FB-ISAO Threat Level Update – Dec 2021

This message is TLP:WHITE. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.

The ongoing COVID-19 global pandemic is a complex and blended threat that impacts members and the broader faith-based and charity community in numerous ways. We have determined to maintain our current threat level assessments at this time, with updated comments. FB-ISAO’s Threat and Incident Response Group (TIG) continues to assess the ongoing threats and risks to our community and will make future updates as may be appropriate.

The TIG has determined to maintain the Pandemic Threat Level at “ELEVATED.” ELEVATED means that FB-ISAO is unaware of any specific threats, but there is concern that an event is more likely than normal. While we are well aware of the specific threat of the pandemic, we do not believe that a serious nationwide U.S. outbreak at this time is likely, though the possibility of localized outbreaks remains, especially given the Delta and fast-spreading Omicron Variants and in areas where the population has low vaccine levels, as is being observed in various areas around the country right now. The success of vaccinations and availability of boosters has been encouraging, and the Omicron Variant – while fast-spreading – appears to be a milder threat. With a significant portion of the population remaining unvaccinated and unlikely to get vaccinated; uncertainty regarding virus variants, vaccine resilience and associated breakthrough cases; increasing workforce reentry; school districts returning to live, in-person instruction; and other considerations, the country could still see surges in some areas that could become problematic. Reflecting this, New York and California have reimposed mandatory masking, albeit for a finite period, as a precaution. The TIG will continue to assess the Pandemic Threat Level regularly and provide updates accordingly. 

The TIG has determined to maintain the Physical Threat Level as “ELEVATED.” ELEVATED means that FB-ISAO is unaware of any specific threats, but there is concern that an event is more likely than normal. While we assess the general environment to be pointing towards a GUARDED posture, meaning FB-ISAO is unaware of any specific events, we also recognize a general risk of incidents exists. There continue to be a number of ongoing stressors that cause concern. Among those are stressors and potential sparks for conflict relating to COVID (masking, vaccines, safeguards, etc.), economic uncertainty (supply chain disruptions, shortages of holiday goods, inflation scares, job market concerns, etc.), polarizing issues, media and political hyperbole, the continued normalization of violence, and other considerations. These concerns are coupled with continued foreign ideological extremist and domestic extremist propaganda and encouragement for violence against an array of targets – to include people and places of faith. In addition to increasing levels of violence around the country we have seen recent domestic and international incidents (i.e., France, Indonesia)  targeting the holidays. There are also the routine seasonal threat associated with the holidays, such as mass gatherings, holiday services and special events, etc., which create potential target rich environments and complex security situations. Vandalism of public Chanukah Menorah displays last month, continued vandalism of churches, mosques and synagogues, and the arson attack on the Fox News Christmas tree in NYC highlight the threat to religious properties and public holiday displays. Therefore, we continue to assess the Physical Threat Level as ELEVATED at this time. The TIG will continue to assess the Physical Threat Level regularly and provide updates accordingly. This determination will be periodically re-evaluated, especially with respect to non-COVID-19-related threats.

The TIG has determined to maintain the Cyber Threat Level at “GUARDED.” GUARDED means FB-ISAO is unaware of any specific or targeted cyber attacks, but a general and pervasive risk of cyber attacks exists, particularly with respect to a recent vulnerability and exploitation impacting a widely used Java logging library maintained by the Apache Software Foundation called log4j. Current activity regarding log4j exploitation includes widespread mass scanning and customized targeted attacks, including from APT actors. Some groups are also deploying ransomware on systems that have been compromised. Log4j usage is ubiquitous among enterprise, cloud services, Internet-of-Things, and Industrial Control Systems networks. CISA estimates hundreds of millions of devices are impacted by this vulnerability. To determine the presence of and address the vulnerable log4j library within your environment, it may be necessary to reach out to your technology support team.

The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. Likewise, the cyber threat landscape will be continuously monitored, but this Cyber Threat Level determination is valid until further notice.

• Please refer to this post for an explainer on the FB-ISAO Threat Levels.
• Please refer to the current National Terrorism Advisory System (NTAS) Bulletin, date 10 Nov 2021 (expires, 08 Feb 2022)
• Please see this 15 May 2020 post regarding the distribution of the FB-ISAO Pandemic Reopening Reentry Checklist. 
• Please refer to this CDC guidance for FBOs: Considerations for Communities of Faith, which is periodically updated (this update, 19 Feb 2021).
• Please refer to this valuable resource developed by the Cybersecurity and Infrastructure Security Agency: Mitigating Attacks on Houses of Worship Security Guide.