FB-ISAO Physical & Cyber Threat Level Updates

The COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways. FB-ISAO’s Threat and Incident Response Group (TIG) continues to assess the ongoing threats and risks to our community and has made the following updates to our Threat Level Assessments:

The TIG has determined to maintain the Physical Threat Level at “CRITICAL,” – our highest level of threat – as it has been since 31 March 2020. The TIG will continue to assess the Physical Threat Level and provide updates accordingly. This determination is valid through sunset on 14 May 2020, and will be periodically re-evaluated, especially with respect to ongoing threats and developing federal, state, local, tribal, and territorial (FSLTT / SLTT) guidance and directives.

The TIG has determined to maintain the Cyber Threat Level at “ELEVATED,” as it has been since 20 March 2020. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. This determination is valid through sunset on 14 May 2020, and will be periodically re-evaluated, especially with respect to ongoing cyber threats.

FB-ISAO continues to strongly encourage members “hold the line.” By hold the line, we mean continue to follow FSLTT guidance and directives and reopen, reenter and resume operations in accordance with, and not ahead of, such guidance and directives.

Regarding the Cyber Threat Level, we do not assess a significant change from the 21 Mar assessment. However, we do consider a sustained higher level of cyber risk as threat actors pivot attack campaigns to leverage themes associated with “Opening Up America Again.” As organizations begin transitioning from strictly online activities back to gathering in person, cyber attackers will closely follow the messaging tone and cadence throughout each gating phase and adjust their lures accordingly.

  • The ploys are the same, but the deluge is unprecedented – Cyber tactics leveraging coronavirus themes will continue at a significant volume for the foreseeable future. Cyber attacks such as phishing, smishing (SMS phishing), disinformation/misinformation, and counterfeit websites purporting to have important or urgent updates will continue to dominate the threat landscape.
  • Think critically – Cyber attackers will continue their attacks to seek financial gain or sow seeds of rumors and disinformation to create chaos and confusion for their amusement.
  • Trust but verify – FB-ISAO members are encouraged to treat every coronavirus-themed, including “Opening Up America Again” communication or situational report with suspicion.

Regarding the Physical Threat Level, as SLTT governments begin to “reopen” their communities, coronavirus remains a serious threat in the United States; beyond the immediate challenges, there is a very real possibility of second and third waves until a vaccine is developed and applied nationwide. Further, many countries around the world – including nations in the Western Hemisphere – are on an upward trajectory and it is expected that the number of cases in many countries will increase in the coming weeks. Based on the health threat alone, we continue to strongly urge members to follow FSLTT guidance and direction and, as directed, to limit the size of gatherings or to forgo physical assemblies, in accordance with that guidance. FB-ISAO strongly discourages defying state and local guidance and directives and encourages members to reopen, reenter and resume operations in accordance with government guidance and directives.

Beyond the pandemic threat:

  • Ramadan continues and, since the first night of the annual Muslim holiday, there have been threats and incidents aimed at mosques and Muslim people (to include in the U.S. and Canada), as captured in recent FB-ISAO reports.
  • 27 April marked the one-year anniversary of the Poway synagogue attack. Such occasions can motivate and inspire like attacks.
  • Continued extremist interest in conducting various attacks and hostile actions against people and places of faith (to include specific anti-Semitic rhetoric relating to exploiting COVID-19 and other extremist discussion and interest in places of worship and people of faith [see previous FB-ISAO and government partner reporting]);
  • May Day / International Workers’ Day (01 May 2020). FB-ISAO is not aware of any credible threat or large scale, worldwide demonstrations during May Day, however, personnel with physical security interests should maintain awareness of locally planned events and take appropriate preparedness actions.

As with April, we assess the month of May to continue to be a CRITICAL threat period.

Recent and upcoming reports and public posts speak to ideas elaborating on these various threats and on mitigation, including the public posts listed above, and recent weekly reports on maintaining preparedness for non-health threats during this pandemic and on upcoming threats. Please contact our team with any questions, needs for information, assistance or any other concerns.

  • We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
  • Join the #covid-19 channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas and actions for others.

As we periodically update these assessments, FB-ISAO’s Preparedness Group (PG) has launched a Pandemic Recovery Group with FB-ISAO staff, PG members, and other government and industry partners, and is also liaising with the venue community in collaboration with the International Association of Venue Managers. This group is developing information which may help inform FBO’s reopening and reentry operations. Interested in helping; contact our team to find out how!

This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.