FB-ISAO Current Threat Level

This threat level statement is current as of 02 April 2026.

Physical Threat Level Raised to SEVERE

Cyber Threat Level Remains ELEVATED

 

FB-ISAO recognizes that during a time of such political divisiveness, observations and assessments may be seen as supportive of one political idea or another. FB-ISAO, and our working groups, strive to be apolitical and unbiased in all of our efforts.

 

FB-ISAO’s Cyber Threat Intelligence and Operational Resilience working groups actively monitor reports and continually observe a broad array of threat and hostility indicators to people and places of faith. We examine the local impacts of events relating to ongoing conflicts around the world and the related activities of threat actors internationally and domestically to arrive at our assessments.

 

OVERALL ASSESSMENT

We assess that, in light of all presently available indicators, the general threat of physical and cyber attacks against Houses of Worship in the United States is raised to SEVERE. We understand that individual Houses of Worship, given their faith, geographic location, socio-political/ethnic demographics, and degree of local tensions may not consider their threat as severe and should adjust their posture accordingly. Review our Threat Level Explainer.

 

    • Physical threats are assessed as SEVERE, driven by credible indicators of hostile intent toward houses of worship, recent domestic attacks, and escalation linked to global conflicts involving Iran, Israel, and South Asia.

    • Cyber threat levels remain ELEVATED, with increased hacktivist activity tied to geopolitical conflict; while no specific campaign against faith institutions is confirmed, symbolic and opportunistic targeting remains a concern.

    • The threat environment is shaped by a convergence of global conflict, domestic polarization, and violent extremist rhetoric, increasing the likelihood of low‑warning, lone‑actor, or copycat incidents. 

    • FB‑ISAO strongly recommends sustained heightened vigilance and security measures, including coordination with law enforcement, updated emergency planning, access control, and proactive reporting of suspicious activity.

 

We recognize that the combination of global geopolitical tensions, combined with domestic unrest and persistent political polarization make it likely that the threat level will remain “Severe” for the foreseeable future. FB-ISAO will continue to closely monitor events and make appropriate revisions to this threat assessment as needed.

 

These assessments are supported by recent examples and documented threat reporting showing both direct risks to houses of worship and broader hostility toward religious communities, with confidence that continued physical events and incidents targeting houses of worship are highly likely.

  • Confluence of domestic and global events.
    • The current situation in the Middle East, Iran, Israel plus heightened tensions between Hindu and Sikh devotees in India.
    • Normalization and violence surrounding antisemitism and Islamophobia.
    • Polarization of U.S. politics, loss of center and mitosis toward fringe movements.
    • Violent rhetoric on social media, on-line radicalization, rise of terrorist recruitment among radical left, right, accelerationist and nihilist organizations – all of which advocate violence as an acceptable tool of social, political and cultural change.
  • Potential for cyber threat activity. The most concrete example is the suspected Iran‑linked attack of the Orthodox Jewish news site Yeshiva World News during the current Iran conflict, which temporarily took the site offline and aligns with U.S. DHS expectations that Iran‑aligned hacktivists would focus on low‑level web defacements and DDoS against symbolic targets such as religious and media outlets.

 

All member and partner organizations are advised to sustain enhanced security awareness and readiness measures, ensure incident response plans are current, and maintain close coordination with relevant law enforcement and information-sharing partners.

 

Regular updates are being shared in the Faith-Based Daily Awareness Post, shared via email and available on our blog.

 

Practical Security Recommendations for Houses of Worship

Houses of worship can reduce risk during the current threat environment and beyond by combining simple planning, trained people, and practical facility measures that preserve a welcoming atmosphere while making it harder for someone to do harm, easier for staff and volunteers to notice warning signs, and faster for the congregation to respond effectively if something happens.

  • Appoint one person or a small team to coordinate safety and security decisions, training, and incident reporting.
  • Coordinate with local law enforcement and emergency management, invite them for a site walk-through, and share basic facility information before a crisis.
  • Complete a basic security self-assessment to identify gaps in access control, surveillance, children’s areas, opening and closing procedures, and special events.
  • Build and practice a simple emergency plan that covers evacuation, lockdown, sheltering, medical emergencies, fire, severe weather, and hostile events.
  • Train greeters and ushers to notice suspicious behavior, use non-confrontational techniques, and quickly escalate concerns.
  • Strengthen entry control during services by limiting unlocked doors, monitoring main entrances, and keeping clear sightlines with lighting and trimmed landscaping.
  • Report suspicious activity promptly so authorities can identify patterns and respond early.

 

DISCUSSION

Due to conflicts in the Middle East, Iran, and India, and increased polarization reflected in U.S. politics and social media for both religious and sectarian tensions, the potential exists to trigger a physical or cyber incident with little or no advance warning. Therefore, FB-ISAO assesses the current threat environment warrants an overall posture of SEVERE. This assessment is driven primarily by an increase in physical security concerns, including elevated reports of hostile activity and credible threats targeting houses of worship. While no direct cyber threats have been identified against the faith-based community, the rise in cyber activity across multiple sectors underscores a heightened risk landscape that could spillover, thus requiring increased vigilance. 

 

ANALYSIS OF THE CURRENT PHYSICAL THREAT ENVIRONMENT

In light of all presently available indicators, we assess that the current physical threat level for the community of faith is SEVERE, indicating a high likelihood of targeted violence, disruptive activity, or hostile acts against religious facilities, gatherings, and affiliated individuals, including easily identifiable members of targeted religious faiths. This assessment reflects credible indicators of a high threat environment that is likely to continue for an extended period to include hostile intent, a sustained pattern of extremist interest in houses of worship, and a heightened security environment shaped by recent geopolitical escalation involving U.S. strikes on Iran.

 

While the current U.S.-Iran War is a significant driver in the recent increase in threats at home and abroad, recurring attacks in the U.S. and Canada on Hindu Temples and Sikh Gurdwaras reflect ongoing sectarian conflict in South Asia that has escalated from graffiti and vandalism to kidnap and murder.

 

Currently, the highest profile domestic incident is likely the March 12 ramming attack targeting Temple Israel in West Bloomfield Township, Michigan while dozens of children were learning inside the complex. The attack involved a truck laden with improved explosives and a gunman who exchanged fire with security personnel before dying of a self-inflicted wound. There were no other deaths. The attacker’s primary motivation appears to have been the death of multiple family members in a March 5 Israeli airstrike in Lebanon. Other attacks and potential attacks targeting synagogues have explicitly been linked to the war and threats to the Jewish community as a whole have increased dramatically since the start of the war.

 

Abroad, the group Harakat Ashab al Yamin al Islamia, which only began activities after the initial strikes on Iran, has claimed credit for six terror attacks across Europe, including a fire attack targeting four ambulances outside a Jewish community rescue service in London. Based on patterns of behavior from prior terror groups, it is likely some or all of the attacks were lone wolf incidents the group later took credit for.

 

ANALYSIS OF THE CURRENT CYBER THREAT ENVIRONMENT

Additionally, we assess that the current cyber threat level of the community of faith remains ELEVATED. While there is cyber activity associated with the conflict, reporting so far does not show a clear pattern of Iran‑attributed cyber attacks specifically targeting U.S. houses of worship or faith‑based organizations. Rather, reporting documents a surge in pro‑Iran and pro‑regime hacktivist operations – including DDoS (distributed denial of service), website defacements, and hack‑and‑leak activity – against Israeli and Western organizations framed in religious, symbolic, and ideological terms.

 

We continue to encourage preparedness and vigilance against routine threats and ongoing challenges such as ransomware, business email compromise, and scams. An organization’s public stance on various social and political topics could see it the target of hacktivists. Basic security measures including robust, unique passwords, and implementing multi-factor authentication (to include online meeting passcodes) significantly reduce the likelihood of a successful attack.

 

The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.

 

Refer to the FB-ISAO Resource Library for resources related to:

  • Securing Facilities and People
  • Securing School Facilities and Students
  • Protecting Digital Assets
  • Protecting from Health Threats and Natural Hazards
  • Informing Preparedness Activities

 

Additional Resilience Resource

Eight Recommendations for Jewish Communities (this resource is written by SCN for the Jewish Community, but the practices are appropriate for all communities of faith)

  1. Ensure awareness and coordination with law enforcement and/or security professionals servicing your community or region  
  2. Extend the protections or security of your event’s/facility’s perimeter as far as possible  
  3. Open events only to identifiable individuals and pre-screened invitation lists (e.g., no mass emails to the broad public)  
  4. Require registration and verification of registrants for events open to the public 
  5. Provide details of location, time, and other information only upon confirmed registration  
  6. Allow access control (locks and entrance procedures) to known, confirmed registrants/attendees into the facility/event  
  7. Remain vigilant and report suspicious activity
  8. Add armed on-duty or off-duty law enforcement, private security, and/or volunteer teams as additional layers of protection wherever possible