Faith Based Community Resources
The Cybersecurity and Infrastructure Security Agency (CISA) is committed to supporting efforts to maintain safe and secure houses of worship and related facilities while sustaining an open and welcoming environment. In partnership with the Department of Homeland Security Center for Faith and Opportunity Initiatives and the Faith-Based Information Sharing and Analysis Organization, CISA provides resources that assist in securing physical and cyber infrastructure.
CISA aims to provide a first stop for guidance and resources that will inform FOB-HOW security-based decisions. Included below are numerous resources, including a Guide and Self-Assessment Tool, which provide building blocks for effective safety and security programs. The resources include assessment, training, planning, exercises, and other materials focused on a wide range of man-made threats (e.g., bombing, active shooter, vehicle ramming, etc.) that could be used against the FBO-HOW community.
Creating a Safe and Secure Environment
Building and providing a safe and secure environment for faith-based communities is no different than typical security planning, but with nuances that are respective of a congregation’s desire for openness and access, engagement with their congregants, visitors, and the rituals that may be impacted by heightened security.
No matter what the final secure environment looks like, there are several factors that must be considered when making security decisions related to planning and security enhancements. These factors influence the risk associated with your facility which in turn provide you with focus areas to begin lowering risk and as a result create a more safe and secure environment.
These factors which influence your facility’s overall security risk include Threat, Vulnerability and Consequence. CISA has provided resources below that are focused on two parts of the risk equation, which when used effectively can lower your risk and improve the security, safety, and preparedness.
Using the FBC Resource Page
This resource page is designed to guide you through a four-step process that can act as the building blocks for improving the security and safety of your organization’s congregants and facilities. By following these steps, you can easily develop a continuing security improvement cycle.
Step 1: Start the Process
Start the process by forming a team to manage your facility’s security improvements. The role of this team is to lead the coordination, planning, and implementation of security improvements to secure your faith-based facility. Basic roles for the team include:
- Identify priorities and a vision of your facility’s future security
- Identify available support and resources who can assist in the process.
- Engage with local or state law enforcement and emergency planning agencies
- Become aware of local and regional threats and concerns
- Leading your organization through the security improvement process
Resources designed to inform the security planning team
In this security guide, CISA analyzed ten years of targeted attacks on houses of worship to provide context to the enterprise-wide security recommendations. The case studies reviewed are examples of the breadth of threats a house of worship faces daily.
Today, houses of worship face a unique set of safety and security challenges that weren't there just a few years ago. This video offers a look at those challenges and demonstrates how law enforcement, houses of worship, and other partners can work together to report suspicious behavior and raise security awareness, while forging positive relationships within the community.
Numerous studies estimate there are between 300,000 and 400,000 congregations in the United States. Many people believe or think a house of worship is a safe area where violence and emergencies cannot affect them. However, violence in a house of worship is not a new phenomenon, and many facilities are developing and updating security and emergency plans and procedures to ensure the safety and security of their congregations, visitors, staff, and facilities.
CISA operates the regionally based Protective Security Advisor (PSA) Program. PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts who facilitate local field activities in coordination with other Department of Homeland Security offices. They also advise and assist state, local, and private sector officials and critical infrastructure facility owners and operators. You can email them at firstname.lastname@example.org.
The FB-ISAO is a trusted community within the inclusive, community of faith. The ISAO and its members maintain primary focus on sharing timely, actionable and relevant information with an all-hazards approach as incidents affecting the community come in the form of physical threats, cybersecurity issues, health outbreaks, and a variety of natural disasters. The FB-ISAO’s mission is to provide members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience.
The Homeland Security Information Network (HSIN) is a trusted network for homeland security mission operations to share sensitive but unclassified information. Federal, SLTT, and private sector partners can use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to perform their duties. CISA Central-developed products are available to registered stakeholders in authorized communities of interest.
HSIN uses enhanced security measures, including verifying the identity of all users the first time they register and ensuring users use two-factor authentication each time they log on. HSIN leverages the trusted identity of its users to provide simplified access to a number of law enforcement, operations, and intelligence information sharing portals.
Service benefits include:
- alerts and notifications
- basic Learning Management System
- comprehensive HSIN training
- document repository
- geographic information system mapping
- instant messaging (HSIN chat)
- managed workflow capabilities
- secure messaging (HSIN Box)
- web conferencing (HSIN Connect)
For more information, or to become a member, visit dhs.gov/homeland-security-information-network-hsin or email HSIN.Outreach@hq.dhs.gov
When considering security risk, a vulnerability is a weakness which an adversary may take advantage to inflict an attack or inhibit your operations. To assist with identifying these vulnerabilities, CISA recommends use of the following resources. While many times security and risk assessments area available from state or local governments or law enforcement agencies, however when not available CISA recommends use of the following resources to assist with identifying those security vulnerabilities.
The first step in developing a quality security (plan or program) and improving preparedness is assessing your organization or facility’s current risk. To begin that process CISA has developed a baseline security self-assessment that is designed to assist the minimally trained person through the assessment process. Successful completion and review of the recommendations can provide a path towards lowering risk and improving security.
To make the self-assessment process easier CISA has developed an interactive tool which duplicates the data collected in the paper-based version of the FBO-HOW security self-assessment. When properly completed it will provide an electronic and paper-based report that can be used to more easily inform security planning and improvement decisions. In addition to the easy to use report, based on your state guidance the report may be used to inform grant applications.
The Protective Measures Awareness course introduces how to identify and mitigate facility security gaps. This course provides foundational knowledge about risk management and the three rings of security: physical, procedural/technical, and intelligence protective measures.
Step 3: Implement security improvements
As a factor in reducing risk consequence, mitigation can be achieved through numerous processes. Two of the easiest ways to minimize the potential consequences is through security and emergency planning along with focused training of both staff and congregants. Use of the Federal Emergency Management Agency (FEMA) Guide for Developing High Quality Emergency Operations Plans for Houses of Worship along with the following resources can provide the building blocks for improving security and safety.
In order to support America’s citizens with improving their own security and safety by mitigating the potential risk associated with today’s threat environment, CISA has developed a number of resources focused on improving security and implementing protective measures associated with soft targets and crowded places.
Active shooter incidents are often unpredictable and evolve quickly. In the midst of the chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident. DHS aims to enhance preparedness through a "whole community" approach by providing products, tools, and resources to help you prepare for and respond to an active shooter incident
In collaboration with several houses of worship and community partners (i.e., governmental entities that have a responsibility in the plan, including first responders, public health officials, and mental health officials), houses of worship can take steps to plan for these potential emergencies through the creation of an emergency operations plan (EOP).
The US Department of Homeland Security through FEMA provides nonprofit security grants which are managed in partnership through each state’s Homeland Security Advisor’s office. These competitive based grants provide funding to improve facility security, preparedness, and emergency planning. FEMA Grant information website
Every day we face a variety of potential threats, both internal and external, from hostile governments, terrorist groups, disgruntled employees and malicious introducers. Alert employees can spot suspicious activity and report it. The power is in the employee, citizen, patron, or any person who can observe and report.
Used effectively, the right words can be a powerful tool. Simply saying “Hello” can prompt a casual conversation with unknown individuals and help you determine why they are there. The OHNO approach – Observe, Initiate a Hello, Navigate the Risk, and Obtain Help – helps employees observe and evaluate suspicious behaviors, and empowers them to mitigate potential risk, and obtain help when necessary.
This more focused guide promotes employee vigilance for our houses of worship stakeholders. Alert personnel can better spot suspicious activity and actively report it. Keeping houses of worship facilities secure while sustaining the open and welcoming environment necessary for peaceful congregation requires a holistic approach to security.
Bomb threats or suspicious items should always be taken seriously. How quickly and safely you react to a bomb threat could save lives, including your own. The guidance and resources available here outline in-depth procedures for either bomb threats or suspicious items and will help you prepare and react appropriately during these events.
On October 27, 2020, the Federal Bureau of Investigation (FBI), The U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA), and the InfraGard National Capital Region held a Faith-Based Security and Safety Symposium webinar to discuss best practices and risk mitigation strategies for protecting houses of worship amid the COVID-19 pandemic.
The faith-based community can be a target of cyber crime or incidents that deny access to information, render information unusable, or even disclose the personal information of congregants in the public domain. CISA has created the STOP.THINK.CONNECT.™ national campaign and resources for small businesses, aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.
Step 4: Test your security improvements
The final step in your initial security improvement cycle is testing and exercising what you have put in place. This could include some or all of the areas which you have improved or implemented new policies, physical barriers, or planning efforts which are designed to make your facility more secure and safe. The lessons learned within your exercises should be used by the security planning team to inform the next reassessment and future planning as security is a continuing cycle and ongoing improvement and plan maintenance are a must ensure continued security and safety. The information within the webinar can provide another level of understanding and direction as you implement your security changes.
While exercises can be contracted through numerous private sector companies, most local, county, or state homeland security offices offer no cost exercises or resources which will allow you to participate in on-going programs or develop your own exercise. An additional resource is your local CISA Protective Security Advisor who can guide you through available resources and how to best use them and the results you identify.
The CTEP program is designed to assist critical infrastructure owners and operators in developing their own tabletop exercises to meet the specific needs of their facilities and stakeholders. CTEP allows users to leverage pre-built exercise templates and vetted scenarios to build tabletop exercises to assess, develop, and update information sharing processes, emergency plans, programs, policies, and procedures.
Across the United States, Americans congregate in faith-based venues to worship, learn, play, and bond as a community. In coordination with interagency partners, the DHS Center for Faith & Opportunity Initiatives and FEMA established a website for faith-based organizations that serves as a “one-stop shop” for information on available Federal tools, resources, and assistance.