The COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways. FB-ISAO’s Threat and Incident Response Group (TIG) continues to assess the ongoing threats and risks to our community and has made the following updates to our Threat Level Assessments:
The TIG has determined to maintain the Physical Threat Level at “CRITICAL,” – our highest level of threat – as it has been since 31 March 2020. The TIG will continue to assess the Physical Threat Level and provide updates accordingly. This determination is valid through sunset on 14 May 2020, and will be periodically re-evaluated, especially with respect to ongoing threats and developing federal, state, local, tribal, and territorial (FSLTT / SLTT) guidance and directives.
The TIG has determined to maintain the Cyber Threat Level at “ELEVATED,” as it has been since 20 March 2020. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. This determination is valid through sunset on 14 May 2020, and will be periodically re-evaluated, especially with respect to ongoing cyber threats.
FB-ISAO continues to strongly encourage members “hold the line.” By hold the line, we mean continue to follow FSLTT guidance and directives and reopen, reenter and resume operations in accordance with, and not ahead of, such guidance and directives.
Regarding the Cyber Threat Level, we do not assess a significant change from the 21 Mar assessment. However, we do consider a sustained higher level of cyber risk as threat actors pivot attack campaigns to leverage themes associated with “Opening Up America Again.” As organizations begin transitioning from strictly online activities back to gathering in person, cyber attackers will closely follow the messaging tone and cadence throughout each gating phase and adjust their lures accordingly.
The ploys are the same, but the deluge is unprecedented – Cyber tactics leveraging coronavirus themes will continue at a significant volume for the foreseeable future. Cyber attacks such as phishing, smishing (SMS phishing), disinformation/misinformation, and counterfeit websites purporting to have important or urgent updates will continue to dominate the threat landscape.
Think critically – Cyber attackers will continue their attacks to seek financial gain or sow seeds of rumors and disinformation to create chaos and confusion for their amusement.
Trust but verify – FB-ISAO members are encouraged to treat every coronavirus-themed, including “Opening Up America Again” communication or situational report with suspicion.
Regarding the Physical Threat Level, as SLTT governments begin to “reopen” their communities, coronavirus remains a serious threat in the United States; beyond the immediate challenges, there is a very real possibility of second and third waves until a vaccine is developed and applied nationwide. Further, many countries around the world – including nations in the Western Hemisphere – are on an upward trajectory and it is expected that the number of cases in many countries will increase in the coming weeks. Based on the health threat alone, we continue to strongly urge members to follow FSLTT guidance and direction and, as directed, to limit the size of gatherings or to forgo physical assemblies, in accordance with that guidance. FB-ISAO strongly discourages defying state and local guidance and directives and encourages members to reopen, reenter and resume operations in accordance with government guidance and directives.
Beyond the pandemic threat:
Ramadan continues and, since the first night of the annual Muslim holiday, there have been threats and incidents aimed at mosques and Muslim people (to include in the U.S. and Canada), as captured in recent FB-ISAO reports.
27 April marked the one-year anniversary of the Poway synagogue attack. Such occasions can motivate and inspire like attacks.
Continued extremist interest in conducting various attacks and hostile actions against people and places of faith (to include specific anti-Semitic rhetoric relating to exploiting COVID-19 and other extremist discussion and interest in places of worship and people of faith [see previous FB-ISAO and government partner reporting]);
May Day / International Workers’ Day (01 May 2020). FB-ISAO is not aware of any credible threat or large scale, worldwide demonstrations during May Day, however, personnel with physical security interests should maintain awareness of locally planned events and take appropriate preparedness actions.
As with April, we assess the month of May to continue to be a CRITICAL threat period.
Recent and upcoming reports and public posts speak to ideas elaborating on these various threats and on mitigation, including the public posts listed above, and recent weekly reports on maintaining preparedness for non-health threats during this pandemic and on upcoming threats. Please contact our team with any questions, needs for information, assistance or any other concerns.
We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
Join the #covid-19 channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas and actions for others.
As we periodically update these assessments, FB-ISAO’s Preparedness Group (PG) has launched a Pandemic Recovery Group with FB-ISAO staff, PG members, and other government and industry partners, and is also liaising with the venue community in collaboration with the International Association of Venue Managers. This group is developing information which may help inform FBO’s reopening and reentry operations. Interested in helping; contact our team to find out how!
This assessment has been developed by FB-ISAO and is our general, nationwide, cyber threat assessment for the U.S. community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors (PSAs), Cybersecurity Advisors (CSAs), and other local experts and responders.
“The ongoing coronavirus (COVID-19) pandemic has temporarily altered our daily activities. People are rightly practicing social distancing to limit community spread, in line with the President’s Coronavirus Guidelines for America. Many houses of worship have also suspended or significantly reduced services to avoid mass gatherings. Although many people undoubtedly continue to practice their faith, including through remote services and prayer, most are inevitably eager to return to normalcy and join their fellow congregants in practicing their faiths. The American people are resilient, and we will achieve this goal soon.”
The above is an excerpt from a letter written by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Assistant Director of Infrastructure Security, Mr. Brian Harrell.
In addition to the letter, CISA wanted to make sure FB-ISAO members are familiar with a valuable resource page, CISA’s Hometown Security can be found here: https://www.cisa.gov/hometown-security. From the webpage “These tools and resources are offered free to communities because the Department recognizes that communities are the first line of defense in keeping the public safe and secure.” Brian Harrell continues with “As I mentioned in my February 2019 letter to the Faith-Based Community, the Cybersecurity and Infrastructure Security Agency (CISA) within the U.S. Department of Homeland Security (DHS) is committed to supporting your efforts to maintain safe and secure houses of worship and related facilities while sustaining an open and welcoming environment. In partnership with entities such as the DHS Center for Faith and Opportunity Initiatives and the Faith-Based Information Sharing and Analysis Organization, we provide resources that assist in securing physical and cyber infrastructure.”
Assistant Director Brian Harrell
“In partnership with entities such as the DHS Center for Faith and Opportunity Initiatives and the Faith-Based Information Sharing and Analysis Organization, we provide resources that assist in securing physical and cyber infrastructure.”
“Thank you again for everything you do to champion the American people’s Constitutional First Amendment rights, as well as your leadership in keeping our houses of worship safe and secure. You have a committed partner in DHS who is steadfast in ensuring you have the resources to enhance your security programs.” – Assistant Director Harrell
Through relationships with leaders and organizations, such as Assistant Director Harrell and CISA, with the Federal Bureau of Investigation, state and local fusion centers, and other public sector partners, we will continue to grow our private-public collaboration, and the continued awareness, preparedness, security, and resilience of the American community of faith. Please read the entirety of Assistant Director Harrell’s letter, above, and thank you for your commitment to building a stronger, more prepared nation.
The COVID-19 global pandemic is a complex and blended threat impacting members and the broader faith-based and charity community in numerous ways. FB-ISAO’s Threat and Incident Response Group (TIG) has continued to assess the ongoing threats and risks to our community and has made the following updates:
The TIG has determined to increase the Physical Threat Level from “SEVERE,” to “CRITICAL,” – our highest level of threat – as of 31 March 2020. The TIG will continue to assess the Physical Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 30 April 2020, but that will be periodically re-evaluated.
The TIG has determined to maintain the Cyber Threat Level at “ELEVATED,” as it has been since 20 March 2020. The TIG will continue to assess the Cyber Threat Level and provide updates accordingly. At present, this increase is valid through sunset on 30 April 2020, but that will be periodically re-evaluated.
Regarding the cyber threat level, we do not assess a significant
change from the 21 Mar assessment. We do consider a higher level of risk as
organizations move to online processes – from routine assemblies to special
events, and for online giving.
The ploys are the same, but the deluge is unprecedented – With work, learning, and worship from home being status-quo for awhile, tactics leveraging coronavirus themes will likely continue to increase at an exponential rate before they plateau, as individuals who are not used to near-exclusive level of online interactions are bombarded with cyber attacks such as phishing, smishing (SMS phishing), disinformation, and counterfeit websites.
Think critically – Cyber attackers will continue their attacks to seek financial gain or sow seeds of rumors and disinformation to create chaos and confusion for their amusement.
Trust but verify – FB-ISAO members are encouraged to treat every coronavirus-themed communication or situational report with suspicion.
Regarding the physical threat level, the escalating threat of
coronavirus in the United States and many countries around the world is on an
upward trajectory and it is expected that the number of cases will increase in the
coming weeks. Based on the health threat alone, we urge members to follow
national guidance and state and local direction and, as directed, to limit the
size of gatherings or to forgo physical assemblies, in accordance with that guidance.
FB-ISAO strongly discourages defying state and local guidance and directives.
Beyond the pandemic threat on its own:
With the upcoming major holidays of Passover and
Easter;
Continued extremist interest in conducting
various attacks and hostile actions against people and places of faith (to
include specific anti-Semitic rhetoric relating to exploiting COVID-19; see
previous FB-ISAO reporting);
As well as the anniversary of complex
coordinated terrorist attacks in Sri Lanka last Easter, and other incidents
that may serve to inspire extremists;
We assess the month of April to be a CRITICAL threat period.
Recent and upcoming reports and public posts speak to ideas elaborating
on these various threats and on mitigation, including the public posts listed
above, and recent weekly reports on maintaining preparedness for non-health
threats during this pandemic and on upcoming threats. Please contact our team with
any questions, needs for information, assistance or any other concerns.
We encourage members to review the FB-ISAO Daily Journal for general threat awareness, updates and ideas on what other organizations are doing.
Join the #covid-19 channel in FB-ISAO Slack to see more updates, details and conversation on this threat, and share your questions, ideas and actions for others.
This assessment has been developed by FB-ISAO and is our
general, nationwide, cyber threat assessment for the U.S. community of faith.
As always, for local threat information, members are encouraged to work closely
with neighborhood partners, local law enforcement, state and local fusion
centers, local FBI
field offices, DHS Protective
Security Advisors (PSAs), Cybersecurity
Advisors (CSAs), and other local experts and responders.
This post was originally informed by a TLP AMBER FB-ISAO Weekly Physical Security Report, distributed to members on 11 July 2019.
There
are threats not inherent in day-to-day activities or related to direct threats
routinely confronted by an organization. For example, most faith-based organizations (FBOs) may never
encounter a hostage situation, an extremist demonstration, or a major sport championship
parade. Nonetheless, these types of incidents or events may pose indirect
threats to FBOs in proximity to such activity.
While many FBOs occupy standalone buildings, many houses of worship, other faith-based and charity facilities are adjacent, co-located, or otherwise in proximity to other organizations that are also widely accessible to the public. These relationships to other facilities and organizations constitute a risk from potential indirect threats that FB-ISAO refers to as “Associated Risk.” Examining these associated risks allows organizations to look beyond just the direct threats, and consider risks that emanate from potential incidents that bring other, perhaps less likely, or asymmetrical, threats with them. Planning for associated risk requires close coordination with local partners, awareness of local events and activities, and making appropriate risk-based decisions to minimize impact or effectively responding to the threat.
What Are Associated Risks?
Associated
risks are potential unwanted outcomes resulting from an incident, event, or
occurrence in nearby proximity, that may not be connected to the specific
organization or location. In many instances, the associated risk stems from the
impact of threats against people, places or event that are actually the
intended target. While the direct threat may be to something specific, the
associated risk is to everything and everyone that may be associated with the
target.
Associated Risks can occur in instances when an entity becomes a “second-hand” target by way of an attacker’s intended target, or when the second-hand target, or incident, is located in close proximity of the intended target.
Associated risks are not typically planned for and may not be identified during normal planning and preparedness efforts.
Keeping
abreast of local events and maintaining close coordination with local authorities
and neighbors will help organizations recognize and prepare for associated risks.
Indirect Threats; Associated Risks
From protest events to celebratory parades, in recent months there have been several instances in which facilities were impacted from an associated risk, as opposed to a direct threat to their business or location. Types of such activities could include:
A protest taking place in proximity to an FBO, charity, or other non-profit facility. Such events could escalate and include acts of violence, vandalism, threaten uninvolved personnel, or otherwise indirectly impact a facility. A recent demonstration in Portland saw multiple assaults reported and items that looked like milkshakes, but actually contained quick-dry concrete, thrown at demonstrators and officers.
A shooting incident, criminal or a mass shooting event, may occur in proximity to an FBO, charity, or other non-profit facility, or (as was the case in the recent Odessa shooting spree) may implicate a large area and cause massive confusion. Such events may be particularly impactful to organizations during peak service or business hours, and lead to necessary decisions on evacuations, sheltering in place, or otherwise responding to protect people.
Sports celebrations, holiday, and other notable parades can be proud times for a city but the festivities around the victory can cause physical damage to local establishments, and parade routes can disrupt normal day-to-day operations. Whether real or not, extremists or ardent supporters on either side of an issue could use such events to promote their agendas or show their disapproval, creating an possible associated risk for FBOs.
For FBOs,
the above incidents may not immediately present a risk
or indicate a threat, but that often depends on the location of the
organization, its members or other visitors, and a number of other factors that
may extend beyond the FBO, charity, or other non-profit facility
itself. Maintaining
situational awareness of these types of events and the potential spill-over
impact will be beneficial to overall organizational preparedness.
Mitigate Associated Risks
Coordinate with local law enforcement and neighborhood partners. These valuable relationships need to be established in advance of any threat or incident and are a vital part of incident response planning. Keep in touch with local law enforcement and fusion centers for potential threat updates and upcoming events that may represent potential targets for attacks.
Review local activity and events. Maintaining situational awareness of community activities and incidents allows organizations to consider potential threats and make risk-based decisions.
Develop appropriate incident response. While it is difficult to anticipate every possible associated risk, organizations should still develop response plans that will enable more effective response to an evolving threat and make real-time decisions. This could include evacuating the immediate area, shutting down business operations, or alerting employees to remain at home.
Convene key personnel when appropriate. Once events are identified that could cause associated risk, it will be important for the organization to coordinate and assess the potential impacts.
Communicate, communicate, communicate. Last, but certainly not least, if operational changes are required, these need to be communicated to employees so they can comply or respond accordingly. For example, an organization may choose to work from home when there are big events near the office. This requires a direct communication channel to employees.
David Pounder is Gate 15’s Director of Threat and Risk Analysis. He advises on both physical and cyber security issues. Dave spent over 20 years in the Army as an Intelligence and Security Officer, specializing in counter-terrorism, force protection, and counterintelligence efforts as well as serving in the private sector for leading financial institutions responsible for information security and mobile applications. Dave twice served in senior command positions responsible for both counterintelligence operations and investigations. He has briefed Senior Army Leadership on intelligence and security issues and operations to include General David Petraeus and General Martin Dempsey. David was a regular guest instructor at the Department of Defense Joint Counterintelligence Training Academy in Quantico, VA. Dave graduated from George Mason University and from the US Army’s Command and General Staff College and has served internationally to include tours in Iraq, Cuba and Qatar.
Omar Tisza graduated from American University in
2017 with a bachelor’s in International Relations. After a brief stint
in business development on the federal market, he began his role as Jr.
Risk Analyst at Gate 15 in 2018 and currently supports the Health
Information Sharing and Analysis Center (HISAC) and the Healthcare
Sector Coordinating Council – Cybersecurity under the leadership of
Executive Director Greg Garcia, former Assistant Secretary for Cyber
Security and Communications at DHS.
Join FB-ISAO!
We welcome faith-based organizations, charities and critical partners to join FB-ISAO. Access our TLP AMBER and
TLP GREEN reports,
join our collaborative forums, working groups, participate in leadership
opportunities and take the next step in enhancing your organization’s
preparedness, security and resilience!
This post was originally informed by a TLP GREEN FB-ISAO Monthly Threat Overview, distributed on 27 June 2019.
Every month, FB-ISAO provides a TLP GREEN report, the FB-ISAO Monthly Threat Overview. The report is developed over a specific reporting period by a team of analysts. The report addresses all-hazards – to include physical, cyber, natural hazards, and health threats. The complete physical security section includes incidents involving hostile events, vandalism, theft, harassment, arrests and other notable events. In our May report, I was struck by the remarkable number of incidents that were included, specifically in the area of hostile events.
This month, it was a different portion of the report that notably stood out for me – the significant incidents of vandalism and theft, which are not necessarily unique this period, though some are specific to the month. One of the areas that we observed in June was vandalism aimed at houses of worship recognizing Pride Month (June).
“All of the faithful they should have some assurance that when they go into churches, that these places are safe” – Monsignor Edward Lohse, Vicar General with the Erie Catholic Diocese, via Erie News Now
Chicago, Illinois: “LGBTQ Pride flags vandalized in possible hate crime at Wicker Park church.” On 25 June, The Chicago Tribune wrote, “A week before thousands of Chicagoans fill North Side streets to share love, acceptance and pride for the LGBTQ community, a Wicker Park church is moving ahead after being targeted with messages of hate. Early Sunday morning, a pride flag and transgender flag hung outside Wicker Park Lutheran Church in the 1500 block of North Hoyne Avenue were vandalized. A Chicago police spokesperson confirmed police are investigating the incident as a possible hate crime.”
United Church of Renton, Washington State
Renton, Washington: “FBI Offers Reward of Up to $5,000 for Information on Renton, Washington Church Display Defacement.” On 28 June, the FBI announced, “On June 19, 2019, at approximately 2:30 a.m., an unknown individual (or individuals) used explosive devices to deface an outdoor display at the United Church of Renton in Renton, Washington. The display featured multi-colored doors, each painted with a different word from the phrase ‘God’s doors are open to all.’ It is believed that the subject(s) also wrote ‘Leviticus 20:13’ on one of the doors. This display was previously vandalized during the evening hours of June 13, 2019, when parts of the display were knocked down. The display was also defaced with explosive devices at approximately 10:00 p.m. on June 16, 2019.”
Beyond Pride Month acts of vandalism, theft continues to target Houses of Worship. From South Carolina to Virginia, and across other parts of the country, theft continues to challenge our community.
Loudoun County, Virginia: “Group tries to rob Virginia Buddhist temple; may havestolen from others.” On 26 June, WTOP reported, “Four people tried to rob a Buddhist temple in Sterling, Virginia, on Tuesday, and that might not have been the only temple they hit… One of the men tried to distract the abbot by asking about Buddhism and about a statue in the temple, while the other man sneaked off and went around to the office building, and the two women stole several keys from the abbot… Loudoun County Sheriff Mike Chapman said his department was working to confirm reports that the same group had robbed Buddhist temples in Maryland and North Carolina.”
Bethune, South Carolina: “‘We estimate that we have over $38,000 worth of losses.’ Bus among other items stolen from Bethune church.” On 27 June, WLTX19, CBS, wrote, “Sometime Tuesday evening a church in the town of Bethune was broken into and thousands of dollars of valuables were stolen including their church bus. The pastor of the Bethune Baptist church Scott Bernshausen said, ‘I came out and found the bus was stolen… We entered the building and realized that the burglars had broke in and stolen multiple TVs and electronic equipment throughout the church.” Church member Robert Horton had just been at the church around 9 p.m. Tuesday night, ‘the neighbor said maybe this happened between 9 and 10. So you never know when somethings going on or when someone could be watching what you’re doing.’”
Last week, this post’s author had the opportunity to visit with a church leadership team to discuss hostile events preparedness. With Board of Trustees members having watched an FB-ISAO presentation on Hostile Events (see this month’s FB-ISAO newsletter for info on the next session), recently attending local law enforcement training, and after talking with police and fire personnel, the church wanted to discuss ways to approach security and to minimize risks. Among the ideas discussed was the importance of basic facility hardening. Not every facility can have robust security measures, but it is important to have something – whether human patrols, security cameras, public address systems, mass notifications capabilities, the cloud-based Geoaware®️ platform being offered **at no cost** to FB-ISAO Pro Members by our friends at Vizsafe, or other measures. Hardening and a complete preparedness program don’t happen overnight, but can be approached in manageable steps, respecting time, resources and an assessment of risks (read a great article on preparedness from Homeland Security Today, “Hard Conversations About Soft Targets: DHS Workshop Aims to Save Lives in Mass Shootings” [28 Jun])
“I recognize that investments don’t happen overnight… Are we building security, redundancy and resiliency into our budgets, or are we just being reactive to everything? …we will not get any better during a crisis — we will fall back to our training.” Assistant Director Brian Harrell, Assistant Director for Infrastructure Security, DHS Cybersecurity and Infrastructure Security Agency (CISA), in HS Today
In the case of the South Carolina church noted above, the church stated that, “We do have a security system and currently its with the burglars. We had just purchased a security system and we just formed a security team but before we could get the security system in, it actually got stolen by the burglars.” In Virginia, the temple has security cameras installed and operation and the Sherriff’s Office is reviewing and sharing footage with authorities in the other areas, according to WTOP. Two other recent incidents also demonstrate how having cameras, which can also help deter some crimes and attacks, at least also help inform post-incident investigations:
Erie, Pennsylvania: “Erie Church’s Security Measures Help Police Track Down Attacker.” Erie News Now reportedon 01 July, “The victim fought off her attacker, and he left, but not before he was caught on the church’s surveillance cameras. Erie police released a picture of the suspect, along with his physical description on social media. By nightfall, Erie police identified the man as Josue Mendez, 25, and arrested him, ‘The presence of the surveillance cameras at St. Joseph’s was certainly a help in this case,’ said Msgr. Lohse.” And in another Pennsylvania incident, “Police investigating after break-in at Northampton County church” (WFMZ, 01 July).
And in addition to cameras, the importance of threat reporting and information sharing cannot be understated. Beyond vandalism and crime, our community must always be ready for the possibility of hostile attackers. From WHTC in Michigan, 01 July: “Police were called at about 10 a.m. with the report of a suspicious incident at a church, which Mulder did not identify. The dispatcher was told by the church’s security official that a man made a comment about having a shotgun in his vehicle, and was headed to another church…”
Threats exist – right now, today. We need to take reasonable actions – today. Is your organization properly, reasonably, and responsibly addressing the risks you are facing? Are you actively working on preparedness and operations to protect and prepare your people and places? FB-ISAO will be providing our next offering of the Hostile Events Preparedness Series educational presentation on 25 July. It is free, and only costs you an hour and a half of your time. Contact our team for more information on that event.
Join FB-ISAO! We welcome faith-based organizations, charities and critical partners to join FB-ISAO. Access our TLP AMBER and TLP GREEN reports, join our collaborative forums, working groups, participate in leadership opportunities and take the next step in enhancing your organization’s preparedness, security and resilience!
The complete FB-ISAO Monthly Threat Overview goes into additional incidents, other threat vectors and provides resources for members. As a TLP GREEN report is available to all Standard and Professional members, as well as our Government and Law Enforcement members (read more on membership here).
Vandalism and Theft Incidents, for period from 23 May-25 June 2019.
In early June in London, Ontario, vandals scrawled an offensive message on the sidewalk outside of a mosque. Pictures of the graffiti were taken immediately, and police were called.
In early June in Germany, three mosques suffered assaults over a two day period. At one mosque, a right-wing group desecrated the mosque walls with graffiti that said, “get out.” In Hessen, vandals threw rocks at a mosque. Finally, at a mosque in Bremen, a copy of the Quran was set on fire. Police said they were investigating the attacks and expected to arrest the perpetrators soon.
On 8 June, the results of a British surveyrevealed that criminal gangs are increasingly turning to metal theft, including from church roofs. The survey found there were on average 37 reports of lead theft from churches in Britain each month. Security experts have warned that the thieves will often get violent if confronted.
On 6 June in Bergen County, New Jersey, a swastika was found etched into a classroom wall at a high school. It was the second such incident in the span of two weeks. On 28 May, a swastika was discovered on the wall of a bathroom shared between the high school and middle school. Local police are investigating, but they don’t have much evidence to go on, law enforcement said.
On 6 June in Tulsa, Oklahoma, a man was arrested after he was caught on video smashing a church’s windows. The church sustained $1,000 worth of damage as a result. Police say the man told them he had no reason for the vandalism, other than that he was drunk.
On 6 June in South Derbyshire, England, thieves broke into a church and stole money from charity collection boxes. Police appealed for witnesses to come forward.
On 2 June in Cardiff, Wales, two men were arrested after they broke into an Islamic community center. No one was hurt as a result of the break-in.
On 30 May in Florence, South Carolina, a pastor pleaded guilty to bank fraud and identity theft, having used his job as a bank manager to get loans and lines of credit for elderly customers and launder the money through his church. He used the money obtained through two customers to pay for rental cars, a home security system, and hotels in Myrtle Beach. He also closed a $50,000 certificate of deposit belonging to one of the elderly victims and made payments on his delinquent mortgage. The pastor tried to hide his financial doings by depositing some of the bank money in the church’s operating account and withdrawing it for his own use. He opened an account in the church’s name at a bank and disguised a $28,500 loan withdrawal as a donation from the elderly victim. The pastor faces up to 30 years in prison and a $1 million fine for bank fraud and a mandatory two-year term for aggravated identity theft.
On 29 May in Anaheim, California, a man broke into a church and stole electronics and religious items. Security footage showed a man breaking into the church and stealing two iPads, a laptop, a projector, and a microphone. The suspect also damaged property inside of the church. The police department said they had not seen any evidence that would point to the burglary as a hate crime.
On 29 May in Lake Charles, Louisiana, acts of arson and vandalism were perpetrated against a church. Security cameras captured a suspect approaching the building with a five-gallon bucket of possible flammable liquid. The suspect allegedly attempted to get into the church by kicking in the glass doors. Unable to gain entry, police say the suspect then can be seen breaking out a side window on the church and throwing the bucket of liquid into the building. The suspect allegedly made multiple trips to the broken window, throwing lit items into the building.
On 28 May in Austin, Texas, it was reported that a sign for “Muslim Space,” an Islamic institution, had been defaced with Islamophobic language and obscenities. The Austin chapter of the Council on American-Islamic Relations (CAIR-Austin), the nation’s largest Muslim civil rights and advocacy organization, asked police to investigate the incident.
On 28 May in Bellmead, Texas, a man broke into a church and stole two security cameras. The man entered the church through an unlocked window. At that time, he took a security camera and batteries for the camera. He also took a box containing keys to every door at the church. The following morning, he returned to the church and attempted to enter the front door using the keys that he took the night before. The alarm scared man off, and he took another camera as he left. He was eventually arrested by police.
On 23 May in Staten Island, New York, anti-Semitic graffiti was found written on the external walls of a synagogue. The graffiti said, “synagogue of Satan.” Meanwhile, at a Jewish school across the street, the letters “SOS” had been written. A spokesman for the synagogue said security would be increased. Police said they were aware of the incident and were investigating.
Every month, FB-ISAO provides a TLP GREEN report, the FB-ISAO Monthly Threat Overview. The report is developed over a specific reporting period by a team of analysts. The report addresses all-hazards – to include physical, cyber, natural hazards, and health threats. Reviewing the draft of the most recent report, finalized and distributed on 24 May and covering the period from 25 April – 22 May 2019, I was amazed by the remarkable number of incidents that were included.
Addressing the area of hostile events, the report notes, “The persistence of domestic arrests, incidents, and continued jihadist and other extremist rhetoric remains a direct threat to the Faith-Based Organizations (FBOs). We continue to consider the threat of lone actor or a small group of extremists to be a credible threat. Over the past month, there were several events and arrests that continue to serve as reminders of the continuous physical security threats facing the sector.”
“Our right to worship freely and without fear is fundamental to life in America.”
Renn Cannon, Special Agent in Charge of the FBI in Oregon
The complete physical security section includes incidents involving vandalism, theft, harassment, arrests and other notable events. But it was the section covering Active Shooter & Hostile Events that jumped out at me. An excerpt from that section follows. I encourage you to review the list of incidents and let that sit with you for a few moments.
Is your organization properly, reasonably, and responsibly addressing the risks you are facing? Are you actively working on preparedness and operations to protect and prepare your people and places?
FB-ISAO will be providing our second offering of the Hostile Events Preparedness Series educational presentation on 20 June. It is free, and only costs you an hour and a half of your time. Contact our team for more information on that event. Consider joining FB-ISAO, tying in to our growing community of security-focused faith leaders and help enhance the security and resilience of your FBO and our collective community of faith. As recently stated by Renn Cannon, Special Agent in Charge of the FBI in Oregon, “Our right to worship freely and without fear is fundamental to life in America.” Are you doing everything you can to help protect and prepare your people and places so all Americans, and those within our boarders, are able to “worship freely and without fear?”
The complete FB-ISAO Monthly Threat Overview goes into additional incidents, other threat vectors and provides resources for members. As a TLP GREEN report, it is available to all Standard and Professional members, as well as our Government and Law Enforcement members (read more on membership here).
Active Shooter & Hostile Events, for period from 25 April – 22 May 2019.
Over the weekend of 18 to 19 May in Chicago, Illinois, separate incidents of attempted arson and vandalism occurred at local synagogues. Worshipers who arrived at one synagogue Sunday morning discovered broken glass and charred black rags outside the building. Police later confirmed that an unknown assailant twice attempted to set the building on fire around midnight on Saturday. No one was injured and there was no damage to the synagogue. Police were also investigating vandalism outside several synagogues in the city’s West Rogers Park neighborhood, where the windows of cars parked outside the building were smashed early Sunday morning.
On 15 May in Kalamazoo, Michigan, a fire destroyed a church. It took two dozen firefighters over four hours to douse the fire. The building is a total loss, and a home next door suffered exterior damage from the intense heat. The fire marshal didn’t yet know what sparked the fire; federal agents joined the investigation.
On 12 May in New Haven, Connecticut, a fire broke out at a mosque that is still under construction. Officials said they believe the fire was intentionally set. The fire started on the first floor of the building and spread to the second level.
On 12 May in Dablo, Burkina Faso, gunmen killed six people, including a priest, as Mass was being celebrated in a church. The attackers, said to number between 20 and 30, then burned down the church. The town’s mayor said there was panic as other buildings were burned down and a health center looted. As noted below, a Protestant church was attacked in Burkina Faso on 28 April, resulting in the deaths of a pastor and five congregants. Islamist groups have been blamed for a number of attacks in the West African nation in recent years.
On 11 May in Arlington, Massachusetts, a fire was set outside the home of a rabbi that serves at a Jewish center. The incident is being investigated as a hate crime. Police asked for the public’s help in identifying a person caught on a neighbor’s video camera walking away from the home around the time of the fire. Firefighters put out the small fire that burned the shingles of one side of the building. Police and town officials have no evidence yet that the location or its Jewish homeowners were targeted because of their religion, but “are leaving open and actively investigating the possibility of a hate crime.” On 16 May, another fire was set at the Jewish center. The fire, which was on the home’s exterior wood shingles, was small, and firefighters were able to put it out using a hand-held extinguisher.
On 10 May in Couva, Trinidad, a 57-year-old businessman was killed inside a mosque, although the country’s attorney general said the incident should not be labelled as an act of terrorism nor a hate crime. eyewitnesses said the businessman was mingling with fellow Muslims outside the mosque when he was approached by a gunman. He then ran up a flight of stairs and into a prayer room, where he was killed.
On 9 May in Charlottesville, Virginia, a hit and run occurred near a mosque. Police said a dark colored Sedan struck a man’s arm while he was walking along the street. Another member of the mosque claims a car with the same description swerved at her while she was walking to the mosque earlier the same week but at the time, she did not think anything of it. The mosque had been bolstering its security measures in previous months.
On 9 May in London, England, a man fired a shot outside a mosque during evening prayers for Ramadan. The man was reported to have entered the mosque but was “ushered out” by those inside, police said. A shot was heard shortly after. Police said there were no injuries and they were not treating it as a terrorist incident. They said they believed the shot came from a blank-firing handgun. One theory police are considering is that the gunshot followed a dispute linked to gangs or criminality which started in the street and then moved into the mosque.
On 6 May in Brooklyn, New York, a Hasidic Jewish man was assaulted in an unprovoked attacked. Without saying a word, one of the men walked up to the victim and punched him in the face. Another suspect yelled anti-Semitic slurs at the man. The group fled the area. The man was not seriously injured.
On 6 May, French police arrested a 16 year old in Strasbourg, France for actions in conjunction with a plot to attack security forces and possibly Elysees Palace. This arrest is in connection to the arrests in April of three adults and one teenager who had allegedly planned an attack “to coincide with the start of the Muslim holy month of Ramadan… with officials saying the suspects had scouted out areas near the Elysee and a police station in the Parisian suburb of Aulnay-sous-Bois.” French authorities believe this individual published a video pledging allegiance to the Islamic State.
On 28 April in Cincinnati, Ohio, a family of four Sikhs were shot and killed inside their apartment complex. Locals in neighboring apartments said they heard a barrage of gunfire, which forced them to rush out on the streets. However, the alleged killer had fled from the spot. Local police launched a probe into the attack, which is as of now being suspected as an act of “hate crime.”
On 28 April in Burkina Faso, unidentified gunmen killed a pastor and five congregants at a Protestant church, the first attack on a church in a country that has seen an upsurge of Islamist violence this year. Burkina Faso, which boasts of a history of religious tolerance, has been beset by a rise in attacks as groups based in neighboring Mali seek to extend their influence over the Sahel, the arid scrubland south of the Sahara. The government declared a state of emergency in several northern provinces bordering Mali in December because of deadly Islamist attacks, including in Soum, the region where Sunday’s attack took place.
On 27 April near San Diego, California, a shooter who appears to have posted an open letter riddled with anti-Semitism and racial epithets opened fire at a San Diego County synagogue on the last day of Passover. Police said the man opened fire with a rifle, killing one woman and wounding a girl and two men, including a rabbi. Police said the shooter left after his rifle possibly jammed and was fired upon as he fled by an off-duty Border Patrol agent working as a synagogue security guard; the agent struck the getaway car but did not wound the man. A San Diego police officer en route to the synagogue heard details on the radio and confronted the suspect where he had pulled over along the road near Interstate 15. Officials said he surrendered without incident and a rifle was discovered on the front seat.
On 26 April in Los Angeles, California, a man deliberately drove a vehicle into a crowd of people, doing so because he thought they were Muslim, police said. Eight people were injured in the incident, including three members of the same family. A lawyer for the man said the incident “was clearly the result of a mental disorder”, and he would seek psychiatric treatment for his client, who he described as a military veteran possibly suffering from PTSD.
On 25 and 23 April in Bethlehem, Pennsylvania, fires were set at a church. The first fire built a thick, black smoke cloud around the building, but had burned out by the time authorities arrived. It was ruled arson by the Bethlehem city fire marshal. The motive was unclear, according to a statement from the Bethlehem police, but the fire appeared to have been started in the sanctuary area of the church. Then, just two days later, firefighters were at the church again, extinguishing a blaze which was contained to the roof of the structure, right above the sanctuary area. By 26 April, police had arrested a man in connection with the fires, charging him with arson, burglary, and criminal trespass.
On 23 April in Austin, Texas, a man attempted to commit arson at a mosque. He was captured on security video just after midnight pouring what appears to be gasoline on the side of the building and then attempting to light the fluid. The mosque was the target of repeated vandalism last fall. It hired an armed security guard after tires were slashed and the building’s front doors and windows were shattered in September.
On 22 April in Sri Lanka, a van parked near a church that was bombed on Easter Sunday exploded; no injuries have been reported. Police went to inspect the van Monday after people reported it had been parked near St. Anthony’s Shrine since Sunday. They discovered three bombs that they tried to defuse. Instead, the bombs detonated, sending pedestrians fleeing in panic.
On 7 May, it was reported that there have been increasingly violent clashes in Negombo, the site of St. Sebastian’s Church (one of the three churches that was bombed on Easter), with mostly-Catholic mobs attacking and vandalizing Muslim-owned shops, homes, and vehicles. Negombo suffered the highest death toll in the Easter Sunday attacks. The bomb at St. Sebastian’s killed more than 100 worshippers. The violent attacks prompted Sri Lanka’s Roman Catholic Church to call for the hostility against Muslims to end.
On 2 May, Sri Lanka’s Catholic Church said it would not resume Sunday services as planned on May 5 after the government warned of more possible attacks by an Islamic State-linked group. It was the second week following the attacks in which the Catholic diocese canceled services. Instead of public services the first Sunday after the attacks, the cardinal delivered a homily at his residence that was broadcast live on television.
On 12 May, Sri Lanka’s Catholic Church held the first regular Sunday Mass since the attacks. Military forces and police armed with assault rifles patrolled the streets leading to churches and stood guard outside the compounds. Everyone entering was required to produce identity cards and be body searched. Volunteers were stationed at the gates of churches to identify parishioners and look out for any suspicious individuals. Parking was banned near the churches and officials urged worshippers to bring only minimum baggage.
On 29 April, Sri Lanka announced a ban on Muslim women wearing face veils. Although the niqab and the burka, which are worn by Muslim women, were not specifically named in the ban, any face garment which “hinders identification” is no longer permitted to ensure national security, the president’s office said.
On 23 April, the Islamic State claimed credit for the bombings. Independent media groups that produce posters and videos supporting the Islamic State have used the attack to push for more jihadist operations. One poster depicts a jihadist with dark blond hair in military fatigues entering a bombed-out church: “O worshippers of the Cross you will not enjoy your living, you have opened up the gats of hell to yourselves by waring [sp] us, so wait for what will embitter your life, and what is coming is more bitter and more disastrous.”
As reported in the Monthly Threat Brief for April, on 21 April coordinated suicide bombings occurred at three churches and three hotels in Sri Lanka, killing approximately 250 people and injuring at least 500 more. The three churches, all of which were conducting Easter services at the time of the explosions, are located in the cities of Colombo, Negombo, and Batticaloa. The three hotels targeted by the bombings are all located in the Colombo, Sri Lanka’s capital, and are popular with foreign tourists and the country’s business community.
On 21 April in San Diego, California, members of a church tackled a woman carrying a baby and handgun as she threatened to blow up the building. San Diego Police arrived within two minutes of the first call and took the woman into custody, the department said in a statement. Churchgoers were able to take the baby from the woman’s arms and pry the gun from her hands before tackling her to the ground. A bomb-sniffing dog found nothing in a sweep of the building and the suspect’s car, police said. Police said her gun was not loaded.
On 16 April in Winnipeg, Canada, an employee of a café was attacked and the inside of the building was spray-painted with a swastika in what was described as an anti-Semitic attack. A local church was planning a vigil to support Winnipeg’s Jewish community after the incident.
Our partners at FEMA, developed an FAQ on the Fiscal Year (FY) 2019 Nonprofit Security Grant Program (NSGP).
The Fiscal Year (FY)
2019 Nonprofit Security Grant Program (NSGP) provides funding support for
security related activities to nonprofit organizations at risk of a terrorist
attack. For a nonprofit to qualify for the grant, it must meet the description
under section 501(c)(3) of the Internal Revenue Code of 1986 (IRC) and exempt
from tax under section 501(a) of such code. A nonprofit can be considered
vulnerable to attack (e.g. verbal threats, vandalization) if an attack has
occurred at the facility. A nonprofit may also qualify if current events indicate
that a nonprofit may be a target because other organizations have been targeted
due to a similar mission, belief, or ideology.
Grant allocations
can be used for emergency response planning activities, equipment, training and
exercises.
The application window opened on April 12, 2019. The deadline for applications is determined at the state level. Links to state contacts can be found here. The Fiscal Year (FY) 2019 Nonprofit Security Grant Program (NSGP) is a program that Faith-Based Organizations can benefit from, directly, to improve their security posture and resiliency. Questions about the grant application process and deadlines can be directed to [email protected].
Blended threats, in which attacks can cause harm to both cyber and physical systems, are a growing reality for many organizations.The more connected organizations and individuals become, the more impact technology has on their respective physical worlds. In March 2019, we were reminded of how the opposite can be true when two journalists were able to access sensitive fiber optic communications cables simply because someone forgot to lock the gate. Once they gained unimpeded access to the station, the journalists were able to go into a “nondescript hut” where the Hibernia Submarine Communication Cable reaches the British mainland. Despite having CCTV on site, the journalists were not challenged. Had they been there for nefarious purposes, they could have executed physical actions, such as tampering with cables, which could have had a direct cyber-related impact.
A blended threat is a “deliberate, aggressive action that causes harm to both cyber and physical systems”and a growing reality for many organizations.
One of the biggest concerns facing both physical and cyber security disciplines centers on access controls, whichare designed to protect employees/personnel and prevent unauthorized physical access to facilities, equipment, materials, documents, data, and to ensure network activities can continue uninterrupted.
For the Faith Based Organizations (FBO), this means ensuring physical security controls safeguarding computer networks and infrastructure systems are equally prioritized as cyber controls to prevent theft of sensitive information and financial data and prevent any type of disruptions or exploitation to operations.
For most of us, it is common to think of ways in which cyber actions impact physical security, such as the Ukraine powerplant attack, Mirai botnet attack, or this amusing Amazon thermostat review. But when physical actions have a cyber impact, it is a stark reminder that physical and cyber security go hand-in-hand and need to be addressed concurrently, especially in the area of access controls. Once a user is granted access to a system or network cybersecurity controls manage and track activity, but actions leading up to that access, and afterwards, are in the realm of physical security.[Understanding the various ways in which the two disciplines work together–within access controls–can help organizations from all industries improve their overall security posture.
For FBOs, physical access controls may not have as much direct impact as a larger business – but useful nonetheless – even with smaller staff. FBOs maintain sensitive financial and personal information about their members which make them an attractive target for cybercriminals. As part of their risk management approach, FBOs are encouraged to undergo a risk assessment to determine relevant controls for the type of information being protected. For example, while it may not be practical to install a badging system, key pads or safes would be viable solutions to protect sensitive information from unauthorized physical access. Considerations for risk assessments include:
Key & Badge Control. Employees with access to sensitive materials through a badge or key, must be aware of the responsibility that comes with this level of access. Additionally, organizations must also account for those keys through inventories. Some areas that require physical access controls include telecommunications rooms, power supply rooms, HVAC systems, server rooms, and data centers.
Employee Termination or Change in Job Responsibility. A prime consideration around access controls addresses what happens when an employee vacates their role. It is important to work with Human Resources in these instances, but managers may need to ensure employees have the appropriate level of access that corresponds to their new role. This includes employee termination and procedures to delete access, as well as adjusting access as employees move within the organization. Likewise, personnel and responsibility changes can disgruntle employees or motivate malicious users to harm the organization.
Clean Desk Policy. While many organizations are moving to paper free offices, documents containing sensitive information may still be printed. Having a clean desk mitigates the risk of exposing sensitive material to unauthorized individuals.
Laptop Computers. Portable devices used within an office need to be physically secured when left unattended, even in the office during normal business hours, to mitigate against unauthorized access to sensitive data. Likewise, never leave portable devices unattended in public spaces.
Additional unauthorized access tactics that security teams should be on guard for include:
Tailgating.“Occurs when one or more people follow an authorized user through a door.” Sometimes individuals with authorized building access will hold the door for others who may not be authorized to enter out of courtesy.
Door Propping.“Propping doors open, most often for convenience, is another common way unauthorized individuals gain access to a location and potentially create a dangerous situation for the people and assets within.”
Levering Doors.“Many doors can be levered open using something as small as a screwdriver… Advanced access control systems include forced-door monitoring and will generate alarms if a door is forced.”
In our increasingly blended threat environment, FBOs need to continue to increase their mutual understanding and collaboration within the cyber and physical disciplines. Increased awareness of the various ways in which the two disciplines work together within access controls can help organizations from all industries improve their overall security posture. So, to answer the question, are access controls a physical or cyber security concern, the answer: BOTH.
Consider joining FB-ISAO!
Read more on membership from the link at left and below.
David Pounder is the Director for Intelligence and Analysis at Gate 15, supporting FB-ISAO. Dave provides expert threat and risk analysis, assessments and special project support for internal activities and client needs.
Omar Tisza is a Jr. Risk Analyst at Gate 15. After a brief stint in business development on the federal market, he began his role as at Gate 15 in 2018 and currently supports a number of efforts, including the Health Information Sharing and Analysis Center (H-ISAC) and the Healthcare Sector Coordinating Council.
TL;DR: Leaders are encouraged to respect the horrible tragedy in New Zealand and the potential for copycat, inspired, or retaliatory attacks by extremists. At this time, FB-ISAO is unaware of any specific or imminent threat towards US Faith-Based Organizations (FBOs); however, in light of today’s incident, we are modifying our current physical threat level assessment.
Physical Threat Level. FB-ISAO has assessed the general Physical Threat Level for US Faith-Based Organizations as “GUARDED.” As per FB-ISAO’s definitions of the Cyber Threat Levels, “GUARDED” means FB-ISAO is unaware of any specific threats but a general risk of incidents exists.Note: While we do not assess that there is a significantly elevated threat at this time and are not increasing the threat level to “ELEVATED,” FB-ISAO considers this period following a significant extremist attack upon a place of worship as a period of heightened concern. During this time, extra consideration should be given to organizational security and preparedness.
This assessment has been developed by FB-ISAO and is our general, nationwide, threat assessment for the US community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors and other local experts and responders.
Earlier today, in Christchurch, New Zealand, a horrific attack left at least 49 individuals dead and approximately 20 seriously injured. The coordinated mass shootings were conducted at two separate mosques, with reports of 41 individuals killed at the al Noor mosque and seven more at the Linwood mosque. Four individuals have been taken into custody – three men and one woman. There is an open investigation and additional details will be forthcoming. So far, a 28-year-old male has been charged with murder. There is abundant information on this attack in today’s Faith-Based Journal – see the WORLD and #CHRISTCHURCHSections for links; some of which have been included below. The nature of the attackers’ extremism and radicalization, the deliberate planning of the attack, and other key aspects will be further explored and distributed to members in a TLP AMBER follow-on report next week.
This morning, DHS communicated a message to Faith-Based organizations from Mr. Brian M. Harrell, the Assistant Director for Infrastructure Security. In that message, Mr. Harrell states, “As the Assistant Director for Infrastructure Security within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), I implore you to reflect on today’s attack, and determine how we can collectively better prepare for and mitigate the impacts of a similar incident here in the Homeland. It has been demonstrated in recent attacks such as at the Tree of Life Synagogue in October 2018, that violent extremism is present in our nation and we must learn from previous incidents and apply best practices to avoid impacts to the core of the American way of life. As I mentioned in my February 2019 letter, CISA is steadfast in its commitment to supporting the faith-based community in enhancing security in a manner that still maintains the unique and open environment that places of worship provide to their parishioners.” The complete message was distributed with this DHS resource: The Securing Soft Targets and Crowded PlacesResource Guide. “Soft Targets and Crowded Places (ST-CPs)… are locations that are easily accessibleto large numbers of people and that have limited security or protective measuresin place making them vulnerable to attack. DHS has been working for many years to address ST-CP security and preparedness, with recent shifts in the threat landscape calling for renewed departmental focus on leveraging and maximizing its ST-CP security authorities, capabilities, and resources in an integrated and coordinated manner.”
There has not been a National Terrorism Advisory System (NTAS) alert and one is not expected. However, as local jurisdictions assess the threat, several major metropolitan areas are increasing security around places of worship. As this post is being written, a number of additional updates have been made relating to increases in local security at FBOs both internationally (France, the UK, and Australia, and others) and in the United States including New York, Chicago, Pittsburgh, Atlanta, Philadelphia, Portland and the Pacific Northwest, as well as in Massachusetts, Arizona, and other parts of the country. Much of this activity is expectedly focused around mosques, but given the potential for copycat, inspired, or retaliatory attacks by extremists, FBOs of all faiths are strongly encouraged to engage with local fusion centers and law enforcement, and to talk to other local FBOs. Regardless of belief system, now is an important time to share information concerning reports or behaviors with local places of worship and other FBOs – threats that may seek to attack one facility or type of target may shift to secondary or additional targets for a variety of reasons.
Adding some recent historical context, the AP reported earlieron the sad list of attacks at places of worship over the last decade. Excluding the incidents in Afghanistan, Pakistan, and the Middle East / North Africa, the list is still remarkably long:
05 Aug 2012: Six members of the Sikh Temple of Wisconsin, in Oak Creek, are fatally shot by a white supremacist, Wade Michael Page. Page was shot by a responding officer and later killed himself.
17 Jun 2015: Nine black worshippers including a pastorare killed by Dylann Roof, a 21-year-old white supremacist, after he prayed with them in Charleston, South Carolina. Roof was convicted of federal hate-crime and obstruction-of-religion charges and sentenced to death.
29 Jan 2017: A gunman killed six men during evening prayers at the Islamic Cultural Centre in Quebec City. Alexandre Bissonnette pleaded guilty to first-degree murder and attempted murder charges and was sentenced to serve 40 years in prison before being eligible for parole.
05 Nov 2017: Dressed in black tactical-style gear and armed with an assault weapon, 26-year-old Devin Kelley opened fire at the First Baptist Church of Sutherland Springs, Texas, killing 26 people and wounding about 20 others.
27 Oct 2018: A gunman believed to have spewed anti-Semitic slurs and rhetoric on social media enteredTree of Life Congregation synagogue in Pittsburghand opened fire, killing 11 and wounding six, including four police officers.
27 Jan 2019: Two suicide attackers detonate two bombs during a Mass in a Roman Catholic cathedral on the largely Muslim island of Jolo in the southern Philippines, killing 23 and wounding about 100 others. Three days later, an attacker hurls a grenade in a mosque in nearby Zamboanga city, killing two religious teachers.
15 Mar 2019: At least 40 people are killed in an attack at mosques in the New Zealand city of Christchurch.
While our immediate concern is the coming few days, the long-view extremists take is important to understand, as is the planning cycle. The New Zealand attacker was at least partially inspired by a trip to France two years ago. CNN reports on the FBI’s observed uptick in US domestic terror arrests – “with nearly 25 arrests in the first quarter of fiscal year 2019, it’s one of the ‘highest arrest tempo quarters in the last few years’ related to domestic terrorism. The domestic terror arrests include but are not limited to far right/white nationalists…” Our sad reality is the threat to FBOs is real, and enduring. Members need to take action for today, and properly plan and prepare for tomorrow.
Among other activities, in the weeks ahead, FB-ISAO will be:
Continuing development and distribution of TLP GREEN and AMBER products to members via non-public postings and communications. An additional partner report will be shared later today with members currently participating in FB-ISAO Slack.
Establishing the member secure portal (near completion now).
Adding members to working groups and topical channels in FB-ISAO Slack (for Professional level members).
Beginning our free, regular offering of Hostile Events Preparedness Series education via webinar, to help educate FBOs on the threat environment, and start the process of preparedness.
Commencing distribution of our series of reports on the Hostile Events Attack Cycle (HEAC) to help members increase their understanding of the process would-be attackers typically follow whilst planning an attack.
In the meanwhile, FBOs are encouraged to review basic response procedures such as responding to a bomb threat and safely evacuating a facility, and other appropriate basic preparedness.
Please review the FB-ISAO Resources page for more and contact our team if additional resources are needed.
As observed this morning, “For a long time (New Zealand) has assumed that this extremism is not here, but it is.” Many times we take on the “it won’t happen here” mentality. That is not a responsible mentality. We do need to take a measured assessment of risks, and do not want to be alarmist or reactionary, but we also need to be reasonably responsible and care for those we invite and employ at our FBOs. If you have questions or other needs for assistance, please feel free to contact our team. We hope you’ll also review our membership page and consider joining FB-ISAO as we complete our transition to our new membership model.
“The core mission of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is to collaborate with public and private sector stakeholders to develop and disseminate resources that support risk mitigation. In partnership with entities such as the Faith-Based Information Sharing and Analysis Organization (ISAO), we provide resources that assist in securing physical and cyber infrastructure. I commend all of you for being members of the Faith-Based ISAO as it demonstrates the importance you place on partnership, information sharing, and risk-mitigation; all of which support achieving the pinnacle of security practices.”
The above is an excerpt from a letter written by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Assistant Director of Infrastructure Security, Mr. Brian Harrell.
Please read the entirety of Director Harrell’s letter below. In addition to the letter, CISA wanted to make sure FB-ISAO members are familiar with a valuable new resource, the Securing Soft Targets and Crowded Places Resource Guide. “Soft Targets and Crowded Places (ST-CPs)… are locations that are easily accessible to large numbers of people and that have limited security or protective measures in place making them vulnerable to attack. DHS has been working for many years to address ST-CP security and preparedness, with recent shifts in the threat landscape calling for renewed departmental focus on leveraging and maximizing its ST-CP security authorities, capabilities, and resources in an integrated and coordinated manner.” Access those resources below, and see the Resources tab on this website for more.
“please know that the U.S. Department of Homeland Security is dedicated to maintaining a strong partnership with the faith-based community and that we value your partnership.” – Assistant Director Harrell
Through relationships with leaders and organizations, such as Assistant Director Harrell and CISA, with the Federal Bureau of Investigation, state and local fusion centers, and other public sector partners, we will continue to grow our private-public collaboration, and the continued awareness, preparedness, security, and resilience of the American community of faith. Please read the entirety of Assistant Director Harrell’s letter, above, and thank you for your commitment to building a stronger, more prepared nation.
