FB-ISAO

Tag: faith

  • FB-ISAO Newsletter, v1, issue 2

    The second TLP White | FB-ISAO Newsletter was distributed on 02 July, and may be accessed below.

    FB-newsletter-July-2019Download
    To access links, download the FB-ISAO Newsletter from the link above.

  • Vizsafe Partners with FB-ISAO to Offer Incident Reporting Capabilities at No Cost!

    Vizsafe Partners with FB-ISAO to Offer Incident Reporting Capabilities at No Cost!

    In cognizance of our mission to provide members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience, our team at Faith-Based Information Sharing & Analysis Organization (FB-ISAO) is always eager to find like-minded partners.

    The Department of Homeland Security has identified Houses of Worship as a prime category of ST-CP, or Soft Targets-Crowded Places, as noted by Assistant Director Brian Harrell in his letter introducing the updated Security of Soft Targets and Crowded Places–Resource Guide last month. He wrote, “The cornerstone of our democracy is a free and open society where citizens can enjoy a wide range of activities without fear of harm. People across the U.S. should expect that they will be safe and secure as they cheer on a favorite team at a sporting event, shop at a mall, attend a house of worship, go to school, dine out with family and friends, or go to a concert.”

    The threats and risks houses of worship and the broader community of faith-based organizations face have been made all to clear in recent headlines and FB-ISAO reporting.  As our team strives to execute our mission, we are always searching for safety services partners who share our commitment to protecting worshipers.  One such partner is Vizsafe, which provides an intuitive and easy to use mobile incident reporting and management platform. 

    Their cloud-based Geoaware®️ platform is currently protecting some of the world’s most valuable facilities where it is used by employees, visitors and first responders.  Vizsafe has generously agreed to provide their base incident reporting and sharing platform to registered Faith Based-ISAO Professional Member organizations at no charge.  We are proud to partner with Vizsafe to provide this service to our members.  Please review the quick reference and visit vizsafe.com to learn more on this mission-enhancing capability.

    Contact FB-ISAO at [email protected] for more and if you’re not already, consider joining FB-ISAO!

    Here is where you can find everything you need to know about joining The Faith Based Information Sharing and Analysis Organization.

  • Truth and Consequences of Digital Extortion

    by Jennifer Lyn Walker and Omar Tisza

    This post was originally informed by a TLP: GREEN FB-ISAO report distributed on 14 February 2019.

    Like every other business type, faith-based organizations (FBOs) are susceptible to digital extortion attacks. History has shown many cyber criminals are not selective in their targets – they exploit vulnerabilities in people, processes, and technology regardless of industry or sector.

    What is Digital Extortion?

    At its core, digital extortion is a psychological tactic designed–through social engineering–to elicit an emotional response primarily through fear, embarrassment, or humiliation, and often aims to profit through ransom payments.According to the FBI, in 2018 extortion by email complaints increased 242%, totaling $83 million in losses.

    Some types of extortion threats are credible, in so far as the threat actor is able to inflict, or has already inflicted disruption or damage to some degree; however, there has also been an uptick in non-credible extortion-based threats during the past year. These empty threats may use personal information, such as passwords or email addresses as intimidation, but are nothing more than hoaxes. While ransomware may be the most well-known type of extortion attempt, there are many variants including the increasingly popular “sextortion” campaign.

    Below is an overview of common types of digital extortion, including ransomware and sextortion, that faith-based organizations are likely to encounter.

    Potentially Destructive, but at the Very Least, Disruptive

    Nary a week goes by without reports of organizations who have fallen victim to ransomware. Ransomware is malicious software (malware) that encrypts files on infected computers, making the files inaccessible until (presumably) unlocked with a decryption key. The malware displays a warning message along with a ransom demand and instructions for payment. The ransom is usually requested to be paid in Bitcoin or other cryptocurrency in exchange for ‘said’ decryption key – which may or may not work, let alone be provided.

    In many cases, organizations have had to rebuild their computers and file systems from scratch, costing valuable time and money – and causing many headaches. Recently there has been a spate of incidents affecting cities, municipalities – and other government entities, charities, non-profit organizations, and FBOs, including a food bank, and a catholic archdiocese.

    Non-Credible Extortion Threats

    In the past year, other extortion-based threats have been known to be non-credible, such as bomb threats and hitman scams. In December 2018, emails containing bomb threats and hitman schemes went viral. These messages gained worldwide attention and awareness for the hoaxes they were, but not before causing major disruptions to countless businesses and individuals.

    The majority of email extortion complaints to the FBI were comprised of sextortion. While not a “credible” threat, perpetrators are adept at crafting sextortion emails that appear believable enough to evoke fear or concern. A recipient receives an email purporting that the scammer has compromised their computer and stolen all their files, including contacts and browser history. The email further threatens the victim with public disclosure of unsavory pictures or videos to family, friends, and colleagues (allegedly captured with malware they placed on an “adult” website they visited) unless a ransom is paid for the scammer to keep quiet. These fraudsters do not have the “dirt” they claim; nonetheless, some include personal details to make the ruse seem more credible to increase the chance victims will pay the ransom. There is even a variation that looks like it comes from your own email address as the fraudsters want you to think they have also compromised your email account. 

    Conclusion

    In addition to ransomware, FB-ISAO believes that FBOs are likely to observe sextortion-based attacks. Given the personal and sensitive nature and appearance of impropriety, malicious actors would victimize the community of faith on what could be perceived as the need to protect image and reputation by succumbing to ransom demands. Yet, contrary to the majority of FBI complaints, for those same reasons, it is plausible that sextortion emails in the faith-based community are likely to go unreported.


    Incident Reporting

    It is also important to report digital extortion incidents to the appropriate authorities and share with the broader faith-based community to improve security and resiliency.

    o   Report all incidents to the FBI through the Internet Crime Complaint Center (IC3)

    o   If there has been a financial loss, you should (and in some cases, may be required to) contact local law enforcement

    o   Report the incident to FB-ISAO for broader awareness among the Community of Faith

    Jennifer Lyn Walker is a cybersecurity professional with over nineteen years’ experience supporting critical infrastructure and SLTT governments. As Director, Cybersecurity Services for FB-ISAO and Gate 15, she advises and consults on cyber threats related to homeland security for critical infrastructure and vital lifeline sectors, including WaterISAC. She is experienced in malware analysis, threat assessments, cyber threat intelligence, compliance, and cybersecurity awareness.

    Omar Tisza graduated from American University in 2017 with a bachelor’s in International Relations. After a brief stint in business development on the federal market, he began his role as Jr. Risk Analyst at Gate 15 in 2018 and currently supports the Health Information Sharing and Analysis Center (H­ISAC) and the Healthcare Sector Coordinating Council – Cybersecurity under the leadership of Executive Director Greg Garcia, former Assistant Secretary for Cyber Security and Communications at DHS.

    Join FB-ISAO! We welcome faith-based organizations, charities and critical partners to join FB-ISAO. Access our TLP AMBER and TLP GREEN reports, join our collaborative forums, working groups, participate in leadership opportunities and take the next step in enhancing your organization’s preparedness, security and resilience!

  • Multi-Faith Targeted Violence Roundtable Meeting at the FBI

    Multi-Faith Targeted Violence Roundtable Meeting at the FBI

    Mayya Saab, of the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) had the honor of attending the Multi-Faith Targeted Violence Roundtable meeting at FBI Headquarters on 18 June 2019. This was a meeting between leaders of faith-based organizations (FBOs) and members of government, who are given the difficult task of preventing bias-based attacks on religious institutions. Safety of houses of worship is a mammoth task and one that government cannot do alone, so the task requires close collaboration between government, faith-based leaders and the community. Representatives from the Christian, Muslim, and Jewish faiths included leaders from the Christian Emergency Network, Secure Community Network and the Muslim Public Affairs Council.

    There were multiple presentations such as:

    • Counterterrorism and Criminal Investigative Divisions Threat Briefs
    • Communal Response to Mass Casualty Incidents
    • Pre-Attack Behaviors of Active Shooters

    Especially poignant were presentations on lessons learned from the Sutherland Springs Church Shooting. During that presentation, a deep discussion on the assailant’s behavior leading up to, and including, the day of the shooting took place. Another presentation covered the Oak Tree Temple Shooting. This presentation was particularly personal for the FBI agent who responded to the event since the Oak Tree Temple was his house of worship and some of the victims were his family members. There was a discussion about the effect of these types of incidents on law enforcement personnel. On multiple occasions, attendees expressed gratitude to law enforcement for their work on protecting houses of worship.

    The FBI provided information about the current threat environment. Here are some key points for the community to note:

    • Most perpetrators of crime against religious institutions are males between the ages of 19-25
    • As of late, violence comes first (that is an act is committed) and then the perpetrator picks an ideology after the attack
    • There were 66 cases of domestic terrorism in the first half of 2019 as compared to 115 in all of 2018
    • Domestic Terror Groups are less threatening than individuals based on reported cases of domestic terrorism
    • The internet and gaming are contributors to violent behavior
    • The average planning phase for a violent crime is 1-2 months
    • The average preparation phase for a violent crime is less than 24 hours
    • Most perpetrators of violence have bought their weapons legally

    The FBI and DHS issue and maintain multiple products designed to inform and educate FBOs and individuals on what they can do to prepare for hostile events. Here are publications that were specifically referenced during the meeting:

    What can an FBO do?

    • Reach out to local law enforcement and establish relationships
    • Start preparing an emergency plan. There are many resources available to help an FBO prepare for an emergency – which planning document you use depends on preference
    • Join FB-ISAO. FB-ISAO issues reports to help FBOs mitigate risk and to become more resilient. FB-ISAO also encourages collaboration between members so that they can learn from each other. Members can also share best practices and support each other’s preparedness activities

    The meeting concluded with a deep commitment to public private partnerships – that is partnership between government and private organizations, like FB-ISAO. Also affirmed was the need for greater communication and collaboration between government and faith-based groups. Although this meeting was the first of its kind, it is expected that there will be future meetings to follow-up on action items and to establish an on-going dialogue between government and faith-based leaders and their communities.

  • FB-ISAO Newsletter, v1, issue 1

    FB-ISAO Newsletter, v1, issue 1

    The first TLP WHITE | FB-ISAO Newsletter was distributed on 06 Jun, and may be accessed below.

    FB-newsletter-June-2019Download
    To access links, download the FB-ISAO Newsletter from the link above.
  • Hostile Events: A Real & Ongoing Threat to Faith-Based Organizations

    Hostile Events: A Real & Ongoing Threat to Faith-Based Organizations

    by Andy Jabbour, Managing Director, FB-ISAO

    Every month, FB-ISAO provides a TLP GREEN report, the FB-ISAO Monthly Threat Overview. The report is developed over a specific reporting period by a team of analysts. The report addresses all-hazards – to include physical, cyber, natural hazards, and health threats. Reviewing the draft of the most recent report, finalized and distributed on 24 May and covering the period from 25 April – 22 May 2019, I was amazed by the remarkable number of incidents that were included. 

    Addressing the area of hostile events, the report notes, “The persistence of domestic arrests, incidents, and continued jihadist and other extremist rhetoric remains a direct threat to the Faith-Based Organizations (FBOs). We continue to consider the threat of lone actor or a small group of extremists to be a credible threat. Over the past month, there were several events and arrests that continue to serve as reminders of the continuous physical security threats facing the sector.” 

    “Our right to worship freely and without fear is fundamental to life in America.”

    Renn Cannon, Special Agent in Charge of the FBI in Oregon

    The complete physical security section includes incidents involving vandalism, theft, harassment, arrests and other notable events. But it was the section covering Active Shooter & Hostile Events that jumped out at me. An excerpt from that section follows. I encourage you to review the list of incidents and let that sit with you for a few moments. 

    Image by Free-Photos from Pixabay

    Is your organization properly, reasonably, and responsibly addressing the risks you are facing? Are you actively working on preparedness and operations to protect and prepare your people and places?

    FB-ISAO will be providing our second offering of the Hostile Events Preparedness Series educational presentation on 20 June. It is free, and only costs you an hour and a half of your time. Contact our team for more information on that event. Consider joining FB-ISAO, tying in to our growing community of security-focused faith leaders and help enhance the security and resilience of your FBO and our collective community of faith. As recently stated by Renn Cannon, Special Agent in Charge of the FBI in Oregon, “Our right to worship freely and without fear is fundamental to life in America.” Are you doing everything you can to help protect and prepare your people and places so all Americans, and those within our boarders, are able to “worship freely and without fear?” 

    The complete FB-ISAO Monthly Threat Overview goes into additional incidents, other threat vectors and provides resources for members. As a TLP GREEN report, it is available to all Standard and Professional members, as well as our Government and Law Enforcement members (read more on membership here). 

    Active Shooter & Hostile Events, for period from 25 April – 22 May 2019.

    • Over the weekend of 18 to 19 May in Chicago, Illinois, separate incidents of attempted arson and vandalism occurred at local synagogues. Worshipers who arrived at one synagogue Sunday morning discovered broken glass and charred black rags outside the building. Police later confirmed that an unknown assailant twice attempted to set the building on fire around midnight on Saturday. No one was injured and there was no damage to the synagogue. Police were also investigating vandalism outside several synagogues in the city’s West Rogers Park neighborhood, where the windows of cars parked outside the building were smashed early Sunday morning.
    • On 15 May in Kalamazoo, Michigan, a fire destroyed a church. It took two dozen firefighters over four hours to douse the fire. The building is a total loss, and a home next door suffered exterior damage from the intense heat. The fire marshal didn’t yet know what sparked the fire; federal agents joined the investigation.
    • On 12 May in New Haven, Connecticut, a fire broke out at a mosque that is still under construction. Officials said they believe the fire was intentionally set. The fire started on the first floor of the building and spread to the second level.
    • On 12 May in Dablo, Burkina Faso, gunmen killed six people, including a priest, as Mass was being celebrated in a church. The attackers, said to number between 20 and 30, then burned down the church. The town’s mayor said there was panic as other buildings were burned down and a health center looted. As noted below, a Protestant church was attacked in Burkina Faso on 28 April, resulting in the deaths of a pastor and five congregants. Islamist groups have been blamed for a number of attacks in the West African nation in recent years.
    • On 11 May in Arlington, Massachusetts, a fire was set outside the home of a rabbi that serves at a Jewish center. The incident is being investigated as a hate crime. Police asked for the public’s help in identifying a person caught on a neighbor’s video camera walking away from the home around the time of the fire. Firefighters put out the small fire that burned the shingles of one side of the building. Police and town officials have no evidence yet that the location or its Jewish homeowners were targeted because of their religion, but “are leaving open and actively investigating the possibility of a hate crime.” On 16 May, another fire was set at the Jewish center. The fire, which was on the home’s exterior wood shingles, was small, and firefighters were able to put it out using a hand-held extinguisher. 
    • On 10 May in Couva, Trinidad, a 57-year-old businessman was killed inside a mosque, although the country’s attorney general said the incident should not be labelled as an act of terrorism nor a hate crime. eyewitnesses said the businessman was mingling with fellow Muslims outside the mosque when he was approached by a gunman. He then ran up a flight of stairs and into a prayer room, where he was killed.
    • On 9 May in Charlottesville, Virginia, a hit and run occurred near a mosque. Police said a dark colored Sedan struck a man’s arm while he was walking along the street. Another member of the mosque claims a car with the same description swerved at her while she was walking to the mosque earlier the same week but at the time, she did not think anything of it. The mosque had been bolstering its security measures in previous months.
    • On 9 May in London, England, a man fired a shot outside a mosque during evening prayers for Ramadan. The man was reported to have entered the mosque but was “ushered out” by those inside, police said. A shot was heard shortly after. Police said there were no injuries and they were not treating it as a terrorist incident. They said they believed the shot came from a blank-firing handgun. One theory police are considering is that the gunshot followed a dispute linked to gangs or criminality which started in the street and then moved into the mosque.
    • On 6 May in Brooklyn, New York, a Hasidic Jewish man was assaulted in an unprovoked attacked. Without saying a word, one of the men walked up to the victim and punched him in the face. Another suspect yelled anti-Semitic slurs at the man. The group fled the area. The man was not seriously injured.
    • On 6 May, French police arrested a 16 year old in Strasbourg, France for actions in conjunction with a plot to attack security forces and possibly Elysees Palace. This arrest is in connection to the arrests in April of three adults and one teenager who had allegedly planned an attack “to coincide with the start of the Muslim holy month of Ramadan… with officials saying the suspects had scouted out areas near the Elysee and a police station in the Parisian suburb of Aulnay-sous-Bois.” French authorities believe this individual published a video pledging allegiance to the Islamic State. 
    • On 28 April in Cincinnati, Ohio, a family of four Sikhs were shot and killed inside their apartment complex. Locals in neighboring apartments said they heard a barrage of gunfire, which forced them to rush out on the streets. However, the alleged killer had fled from the spot. Local police launched a probe into the attack, which is as of now being suspected as an act of “hate crime.” 
    • On 28 April in Burkina Faso, unidentified gunmen killed a pastor and five congregants at a Protestant church, the first attack on a church in a country that has seen an upsurge of Islamist violence this year. Burkina Faso, which boasts of a history of religious tolerance, has been beset by a rise in attacks as groups based in neighboring Mali seek to extend their influence over the Sahel, the arid scrubland south of the Sahara. The government declared a state of emergency in several northern provinces bordering Mali in December because of deadly Islamist attacks, including in Soum, the region where Sunday’s attack took place.
    • On 27 April near San Diego, California, a shooter who appears to have posted an open letter riddled with anti-Semitism and racial epithets opened fire at a San Diego County synagogue on the last day of Passover. Police said the man opened fire with a rifle, killing one woman and wounding a girl and two men, including a rabbi. Police said the shooter left after his rifle possibly jammed and was fired upon as he fled by an off-duty Border Patrol agent working as a synagogue security guard; the agent struck the getaway car but did not wound the man. A San Diego police officer en route to the synagogue heard details on the radio and confronted the suspect where he had pulled over along the road near Interstate 15. Officials said he surrendered without incident and a rifle was discovered on the front seat.
    • On 26 April in Los Angeles, California, a man deliberately drove a vehicle into a crowd of people, doing so because he thought they were Muslim, police said. Eight people were injured in the incident, including three members of the same family. A lawyer for the man said the incident “was clearly the result of a mental disorder”, and he would seek psychiatric treatment for his client, who he described as a military veteran possibly suffering from PTSD.
    • On 25 and 23 April in Bethlehem, Pennsylvania, fires were set at a church. The first fire built a thick, black smoke cloud around the building, but had burned out by the time authorities arrived. It was ruled arson by the Bethlehem city fire marshal. The motive was unclear, according to a statement from the Bethlehem police, but the fire appeared to have been started in the sanctuary area of the church. Then, just two days later, firefighters were at the church again, extinguishing a blaze which was contained to the roof of the structure, right above the sanctuary area. By 26 April, police had arrested a man in connection with the fires, charging him with arson, burglary, and criminal trespass.
    • On 23 April in Austin, Texas, a man attempted to commit arson at a mosque. He was captured on security video just after midnight pouring what appears to be gasoline on the side of the building and then attempting to light the fluid. The mosque was the target of repeated vandalism last fall. It hired an armed security guard after tires were slashed and the building’s front doors and windows were shattered in September.
    • On 22 April in Sri Lanka, a van parked near a church that was bombed on Easter Sunday exploded; no injuries have been reported. Police went to inspect the van Monday after people reported it had been parked near St. Anthony’s Shrine since Sunday. They discovered three bombs that they tried to defuse. Instead, the bombs detonated, sending pedestrians fleeing in panic.
      • On 7 May, it was reported that there have been increasingly violent clashes in Negombo, the site of St. Sebastian’s Church (one of the three churches that was bombed on Easter), with mostly-Catholic mobs attacking and vandalizing Muslim-owned shops, homes, and vehicles. Negombo suffered the highest death toll in the Easter Sunday attacks. The bomb at St. Sebastian’s killed more than 100 worshippers. The violent attacks prompted Sri Lanka’s Roman Catholic Church to call for the hostility against Muslims to end.
      • On 2 May, Sri Lanka’s Catholic Church said it would not resume Sunday services as planned on May 5 after the government warned of more possible attacks by an Islamic State-linked group. It was the second week following the attacks in which the Catholic diocese canceled services. Instead of public services the first Sunday after the attacks, the cardinal delivered a homily at his residence that was broadcast live on television.
      • On 12 May, Sri Lanka’s Catholic Church held the first regular Sunday Mass since the attacks. Military forces and police armed with assault rifles patrolled the streets leading to churches and stood guard outside the compounds. Everyone entering was required to produce identity cards and be body searched. Volunteers were stationed at the gates of churches to identify parishioners and look out for any suspicious individuals. Parking was banned near the churches and officials urged worshippers to bring only minimum baggage.
      • On 29 April, Sri Lanka announced a ban on Muslim women wearing face veils. Although the niqab and the burka, which are worn by Muslim women, were not specifically named in the ban, any face garment which “hinders identification” is no longer permitted to ensure national security, the president’s office said.
      • On 23 April, the Islamic State claimed credit for the bombings. Independent media groups that produce posters and videos supporting the Islamic State have used the attack to push for more jihadist operations. One poster depicts a jihadist with dark blond hair in military fatigues entering a bombed-out church: “O worshippers of the Cross you will not enjoy your living, you have opened up the gats of hell to yourselves by waring [sp] us, so wait for what will embitter your life, and what is coming is more bitter and more disastrous.”
      • As reported in the Monthly Threat Brief for April, on 21 April coordinated suicide bombings occurred at three churches and three hotels in Sri Lanka, killing approximately 250 people and injuring at least 500 more. The three churches, all of which were conducting Easter services at the time of the explosions, are located in the cities of Colombo, Negombo, and Batticaloa. The three hotels targeted by the bombings are all located in the Colombo, Sri Lanka’s capital, and are popular with foreign tourists and the country’s business community.
    • On 21 April in San Diego, California, members of a church tackled a woman carrying a baby and handgun as she threatened to blow up the building. San Diego Police arrived within two minutes of the first call and took the woman into custody, the department said in a statement. Churchgoers were able to take the baby from the woman’s arms and pry the gun from her hands before tackling her to the ground. A bomb-sniffing dog found nothing in a sweep of the building and the suspect’s car, police said. Police said her gun was not loaded.
    • On 16 April in Winnipeg, Canada, an employee of a café was attacked and the inside of the building was spray-painted with a swastika in what was described as an anti-Semitic attack. A local church was planning a vigil to support Winnipeg’s Jewish community after the incident.
  • From New Zealand to New York: Understanding Behavioral Indicators & the Hostile Events Attack Cycle

    From New Zealand to New York: Understanding Behavioral Indicators & the Hostile Events Attack Cycle

    By David Pounder & Brett Zupan

    TL;DR

    • After the New Zealand attacks, FB-ISAO shared a TLP AMBER report with members relating the attack to the Hostile Events Attack Cycle (HEAC).
    • A recent incident in New York underscores the potential of inspired, copycat, and retaliatory incidents after significant attacks and around notable anniversaries and special events.
    • For security leaders, it is important to understand the HEAC and behavioral indicators of potential violence.

    On 15 March, at approximately 1:40 pm local time, an armed shooter dressed in military attire entered the Al Noor Mosque in Christchurch, New Zealand and began a shooting rampage spread across two mosques. By the end of the day, the attacker killed 50 people and wounded 50 more. The attacker in this deliberate action was identified as Brenton Tarrant, a 28-year-old Australian. The attack clearly followed many of the phases of the Hostile Events Attack Cycle (HEAC). HEAC is an 8-phased cycle which can define the process attackers go through before conducting an attack, whether this is formal or informal, or whether they know it or not. There is no doubt, based on the jumbled, 74-page manifesto Tarrant posted on social media, the social media posts, and the Facebook Live stream he aired during the attack, that Tarrant carefully planned and orchestrated the attack. 

    Image by Jose Aguilar from Pixabay

    Following this attack, and after the much-publicized fire at the Notre Dame Cathedral in Paris, in the run-up to Easter weekend, a 37-year-old philosophy professor is suspected to have aspired to set fire to the iconic St. Patrick’s Cathedral in New York City. As the investigation into that incident continues, some interesting details are beginning to come to light. Among those is another incident the suspect was involved in at Cathedral Basilica of the Sacred Heart in Newark, and his purchased of a one-way ticket to Italy, scheduled for shortly after the New York arrest.

    This blog focuses on the New Zealand attack and aligns the details of the attack as they are currently known against the eight phases of the HEAC:

    Phase 1 – Initial Target Consideration. Tarrant gave insightinto his motivation behind the attack. In his manifesto he “identified himself by name and said he was a white supremacist who was out to avenge attacks in Europe perpetrated by Muslims.” Tarrant began “planning an attack roughly two years in advance and an attack at the location in Christchurch three months in advance… The attack was planned to allow enough time to train, form a plan, settle my affairs, write down my views, then enact the attack.” New Zealand was not the original choice for the attack, as he “only arrived to New Zealand to live temporarily whilst [he] planned and trained,” but he soon changed his mind and believed New Zealand would show that nowhere in the West was safe for Muslims, and that “the invaders were in all of our lands, even in the remotest areas of the world.”

    Image by OpenClipart-Vectors from Pixabay

    Phase 2 – Initial Surveillance. In the manifesto, it was clear that Tarrant conducted online surveillance to find the right target. Christchurch only has three mosques. Originally the mosque in Dunedin was the main target because of a video on their Facebook page that said it was “only for Muslims”, which Tarrant viewed as an admission of some sort of guilt. However, he visited the mosques in both Christchurch and Linwood, causing him to re-evaluate his target and ultimately change his mind. Initial surveillance also identifies opportunities of when to strike. In Islam, Friday is the day of gathering and followers are encouraged to take time away from their activities to attend prayers. Tarrant would have understood that this was the time to strike in order to inflict as many casualties as possible.

    Phase 3 – Target Selection.When he visited the mosques in Christchurch and Linwood, he decided to change his plans. “The Christchurch and Linwood mosques had far more invaders, in a more prominent and optically foreign building, with less students, more adults and a prior history of extremism.“  The third mosque on his list was in Ashburton where the mosque was a converted church which he viewed as “the desecration of the church.” When Tarrant was ultimately stopped by police, it is believed he was on his way to continue his attack there, which is an hour’s drive from Linwood.

    Phase 4 – Intense Surveillance.Phase 4 is designed to help build out target selection and validate the information already collected by having a direct “eyes-on” view, the attacker can get a first-hand look at the outward facing security such as guard posts, security patrols, or counter-measures such as identification card checks, bag checks or other screening measures. The period of intense surveillance will go into much more detail and will involve a lot more “time on target,” or time that is spent observing and getting to know the target in-depth. While we know Tarrant visited the mosques, we do not know at this time if he visited on more than one occasion to assist in the plan, or if he had any interactions with members of the mosque to understand the security situation, and any police response.

    Phase 5 – Planning and Rehearsals. This is another area that has not been fully revealed, though there are some indicators in Tarrant’s manifesto and in how he carried out the attack:

    • In the first attack, extra ammunition and weapons were stored in his vehicle which he parked next to the mosque.
    • He envisioned / planned for a possible confrontation with New Zealand police which he hoped to avoid unless that police officer was part of “an invaders background”.

    Phase 6 – Pre-Attack Operations. This is one of the less defined and more flexible elements of the Attack Cycle in that the attacker will need to do their pre-attack checks and inspections to ensure all the pieces of the attack are accounted for, are functioning, and ready for the attack. A few areas give some insight into this:

    • He was prepared on social media and had a camera affixed to his helmet in order to live stream the attack.
    • The explosive device on his vehicle had to be attached and prepared.
    • While his manifesto clearly was a running collection of thoughts over a period of time, he had to have it ready to publish prior to the attack.

    Phase 7 – Attack. This phase has been well documented by media.

    Phase 8 – Escape.Tarrant considered that death was a possibility, but he had hoped to survive as it would allow him to “further spread my ideals by media coverage and to deplete resources from the state by my own imprisonment.” 

    The below areas are strategies for helping faith based organizations plan for hostile events and disrupting the HEAC.

    1. Know the Threat. 
    2. Security Briefings / Information Sharing. 
    3. Formalize the Security and Incident Response Plan.
    4. Training / Rehearsals / Exercises.
    5. Employ Random Active Measures. 

    Additional resources include:

    Consider joining FB-ISAO! Read more on membership from the link at left and below.

    David Pounder is the Director for Intelligence and Analysis at Gate 15, supporting FB-ISAO. Dave provides expert threat and risk analysis, assessments and special project support for internal activities and client needs.

    Brett Zupan is a Risk Analyst at Gate 15, supporting FB-ISAO, with experience in all-hazards analysis, exercise development, and information sharing. He has supported analysis, preparedness and operations for a number of critical infrastructure communities.

  • Working Groups: One of the Cornerstones of an Effective ISAO

    Working Groups: One of the Cornerstones of an Effective ISAO

    By Andy Jabbour

    As FB-ISAO transitions to our membership model, we’re excited to also begin our working group collaboration and Slack member channels. Collaborative groups are essential to a successful ISAO and our working groups will be a vital part of that for FB-ISAO. As we begin this next phase in FB-ISAO’s maturity, we are establishing five initial Working Groups (WGs). What follows are overviews of these initial WGs and an explanation of some of the ways members can use Slack as a means of participating in the working groups.

    Working Groups. WGs are ongoing collaborative groups comprised of FB-ISAO members and staff focusing on specific areas that are important to enhancing FB-ISAO’s capabilities and the ways in which our organization can support members’ threat and risk awareness, preparedness, security, and operations. WGs are co-chaired by FB-ISAO staff and FB-ISAO members. Initially, we are establishing WGs as follows:

    • Cyber Threat Intelligence;
    • Business Resilience;
    • Threat and Incident Response Group
    • Preparedness;
    • Communications; and,
    • Outreach & Engagement

    Additional WGs may be developed over time based on needs our staff identify or at the request of members and the approval of our Advisory Board. FB-ISAO Professional Members may join most WGs so long as they meet the criteria established by that WG (those requirements will be developed by each WG). Brief descriptions of our initial WGs follow.

    Cyber Threat Intelligence. The CTIWG will focus on identifying information security / cybersecurity-related threats relevant to the community and the associated risks, helping to inform the FB-ISAO cybersecurity threat level, developing actions members can consider given a specific threat level, and other activities relating to enhancing the awareness, security and resilience of our members and community, during both routine operations and during incidents relevant to the community. Members may also help inform FB-ISAO staff efforts relating to cybersecurity analysis, reporting, and services. The CTIWG may help vet physical security-related ideas and initiatives from members and staff. Some issues and concerns crossing over from or into other domains, such as blended threats, may be addressed in collaboration with the BRWG.

    Business Resilience. The BRWG will focus on identifying non-cybersecurity-related threats – those pertaining to man-made threats, natural hazards and health issues – relevant to the community and the associated risks, helping to inform the FB-ISAO physical threat level, developing actions members can consider given a specific threat level, and other activities relating to enhancing the awareness, security and resilience of our members and community, during both routine operations and during incidents relevant to the community. Members may also help inform FB-ISAO staff efforts relating to analysis, reporting, and services. The BRWG may help vet physical security-related ideas and initiatives from members and staff. Some issues and concerns crossing over from or into the cyber domain, such as blended threats, may be addressed in collaboration with the CTIWG.

    Threat & Incident Response Group. During active threats, incidents, or for other issues identified by FB-ISAO staff, FB-ISAO may convene joint meetings of the CTIWG and BRWG under the banner of the TIRG.

    Preparedness. The PWG will focus on both collaboration among members relating to facility and operational preparedness, as well as helping to inform and develop FB-ISAO lead preparedness events, such as exercises. Members may also help inform FB-ISAO staff efforts relating to analysis, reporting, and services and may be asked to assist in the development of input to assist the CTIWG and BRWG.

    Communications. The CWG will focus on ensuring effective communications and reporting, both internally from FB-ISAO to members and among members, and externally with FB-ISAO partners. This may include reviewing reports, formats, organization and appearance, as well as reviews of the traffic-light protocol and other communications related activities.

    Outreach & Engagement. The OEWG will focus on increasing awareness of FB-ISAO among our community of FBOs and partner organizations. The OEWG may develop campaigns to increase awareness and engage the community, identify events to help raise awareness and interest in FB-ISAO, and consider member engagement to help ensure FB-ISAO members are being afforded ample opportunities to be involved with FB-ISAO.

    In addition to WG activities, Professional Members are strongly encouraged to actively participate on FB-ISAO Slack. Initial channels in Slack have been set-up to facilitate some initial information sharing and awareness, such as the feed informed by the content in the Faith-Based Journal (FBJ) and general channels. Additional channels are to support WG communications and how WG collaboration will primarily occur. However, additional channels may be set up to support any number of interests members have, from topical groups – focusing on issues and concerns members have, to geographic groups, to groups based on size, or specialty (charities, houses of worship, or for those with personnel operating internationally), to just for fun groups based on member interests. Pro members can request FB-ISAO establish channels anytime! Learn more about our membership levels: https://faithbased-isao.org/membership-levels/

    “Sounds Interesting, But How Much Time Does This Require?” That may be a question you’re asking, and a fair one! Our WGs will typically meet for monthly virtual meetings. These will be opportunities to check in, update progress or outcomes of various projects and initiatives and to discuss relevant issues. We ask all WG members to participate in at least two out of three meetings per quarter. Co-Chairs will be more involved, helping to guide the group, set the agenda, and ensure progress is being made on various WG activities. Some WG members may volunteer to lead or support WG efforts, but that will be optional. Our goal is to keep the burden light but to also ensure we have effective means for members to get involved and help shape FB-ISAOs efforts and to really be a part of building the security and resilience of the community of faith.

    Our “big vision” is to connect every FBO to FB-ISAO to allow for a means for peer engagement and, in the event of an urgent communication for our community, a means by which we can get that out. While we recognize that for many, Basic and Subscriber-level Membership will suffice, we hope you may find interest in a more active Professional Membership and being an active participant in shaping the activities and efforts of FB-ISAO and our community. FB-ISAO is you! And only your participation can make it great!

  • Responding to Christchurch

    Responding to Christchurch

    TL;DR: Leaders are encouraged to respect the horrible tragedy in New Zealand and the potential for copycat, inspired, or retaliatory attacks by extremists. At this time, FB-ISAO is unaware of any specific or imminent threat towards US Faith-Based Organizations (FBOs); however, in light of today’s incident, we are modifying our current physical threat level assessment.

    Physical Threat Level. FB-ISAO has assessed the general Physical Threat Level for US Faith-Based Organizations as “GUARDED.” As per FB-ISAO’s definitions of the Cyber Threat Levels, “GUARDED” means FB-ISAO is unaware of any specific threats but a general risk of incidents exists.Note: While we do not assess that there is a significantly elevated threat at this time and are not increasing the threat level to “ELEVATED,” FB-ISAO considers this period following a significant extremist attack upon a place of worship as a period of heightened concern. During this time, extra consideration should be given to organizational security and preparedness.

    This assessment has been developed by FB-ISAO and is our general, nationwide, threat assessment for the US community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors and other local experts and responders.

    Earlier today, in Christchurch, New Zealand, a horrific attack left at least 49 individuals dead and approximately 20 seriously injured. The coordinated mass shootings were conducted at two separate mosques, with reports of 41 individuals killed at the al Noor mosque and seven more at the Linwood mosque. Four individuals have been taken into custody – three men and one woman. There is an open investigation and additional details will be forthcoming. So far, a 28-year-old male has been charged with murder. There is abundant information on this attack in today’s Faith-Based Journal – see the WORLD and #CHRISTCHURCH Sections for links; some of which have been included below. The nature of the attackers’ extremism and radicalization, the deliberate planning of the attack, and other key aspects will be further explored and distributed to members in a TLP AMBER follow-on report next week. 

    This morning, DHS communicated a message to Faith-Based organizations from Mr. Brian M. Harrell, the Assistant Director for Infrastructure Security. In that message, Mr. Harrell states, “As the Assistant Director for Infrastructure Security within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), I implore you to reflect on today’s attack, and determine how we can collectively better prepare for and mitigate the impacts of a similar incident here in the Homeland. It has been demonstrated in recent attacks such as at the Tree of Life Synagogue in October 2018, that violent extremism is present in our nation and we must learn from previous incidents and apply best practices to avoid impacts to the core of the American way of life. As I mentioned in my February 2019 letter, CISA is steadfast in its commitment to supporting the faith-based community in enhancing security in a manner that still maintains the unique and open environment that places of worship provide to their parishioners.” The complete message was distributed with this DHS resource: The Securing Soft Targets and Crowded PlacesResource Guide. “Soft Targets and Crowded Places (ST-CPs)… are locations that are easily accessibleto large numbers of people and that have limited security or protective measuresin place making them vulnerable to attack. DHS has been working for many years to address ST-CP security and preparedness, with recent shifts in the threat landscape calling for renewed departmental focus on leveraging and maximizing its ST-CP security authorities, capabilities, and resources in an integrated and coordinated manner.”

    AttachmentSize
     Security of Soft Targets and Crowded Places Resource Guide4.62 MB
     Soft Targets and Crowded Places Security Plan Overview698.37 KB

    There has not been a National Terrorism Advisory System (NTAS) alert and one is not expected. However, as local jurisdictions assess the threat, several major metropolitan areas are increasing security around places of worship. As this post is being written, a number of additional updates have been made relating to increases in local security at FBOs both internationally (France, the UK, and Australia, and others) and in the United States including New YorkChicagoPittsburghAtlantaPhiladelphiaPortland and the Pacific Northwest, as well as in MassachusettsArizona, and other parts of the country. Much of this activity is expectedly focused around mosques, but given the potential for copycat, inspired, or retaliatory attacks by extremists, FBOs of all faiths are strongly encouraged to engage with local fusion centers and law enforcement, and to talk to other local FBOs. Regardless of belief system, now is an important time to share information concerning reports or behaviors with local places of worship and other FBOs – threats that may seek to attack one facility or type of target may shift to secondary or additional targets for a variety of reasons.

    Adding some recent historical context, the AP reported earlieron the sad list of attacks at places of worship over the last decade. Excluding the incidents in Afghanistan, Pakistan, and the Middle East / North Africa, the list is still remarkably long:

    • 05 Aug 2012: Six members of the Sikh Temple of Wisconsin, in Oak Creek, are fatally shot by a white supremacist, Wade Michael Page. Page was shot by a responding officer and later killed himself.
    • 17 Jun 2015: Nine black worshippers including a pastorare killed by Dylann Roof, a 21-year-old white supremacist, after he prayed with them in Charleston, South Carolina. Roof was convicted of federal hate-crime and obstruction-of-religion charges and sentenced to death.
    • 29 Jan 2017: A gunman killed six men during evening prayers at the Islamic Cultural Centre in Quebec City. Alexandre Bissonnette pleaded guilty to first-degree murder and attempted murder charges and was sentenced to serve 40 years in prison before being eligible for parole.
    • 05 Nov 2017: Dressed in black tactical-style gear and armed with an assault weapon, 26-year-old Devin Kelley opened fire at the First Baptist Church of Sutherland Springs, Texas, killing 26 people and wounding about 20 others.
    • 27 Oct 2018: A gunman believed to have spewed anti-Semitic slurs and rhetoric on social media enteredTree of Life Congregation synagogue in Pittsburghand opened fire, killing 11 and wounding six, including four police officers.
    • 27 Jan 2019: Two suicide attackers detonate two bombs during a Mass in a Roman Catholic cathedral on the largely Muslim island of Jolo in the southern Philippines, killing 23 and wounding about 100 others. Three days later, an attacker hurls a grenade in a mosque in nearby Zamboanga city, killing two religious teachers.
    • 15 Mar 2019: At least 40 people are killed in an attack at mosques in the New Zealand city of Christchurch.

    While our immediate concern is the coming few days, the long-view extremists take is important to understand, as is the planning cycle. The New Zealand attacker was at least partially inspired by a trip to France two years agoCNN reports on the FBI’s observed uptick in US domestic terror arrests – “with nearly 25 arrests in the first quarter of fiscal year 2019, it’s one of the ‘highest arrest tempo quarters in the last few years’ related to domestic terrorism. The domestic terror arrests include but are not limited to far right/white nationalists…” Our sad reality is the threat to FBOs is real, and enduring. Members need to take action for today, and properly plan and prepare for tomorrow.

    Among other activities, in the weeks ahead, FB-ISAO will be:

    • Continuing development and distribution of TLP GREEN and AMBER products to members via non-public postings and communications. An additional partner report will be shared later today with members currently participating in FB-ISAO Slack.
    • Establishing the member secure portal (near completion now).
    • Adding members to working groups and topical channels in FB-ISAO Slack (for Professional level members).
    • Beginning our free, regular offering of Hostile Events Preparedness Series education via webinar, to help educate FBOs on the threat environment, and start the process of preparedness.
    • Commencing distribution of our series of reports on the Hostile Events Attack Cycle (HEAC) to help members increase their understanding of the process would-be attackers typically follow whilst planning an attack.

    In the meanwhile, FBOs are encouraged to review basic response procedures such as responding to a bomb threat and safely evacuating a facility, and other appropriate basic preparedness.

    As observed this morning, “For a long time (New Zealand) has assumed that this extremism is not here, but it is.” Many times we take on the “it won’t happen here” mentality. That is not a responsible mentality. We do need to take a measured assessment of risks, and do not want to be alarmist or reactionary, but we also need to be reasonably responsible and care for those we invite and employ at our FBOs. If you have questions or other needs for assistance, please feel free to contact our team. We hope you’ll also review our membership page and consider joining FB-ISAO as we complete our transition to our new membership model.

  • A Message to the Community of Faith, from the DHS Assistant Director of Infrastructure Security

    A Message to the Community of Faith, from the DHS Assistant Director of Infrastructure Security

    “The core mission of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is to collaborate with public and private sector stakeholders to develop and disseminate resources that support risk mitigation. In partnership with entities such as the Faith-Based Information Sharing and Analysis Organization (ISAO), we provide resources that assist in securing physical and cyber infrastructure. I commend all of you for being members of the Faith-Based ISAO as it demonstrates the importance you place on partnership, information sharing, and risk-mitigation; all of which support achieving the pinnacle of security practices.”

    The above is an excerpt from a letter written by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Assistant Director of Infrastructure Security, Mr. Brian Harrell.

    Please read the entirety of Director Harrell’s letter below. In addition to the letter, CISA wanted to make sure FB-ISAO members are familiar with a valuable new resource, the Securing Soft Targets and Crowded Places Resource Guide. “Soft Targets and Crowded Places (ST-CPs)… are locations that are easily accessible to large numbers of people and that have limited security or protective measures in place making them vulnerable to attack. DHS has been working for many years to address ST-CP security and preparedness, with recent shifts in the threat landscape calling for renewed departmental focus on leveraging and maximizing its ST-CP security authorities, capabilities, and resources in an integrated and coordinated manner.” Access those resources below, and see the Resources tab on this website for more.

    AttachmentSize
     Security of Soft Targets and Crowded Places Resource Guide4.62 MB
     Soft Targets and Crowded Places Security Plan Overview698.37 KB
    Assistant Director Brian Harrell

    “please know that the U.S. Department of Homeland Security is dedicated to maintaining a strong partnership with the faith-based community and that we value your partnership.” – Assistant Director Harrell

    Through relationships with leaders and organizations, such as Assistant Director Harrell and CISA, with the Federal Bureau of Investigation, state and local fusion centers, and other public sector partners, we will continue to grow our private-public collaboration, and the continued awareness, preparedness, security, and resilience of the American community of faith. Please read the entirety of Assistant Director Harrell’s letter, above, and thank you for your commitment to building a stronger, more prepared nation.

Show Buttons
Hide Buttons