developed and became more threatening, in February 2015 then-President Obama issued Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing, which stated that, “The Secretary of Homeland Security (Secretary) shall strongly encourage the development and formation of Information Sharing and Analysis Organizations (ISAOs)… ISAOs may be organized on the basis of sector, sub-sector, region, or any other affinity, including in response to particular emerging threats or vulnerabilities.”

    Having spent a few years in support of DHS, working with many of the ISACs, and then going to work directly for the ISAC community, I began to discuss the wisdom of this initiative with a few of my close colleagues and we pondered where this idea made sense. At first, we struggled, but over time, a few areas began to make sense. Among those, most notably to a couple of us was the community of faith. Based on a combination of our personal faith and concern over a vulnerable community, we determined to develop the Faith-Based Information Sharing and Analysis Organization, or FB-ISAO. By late 2015 we were developing the concept and working with trusted partners in government and industry to begin to gain support for the initiative.

    Turns out, it was really hard. There simply wasn’t a lot of interest from the community and after several months of frustrated efforts, in summer 2016, we sadly decided to table the project until we could more deliberately pick it back up. Over the following year and change, one trusted partner moved on, but new opportunities brought new resources and new team members with a passion for their faith and the security of our country. After a few months of discussion, as 2018 began, we renewed the effort to develop FB-ISAO and in May 2018, the organization was formally established.

    The Faith-Based Information Sharing & Analysis Organization (FB-ISAO) provides members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience. We perform our mission across the all-hazards threat environment – including physical security, cybersecurity, public health, and natural disasters.

    Underwritten by Gate 15 resources and personnel, FB-ISAO began its Initial Operating Capability phase, establishing baseline reporting and communications capabilities, reengaging with partners across government, establishing a trusted Advisory Board of leaders, and engaging the community of faith at events, through reporting, and other outreach. As we developed the community, we also continued to mature our capabilities, building on our start and, with good counsel from our Board and others, developed new tools, capabilities and a reasonable membership model that could be accepted by the community.

    This year has seen tragedy and high-impact incidents to faith-based facilities and believers around the world and across the all-hazards threat environment. From the horrendous killings in New Zealand and Sri Lanka to our own nation with the hateful attack in San Diego, to high-dollar cybersecurity incidents and data breaches, the first few months of 2019 have underscored in a terrible way the very reason FB-ISAO needs to succeed.

    As many organizations ponder their security posture and their readiness to meet the threats they face, to protect their facilities, their staff, those that come to work, those that come to worship and all those that come to seek God and find the fulfillment in faith that is a vital part of our American story, we – as a community – must work together. With our partners in the private and public sectors, we must take the reasonable and responsible steps to understand the threats, assess the risks, and take appropriate preparedness and operational actions to support the National Preparedness Goal of: “A secure and resilient Nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk,” especially as it pertains to Faith-Based Organizations.

    As we progress into the next phase of our operational development and organizational maturity and transition to our membership model and enhanced engagement and capabilities, we hope to continue to grow our community, our collaboration, and the security and resilience of our nation’s community of faith. This will be a process, will take time, and will take commitment from the community itself. I hope many of you will join us. For the good of our country and for all who seek to serve and know God, FB-ISAO will continue to do everything we can to help FBOs “protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk” to our community and our way of life. We are stronger together. We are better together. I hope you’ll join us. We need leaders, we need collaboration – we need you to help our country and our community. Find out more at FB-ISAO.

    Read more on membership from the link at left and below.

  • Hostile Events: A Real & Ongoing Threat to Faith-Based Organizations

    Hostile Events: A Real & Ongoing Threat to Faith-Based Organizations

    by Andy Jabbour, Managing Director, FB-ISAO

    Every month, FB-ISAO provides a TLP GREEN report, the FB-ISAO Monthly Threat Overview. The report is developed over a specific reporting period by a team of analysts. The report addresses all-hazards – to include physical, cyber, natural hazards, and health threats. Reviewing the draft of the most recent report, finalized and distributed on 24 May and covering the period from 25 April – 22 May 2019, I was amazed by the remarkable number of incidents that were included. 

    Addressing the area of hostile events, the report notes, “The persistence of domestic arrests, incidents, and continued jihadist and other extremist rhetoric remains a direct threat to the Faith-Based Organizations (FBOs). We continue to consider the threat of lone actor or a small group of extremists to be a credible threat. Over the past month, there were several events and arrests that continue to serve as reminders of the continuous physical security threats facing the sector.” 

    “Our right to worship freely and without fear is fundamental to life in America.”

    Renn Cannon, Special Agent in Charge of the FBI in Oregon

    The complete physical security section includes incidents involving vandalism, theft, harassment, arrests and other notable events. But it was the section covering Active Shooter & Hostile Events that jumped out at me. An excerpt from that section follows. I encourage you to review the list of incidents and let that sit with you for a few moments. 

    Image by Free-Photos from Pixabay

    Is your organization properly, reasonably, and responsibly addressing the risks you are facing? Are you actively working on preparedness and operations to protect and prepare your people and places?

    FB-ISAO will be providing our second offering of the Hostile Events Preparedness Series educational presentation on 20 June. It is free, and only costs you an hour and a half of your time. Contact our team for more information on that event. Consider joining FB-ISAO, tying in to our growing community of security-focused faith leaders and help enhance the security and resilience of your FBO and our collective community of faith. As recently stated by Renn Cannon, Special Agent in Charge of the FBI in Oregon, “Our right to worship freely and without fear is fundamental to life in America.” Are you doing everything you can to help protect and prepare your people and places so all Americans, and those within our boarders, are able to “worship freely and without fear?” 

    The complete FB-ISAO Monthly Threat Overview goes into additional incidents, other threat vectors and provides resources for members. As a TLP GREEN report, it is available to all Standard and Professional members, as well as our Government and Law Enforcement members (read more on membership here). 

    Active Shooter & Hostile Events, for period from 25 April – 22 May 2019.

    • Over the weekend of 18 to 19 May in Chicago, Illinois, separate incidents of attempted arson and vandalism occurred at local synagogues. Worshipers who arrived at one synagogue Sunday morning discovered broken glass and charred black rags outside the building. Police later confirmed that an unknown assailant twice attempted to set the building on fire around midnight on Saturday. No one was injured and there was no damage to the synagogue. Police were also investigating vandalism outside several synagogues in the city’s West Rogers Park neighborhood, where the windows of cars parked outside the building were smashed early Sunday morning.
    • On 15 May in Kalamazoo, Michigan, a fire destroyed a church. It took two dozen firefighters over four hours to douse the fire. The building is a total loss, and a home next door suffered exterior damage from the intense heat. The fire marshal didn’t yet know what sparked the fire; federal agents joined the investigation.
    • On 12 May in New Haven, Connecticut, a fire broke out at a mosque that is still under construction. Officials said they believe the fire was intentionally set. The fire started on the first floor of the building and spread to the second level.
    • On 12 May in Dablo, Burkina Faso, gunmen killed six people, including a priest, as Mass was being celebrated in a church. The attackers, said to number between 20 and 30, then burned down the church. The town’s mayor said there was panic as other buildings were burned down and a health center looted. As noted below, a Protestant church was attacked in Burkina Faso on 28 April, resulting in the deaths of a pastor and five congregants. Islamist groups have been blamed for a number of attacks in the West African nation in recent years.
    • On 11 May in Arlington, Massachusetts, a fire was set outside the home of a rabbi that serves at a Jewish center. The incident is being investigated as a hate crime. Police asked for the public’s help in identifying a person caught on a neighbor’s video camera walking away from the home around the time of the fire. Firefighters put out the small fire that burned the shingles of one side of the building. Police and town officials have no evidence yet that the location or its Jewish homeowners were targeted because of their religion, but “are leaving open and actively investigating the possibility of a hate crime.” On 16 May, another fire was set at the Jewish center. The fire, which was on the home’s exterior wood shingles, was small, and firefighters were able to put it out using a hand-held extinguisher. 
    • On 10 May in Couva, Trinidad, a 57-year-old businessman was killed inside a mosque, although the country’s attorney general said the incident should not be labelled as an act of terrorism nor a hate crime. eyewitnesses said the businessman was mingling with fellow Muslims outside the mosque when he was approached by a gunman. He then ran up a flight of stairs and into a prayer room, where he was killed.
    • On 9 May in Charlottesville, Virginia, a hit and run occurred near a mosque. Police said a dark colored Sedan struck a man’s arm while he was walking along the street. Another member of the mosque claims a car with the same description swerved at her while she was walking to the mosque earlier the same week but at the time, she did not think anything of it. The mosque had been bolstering its security measures in previous months.
    • On 9 May in London, England, a man fired a shot outside a mosque during evening prayers for Ramadan. The man was reported to have entered the mosque but was “ushered out” by those inside, police said. A shot was heard shortly after. Police said there were no injuries and they were not treating it as a terrorist incident. They said they believed the shot came from a blank-firing handgun. One theory police are considering is that the gunshot followed a dispute linked to gangs or criminality which started in the street and then moved into the mosque.
    • On 6 May in Brooklyn, New York, a Hasidic Jewish man was assaulted in an unprovoked attacked. Without saying a word, one of the men walked up to the victim and punched him in the face. Another suspect yelled anti-Semitic slurs at the man. The group fled the area. The man was not seriously injured.
    • On 6 May, French police arrested a 16 year old in Strasbourg, France for actions in conjunction with a plot to attack security forces and possibly Elysees Palace. This arrest is in connection to the arrests in April of three adults and one teenager who had allegedly planned an attack “to coincide with the start of the Muslim holy month of Ramadan… with officials saying the suspects had scouted out areas near the Elysee and a police station in the Parisian suburb of Aulnay-sous-Bois.” French authorities believe this individual published a video pledging allegiance to the Islamic State. 
    • On 28 April in Cincinnati, Ohio, a family of four Sikhs were shot and killed inside their apartment complex. Locals in neighboring apartments said they heard a barrage of gunfire, which forced them to rush out on the streets. However, the alleged killer had fled from the spot. Local police launched a probe into the attack, which is as of now being suspected as an act of “hate crime.” 
    • On 28 April in Burkina Faso, unidentified gunmen killed a pastor and five congregants at a Protestant church, the first attack on a church in a country that has seen an upsurge of Islamist violence this year. Burkina Faso, which boasts of a history of religious tolerance, has been beset by a rise in attacks as groups based in neighboring Mali seek to extend their influence over the Sahel, the arid scrubland south of the Sahara. The government declared a state of emergency in several northern provinces bordering Mali in December because of deadly Islamist attacks, including in Soum, the region where Sunday’s attack took place.
    • On 27 April near San Diego, California, a shooter who appears to have posted an open letter riddled with anti-Semitism and racial epithets opened fire at a San Diego County synagogue on the last day of Passover. Police said the man opened fire with a rifle, killing one woman and wounding a girl and two men, including a rabbi. Police said the shooter left after his rifle possibly jammed and was fired upon as he fled by an off-duty Border Patrol agent working as a synagogue security guard; the agent struck the getaway car but did not wound the man. A San Diego police officer en route to the synagogue heard details on the radio and confronted the suspect where he had pulled over along the road near Interstate 15. Officials said he surrendered without incident and a rifle was discovered on the front seat.
    • On 26 April in Los Angeles, California, a man deliberately drove a vehicle into a crowd of people, doing so because he thought they were Muslim, police said. Eight people were injured in the incident, including three members of the same family. A lawyer for the man said the incident “was clearly the result of a mental disorder”, and he would seek psychiatric treatment for his client, who he described as a military veteran possibly suffering from PTSD.
    • On 25 and 23 April in Bethlehem, Pennsylvania, fires were set at a church. The first fire built a thick, black smoke cloud around the building, but had burned out by the time authorities arrived. It was ruled arson by the Bethlehem city fire marshal. The motive was unclear, according to a statement from the Bethlehem police, but the fire appeared to have been started in the sanctuary area of the church. Then, just two days later, firefighters were at the church again, extinguishing a blaze which was contained to the roof of the structure, right above the sanctuary area. By 26 April, police had arrested a man in connection with the fires, charging him with arson, burglary, and criminal trespass.
    • On 23 April in Austin, Texas, a man attempted to commit arson at a mosque. He was captured on security video just after midnight pouring what appears to be gasoline on the side of the building and then attempting to light the fluid. The mosque was the target of repeated vandalism last fall. It hired an armed security guard after tires were slashed and the building’s front doors and windows were shattered in September.
    • On 22 April in Sri Lanka, a van parked near a church that was bombed on Easter Sunday exploded; no injuries have been reported. Police went to inspect the van Monday after people reported it had been parked near St. Anthony’s Shrine since Sunday. They discovered three bombs that they tried to defuse. Instead, the bombs detonated, sending pedestrians fleeing in panic.
      • On 7 May, it was reported that there have been increasingly violent clashes in Negombo, the site of St. Sebastian’s Church (one of the three churches that was bombed on Easter), with mostly-Catholic mobs attacking and vandalizing Muslim-owned shops, homes, and vehicles. Negombo suffered the highest death toll in the Easter Sunday attacks. The bomb at St. Sebastian’s killed more than 100 worshippers. The violent attacks prompted Sri Lanka’s Roman Catholic Church to call for the hostility against Muslims to end.
      • On 2 May, Sri Lanka’s Catholic Church said it would not resume Sunday services as planned on May 5 after the government warned of more possible attacks by an Islamic State-linked group. It was the second week following the attacks in which the Catholic diocese canceled services. Instead of public services the first Sunday after the attacks, the cardinal delivered a homily at his residence that was broadcast live on television.
      • On 12 May, Sri Lanka’s Catholic Church held the first regular Sunday Mass since the attacks. Military forces and police armed with assault rifles patrolled the streets leading to churches and stood guard outside the compounds. Everyone entering was required to produce identity cards and be body searched. Volunteers were stationed at the gates of churches to identify parishioners and look out for any suspicious individuals. Parking was banned near the churches and officials urged worshippers to bring only minimum baggage.
      • On 29 April, Sri Lanka announced a ban on Muslim women wearing face veils. Although the niqab and the burka, which are worn by Muslim women, were not specifically named in the ban, any face garment which “hinders identification” is no longer permitted to ensure national security, the president’s office said.
      • On 23 April, the Islamic State claimed credit for the bombings. Independent media groups that produce posters and videos supporting the Islamic State have used the attack to push for more jihadist operations. One poster depicts a jihadist with dark blond hair in military fatigues entering a bombed-out church: “O worshippers of the Cross you will not enjoy your living, you have opened up the gats of hell to yourselves by waring [sp] us, so wait for what will embitter your life, and what is coming is more bitter and more disastrous.”
      • As reported in the Monthly Threat Brief for April, on 21 April coordinated suicide bombings occurred at three churches and three hotels in Sri Lanka, killing approximately 250 people and injuring at least 500 more. The three churches, all of which were conducting Easter services at the time of the explosions, are located in the cities of Colombo, Negombo, and Batticaloa. The three hotels targeted by the bombings are all located in the Colombo, Sri Lanka’s capital, and are popular with foreign tourists and the country’s business community.
    • On 21 April in San Diego, California, members of a church tackled a woman carrying a baby and handgun as she threatened to blow up the building. San Diego Police arrived within two minutes of the first call and took the woman into custody, the department said in a statement. Churchgoers were able to take the baby from the woman’s arms and pry the gun from her hands before tackling her to the ground. A bomb-sniffing dog found nothing in a sweep of the building and the suspect’s car, police said. Police said her gun was not loaded.
    • On 16 April in Winnipeg, Canada, an employee of a café was attacked and the inside of the building was spray-painted with a swastika in what was described as an anti-Semitic attack. A local church was planning a vigil to support Winnipeg’s Jewish community after the incident.

  • Improving Resiliency Through the Nonprofit Security Grant

    Our partners at FEMA, developed an FAQ on the Fiscal Year (FY) 2019 Nonprofit Security Grant Program (NSGP).

    The Fiscal Year (FY) 2019 Nonprofit Security Grant Program (NSGP) provides funding support for security related activities to nonprofit organizations at risk of a terrorist attack. For a nonprofit to qualify for the grant, it must meet the description under section 501(c)(3) of the Internal Revenue Code of 1986 (IRC) and exempt from tax under section 501(a) of such code. A nonprofit can be considered vulnerable to attack (e.g. verbal threats, vandalization) if an attack has occurred at the facility. A nonprofit may also qualify if current events indicate that a nonprofit may be a target because other organizations have been targeted due to a similar mission, belief, or ideology.

    Grant allocations can be used for emergency response planning activities, equipment, training and exercises.

    The application window opened on April 12, 2019. The deadline for applications is determined at the state level. Links to state contacts can be found here. The Fiscal Year (FY) 2019 Nonprofit Security Grant Program (NSGP) is a program that Faith-Based Organizations can benefit from, directly, to improve their security posture and resiliency. Questions about the grant application process and deadlines can be directed to [email protected].

  • ACCESS CONTROLS: IS THAT A PHYSICAL OR CYBER SECURITY ISSUE? (YES.)

    ACCESS CONTROLS: IS THAT A PHYSICAL OR CYBER SECURITY ISSUE? (YES.)

    by David Pounder & Omar Tisza

    Image by Pete Linforth from Pixabay

    Blended threats, in which attacks can cause harm to both cyber and physical systems, are a growing reality for many organizations.The more connected organizations and individuals become, the more impact technology has on their respective physical worlds. In March 2019, we were reminded of how the opposite can be true when two journalists were able to access sensitive fiber optic communications cables simply because someone forgot to lock the gate. Once they gained unimpeded access to the station, the journalists were able to go into a “nondescript hut” where the Hibernia Submarine Communication Cable reaches the British mainland. Despite having CCTV on site, the journalists were not challenged. Had they been there for nefarious purposes, they could have executed physical actions, such as tampering with cables, which could have had a direct cyber-related impact. 

    • blended threat is a “deliberate, aggressive action that causes harm to both cyber and physical systems”and a growing reality for many organizations. 
    • One of the biggest concerns facing both physical and cyber security disciplines centers on access controls, whichare designed to protect employees/personnel and prevent unauthorized physical access to facilities, equipment, materials, documents, data, and to ensure network activities can continue uninterrupted.
    • For the Faith Based Organizations (FBO), this means ensuring physical security controls safeguarding computer networks and infrastructure systems are equally prioritized as cyber controls to prevent theft of sensitive information and financial data and prevent any type of disruptions or exploitation to operations. 

    For most of us, it is common to think of ways in which cyber actions impact physical security, such as the Ukraine powerplant attackMirai botnet attack, or this amusing Amazon thermostat review. But when physical actions have a cyber impact, it is a stark reminder that physical and cyber security go hand-in-hand and need to be addressed concurrently, especially in the area of access controls. Once a user is granted access to a system or network cybersecurity controls manage and track activity, but actions leading up to that access, and afterwards, are in the realm of physical security.[Understanding the various ways in which the two disciplines work together–within access controls–can help organizations from all industries improve their overall security posture.

    Image by Peggy und Marco Lachmann-Anke from Pixabay

    For FBOs, physical access controls may not have as much direct impact as a larger business – but useful nonetheless – even with smaller staff. FBOs maintain sensitive financial and personal information about their members which make them an attractive target for cybercriminals. As part of their risk management approach, FBOs are encouraged to undergo a risk assessment to determine relevant controls for the type of information being protected. For example, while it may not be practical to install a badging system, key pads or safes would be viable solutions to protect sensitive information from unauthorized physical access. Considerations for risk assessments include: 

    • Key & Badge Control. Employees with access to sensitive materials through a badge or key, must be aware of the responsibility that comes with this level of access. Additionally, organizations must also account for those keys through inventories. Some areas that require physical access controls include telecommunications rooms, power supply rooms, HVAC systems, server rooms, and data centers.
    • Employee Termination or Change in Job Responsibility. A prime consideration around access controls addresses what happens when an employee vacates their role. It is important to work with Human Resources in these instances, but managers may need to ensure employees have the appropriate level of access that corresponds to their new role. This includes employee termination and procedures to delete access, as well as adjusting access as employees move within the organization. Likewise, personnel and responsibility changes can disgruntle employees or motivate malicious users to harm the organization. 
    • Clean Desk Policy. While many organizations are moving to paper free offices, documents containing sensitive information may still be printed. Having a clean desk mitigates the risk of exposing sensitive material to unauthorized individuals.
    • Laptop Computers. Portable devices used within an office need to be physically secured when left unattended, even in the office during normal business hours, to mitigate against unauthorized access to sensitive data. Likewise, never leave portable devices unattended in public spaces.

    Additional unauthorized access tactics that security teams should be on guard for include:

    • Tailgating.“Occurs when one or more people follow an authorized user through a door.” Sometimes individuals with authorized building access will hold the door for others who may not be authorized to enter out of courtesy. 
    • Door Propping.“Propping doors open, most often for convenience, is another common way unauthorized individuals gain access to a location and potentially create a dangerous situation for the people and assets within.”
    • Levering Doors.“Many doors can be levered open using something as small as a screwdriver… Advanced access control systems include forced-door monitoring and will generate alarms if a door is forced.”

    In our increasingly blended threat environment, FBOs need to continue to increase their mutual understanding and collaboration within the cyber and physical disciplines. Increased awareness of the various ways in which the two disciplines work together within access controls can help organizations from all industries improve their overall security posture. So, to answer the question, are access controls a physical or cyber security concern, the answer: BOTH.

    Consider joining FB-ISAO!

    Read more on membership from the link at left and below.

    David Pounder is the Director for Intelligence and Analysis at Gate 15, supporting FB-ISAO. Dave provides expert threat and risk analysis, assessments and special project support for internal activities and client needs.

    Omar Tisza is a Jr. Risk Analyst at Gate 15. After a brief stint in business development on the federal market, he began his role as at Gate 15 in 2018 and currently supports a number of efforts, including the Health Information Sharing and Analysis Center (H­-ISAC) and the Healthcare Sector Coordinating Council.


Show Buttons
Hide Buttons