FB-ISAO Physical Threat Level Remains CRITICAL; Cyber Threat Level Returns to GUARDED

The COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways. FB-ISAO’s Threat and Incident Response Group (TIG) continues to assess the ongoing threats and risks to our community and has made the following updates to our Threat Level Assessments:

The TIG has determined to maintain the Physical Threat Level at “CRITICAL,” – our highest level of threat – as it has been since 31 March 2020. The TIG will continue to assess the Physical Threat Level and provide updates accordingly. This determination is valid through sunset on 01 June 2020, and will be periodically re-evaluated, especially with respect to ongoing threats and developing federal, state, local, tribal, and territorial (FSLTT / SLTT) guidance and directives.

The TIG has determined to return the Cyber Threat Level to “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general risk of cyber attacks exist. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. This determination is valid through sunset on 01 June 2020 and will be periodically re-evaluated with respect to ongoing cyber threats.

FB-ISAO continues to strongly encourage members “hold the line.” By hold the line, we mean continue to follow FSLTT guidance and directives and reopen, reenter and resume operations in accordance with, and not ahead of, such guidance and directives.

As we periodically update these assessments, FB-ISAO’s Preparedness Group (PG) continues to support the efforts of our broader Pandemic Recovery Group with FB-ISAO staff, PG members, and other government and industry partners, and is also liaising with the venue community in collaboration with the International Association of Venue Managers. This group is developing information which may help inform FBO’s reopening and reentry operations. Interested in helping; contact our team to find out how! We anticipate the Pandemic Reopening & Reentry Checklist for Faith-Based Organizations to be released shortly.

Regarding the Physical Threat Level, as SLTT governments begin to “reopen” their communities, coronavirus remains a serious threat in the United States and many areas continue to see high and increasing infection numbers. Beyond the immediate challenges, there is a very real possibility of second and third waves until a vaccine is developed and applied nationwide. Further, many countries around the world – including nations in the Western Hemisphere – are on an upward trajectory and it is expected that the number of cases in many countries will increase in the coming weeks. Based on the health threat alone, we continue to strongly urge members to follow FSLTT guidance and direction and, as directed, to limit the size of gatherings or to forgo physical assemblies, in accordance with that guidance. FB-ISAO strongly discourages defying state and local guidance and directives and encourages members to reopen, reenter and resume operations in accordance with government guidance and directives.

Beyond the explicit health threat, we have other security concerns, including:

  • Recent weeks have seen varied attacks and threats against retail establishments and personnel relating to enforcement of safety protocols such as required wearing of masks and maintaining adequate social distancing. As FBOs reopen and welcome back individuals, it is possible that some may have heightened sensitivities regarding these issues and may not respond well to personnel attempting to enforce safety actions. FBOs should prepare “frontline” staff and volunteers regarding how to engage personnel, when to ask for help from senior personnel, and other considerations to prepare them to effectively communicate and assist visitors.
  • As we reopen and reenter FBOs, recognize the potential for violence based on the stressors of COVID-19, the threats from violent extremists, and the longstanding issues that have resulted in previous acts of violence at houses of worship.
  • Ramadan continues with Eid Al Fitr – which marks the end of the month-long dawn-to-sunset fasting of Ramadan – coming up on 23 May. As there have been threats, arson attacks, misinformation activities and other concerns aimed at Muslim communities and mosques since Ramadan, it can be expected that some individuals may seek to cause harm leading up to the conclusion of Ramadan.
  • As some FBOs have had assemblies and other faith-based events in defiance of state and local guidance, there have also been protests, as well as expressed concerns and frustrations aimed at places and people of faith. It is possible unhealthy individuals may express their frustration through low-level hostile events aimed at facilities or people, particularly at FBOs meeting or having events in defiance of FSLTT reopening guidance.
  • There continues to be extremist interest in conducting various attacks and hostile actions against people and places of faith (to include specific anti-Semitic rhetoric relating to exploiting COVID-19 and other extremist discussion and interest in places of worship and people of faith [see previous FB-ISAO and government partner reporting]).

We continue to assess the month of May to be a CRITICAL physical threat period.

Regarding the Cyber Threat Level, FB-ISAO assess the current volume of coronavirus-related cyber attack campaigns has stabilized (reduced from mind-numbing levels) and do not presently warrant an “ELEVATED” cyber threat level. There is no shortage of coronavirus-themed cyber attack campaigns, but we are observing a recurrence of non-coronavirus lures. While we assess that a return to “GUARDED” is reasonable at this time, increased vigilance is still recommended due to the ongoing pandemic, continued widespread teleworking, abundance of information and updates from legitimate and less-established sources (including social media and unofficial expert blogs), and commensurate distractions in businesses and homes across the U.S., among other considerations.

Additional considerations for continued increased vigilance:

  • “Zoombombing” continues to be a challenge for faith-based organizations, including houses of worship being subjected to very disturbing imagery. While Zoom has reconfigured default settings to significantly minimize Zoombombing, organizations still need to closely manage administrative and security settings, particularly judicial use of screen sharing and waiting rooms. After a Zoombombing incident during a Sunday service in Waco, Texas, the Waco Tribune-Herald posted a story including how to set up Zoom to be very much like an in-person service, such as configuring a “lobby” where people are met by a “greeter” who vets them before approving entrance into the “sanctuary” to view the service.
  • Mis/disinformation is still a concern. From viral conspiracy-theory videos to social media misinformation “super spreaders,” it is imperative to think critically and continue verifying everything. FB-ISAO members are encouraged to treat every coronavirus-themed communication or situational report with suspicion.

We are all targets of opportunity, especially during this time. Cyber tactics such as phishing, smishing (SMS phishing), disinformation/misinformation, and counterfeit websites leveraging coronavirus themes will continue for the foreseeable future.

  • Continue enabling/encouraging remote staff to work securely. StaySafeOnline has a COVID-19 Security Resource Library with a compilation of numerous trusted and verified resources to enable safe telecommuting.
  • Continue providing threat awareness training to staff. There are many open source examples of emails, lures, images, and indicators of compromise being shared daily in the FB-ISAO Daily Journal. Consider appropriate ways to use that information to educate and better prepare staff. FB-ISAO is happy to help members develop education and cybersecurity awareness materials for dissemination.

Recent and upcoming reports and public posts speak to ideas elaborating on these various threats and on mitigation and recent weekly reports on maintaining preparedness for non-health threats during this pandemic and on upcoming threats. Please contact our team with any questions, needs for information, assistance or any other concerns.

  • We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
  • Join the #covid-19 channel and #cybersecurity channel in FB-ISAO Slack to see more updates, reports, and conversation on this threat, and to share your questions, ideas, and actions for others.

This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.