by Chuck Brooks and Paul Goldenberg
Over the past year, cyber threats and attacks have emerged as a prime concern, particularly with regard to homeland and transnational security. Governments and corporations have been subjected to many high-profile breaches. Just this week nearly half the nation’s adult population may have had their personal and financial information compromised. America’s C-Suite is just now beginning to comprehend the impact on the enterprise and more so on personal careers and boardrooms.
Industry and government are not the only targets of these malicious cyber-attacks. Houses of worship and non-profit organizations large and small have also been the target of cyber-attacks. Such attacks are nefarious in nature and aimed at defacing websites, disrupting networks, stealing information and damaging systems and infrastructure.
In today’s world, most faith-based and non-profit organizations maintain their most valuable assets in digital form. Houses of worship, community centers, camps, and NGO organizations have a critical role in social service delivery including schools, mental health, elder care, and crisis management response and as such have more sensitive information invested in their technology than ever before. Examples could include information on employees, clergy, congregants, recipients of social services, personal data, home addresses, monetary transfers, donor information, and private materials about a faith-based organization’s plans, etc.
The dangers of the situation are further augmented when one factors in today’s increased interconnectivity, reliance on digital networks and web-based technology, and the broadened use of smartphones. This massive dependence on technology provides a perfect platform for groups and individuals who seek to cause severe damage to an organization’s infrastructure and operations. What is more, an institution’s private information is threatened with every download, every click on an internet link, and every opened email.
Mal-intentioned individuals or groups no longer require physical access to a house of worship or NGO to cause its community members harm or to gather information to plan future terror or criminal attacks. Rather, a criminal, a hacker or a terrorist-related group from the other side of the globe can, with equal impunity, breach a house of worship or NGO network and silently gather its most vital information. Most troubling is that a theft or probing of this nature can go undetected for years—if not indefinitely. Where information once filled floors of locked filing cabinets under the careful watch of staff and volunteers, hackers and computer criminals now have the capacity to make digital copies of the original that fits easily onto concealed portable hard drives.
Jewish, Christian, Muslim, Hindu, Mormon and other faith-based websites are continually being attacked by politically motivated hackers. At one FBO camp tucked away in the pristine mountains of New York State, an eager camper entered the camp website to explore the day’s activities and instead was bombarded with horrific photos of ISIS beheadings. According to the cyber experts, this one event was only part of a larger trend of hackings targeting the websites of groups for political and or ideological justification. The incident provides just a small glimpse into the damage that can result from breaches to an institution’s cyber-security. Of highest concern is when personal information such as the home addresses, names, schools attended by the children of faith-based leaders and staff, become open source posts on hate-filled or extremist websites and blogs.
“Cyber threats to houses of worship, faith-based and NGO organizations pose significant security risks to their operations and include everything from surveillance and intelligence collection on leaders and members to accessing systems that can disrupt operations or be exploited for conducting a physical attack. The security operation needs to include complete security planning and implementation to counter both physical and cyber threats…” says Mark Genatempo, who headed cybersecurity services for the Jewish community’s homeland security initiative.
Cyber threats have evolved and impact communities in dissimilar ways. This past holiday season, the city of Whitefish, Montana, a pristine community blanketed in snow and bedecked in holiday lights found itself in an unlikely and unwanted position — the target of harassment and intimidation by a throng of white supremacists. The rapid succession of events unfolded almost entirely online, beginning with a campaign of harassment against members of the local Jewish community who live and own businesses there, and culminating in a neo-Nazi website’s vow to organize an armed march through the streets of Whitefish. The website — The Daily Stormer — called its actions an “old-fashioned troll storm.”
Due to the evolving nature of the risk to faith-based and NGO affiliated facilities, the answer to who is responsible for addressing cyber-security concerns is somewhat vague. An administrator’s or a director’s fiduciary duties without a doubt extend to the protection of significant digital assets. What, then, are a director’s or an administrator’s specific responsibilities when it comes to cybersecurity? Can an administration simply rely upon its IT department or person to address cyber-security needs, or do faith-based and NGO leaders have an obligation to educate themselves on the nature of their respective agency’s cyber technology? Will cyber-security be a topic of discussion only after an organization experiences a major security breach?
Jane H. Lute, former Deputy Secretary of Homeland Security and nationally-regarded cybersecurity expert, advises: “In cybersecurity, we are now experiencing what one noted expert has termed “the fog of more.” A welter of advisories, technology, tools, and checklists is being offered up in the service of protecting our networks. This includes better cyber, firewalls, anti-virus software, and encryption technologies. But part of the reason more enterprises are not better postured on cybersecurity is that it is not always clear what should be done first, or as a matter of priority, among the various means and ways that are suggested.”
According to Trump Administration Homeland Security Advisor Thomas P. Bossert. “We cannot achieve the security we need without partnerships. Partnerships with industry, partnerships with the owners and operators of infrastructure, and partnerships with like-minded countries.”
Cyber-security has become the new homeland security of the decade. It is imperative that we apply the same level of awareness and action as we have to the physical security of our facilities to ensure our security against this ever-evolving threat. Public-Private partnerships, sharing intelligence, and implementing policies and technologies are all part of the new risk management equation of prevention and recovery.
The threat of cyber-attack is more real than ever. Like the years leading up to 9/11, the clarion call has been sounded, and warnings have been made. Are we listening? Recognizing the importance of cybersecurity, National leaders designated October as National Cyber Security Awareness Month (NCSAM). NCSAM is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident. October 2017 marks the fourteenth annual National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
Preventative strategies in preventing cyber-attacks can be found HERE
[message type=”custom” width=”100%” start_color=”#F0F0F0 ” end_color=”#F0F0F0 ” border=”#BBBBBB” color=”#333333″]
Mr. Paul Goldenberg is the President and CEO of Cardinal Point Strategies. He currently works with Rutgers University as special advisor for transnational security issues. He is a member of the 
United States Department of Homeland Security’s Advisory Council (HSAC) where he served as Vice Chair of the Departments Faith-Based Security Advisory Security Committee and Foreign Fighter Task Force. He provides counsel to government, faith-based and NGO organizations in cybersecurity policy, capacity building, transnational security, counter-terrorism and information sharing. His public career includes more than two decades as a former senior official of the New Jersey State Attorney General’s Office, Director of the nation’s 6th largest county social service and juvenile justice system, and as a law enforcement official who headed investigation efforts for significant cases of domestic terrorism, political corruption, and organized crime. Mr. Goldenberg was instrumental in the design and development of the Secure Community Network (SCN), the first-ever faith-based homeland security information sharing initiative. [/message]
[message type=”custom” width=”100%” start_color=”#F0F0F0 ” end_color=”#F0F0F0 ” border=”#BBBBBB” color=”#333333″]
