Page 18 – Community Security Initiative

December 12, 2016December 12, 2016

Attacks on Jews in the U.S. 1969-2016

December 12, 2016

From: Terrorist Incidents and Attacks Against Jews and Israelis in the United States, 1969-2016, Community Security Service.

Take a look at the important new CSS publication, Terrorist Incidents and Attacks Against Jews and Israelis in the United States, 1969-2016, by our talented, good friend, Yehudit Barsky, with a forward by another friend, Mitchell D. Silber. The publication supplements the JCRC’s own Selective Threat Scan which was designed to assist Nonprofit Security Grant Program applicants complete the “Threat” and “Consequences” sections of the Investment Justification.

Here’s the Executive Summary of the document which aligns with JCRC’s ongoing advice:

It is vital that the American Jewish community, together with our law enforcement partners, learn the lessons of the past, understand the nature of the challenges arrayed against it, and take the proper precautions to ensure that violent acts against Jews and Jewish institutions can be prevented in the future.

Jewish targets often serve as precursors to larger attacks: Perpetrators of well-known larger attacks, such as the 1993 World Trade Center bombing, were first involved in anti-Jewish incidents.

Awareness is critical: In many of these incidents, perpetrators conducted pre-operational surveillance. Training and engagement of community members to detect suspicious activity is thus essential.

A need to invest in community security infrastructure: The Jewish community can ill afford passivity and apathy against security threats. The community should broaden its understanding of what effective security entails, and invest in initiatives that provide tangible results. Foremost amongst these strategies is ensuring community members have the training and capacity to assist in securing their own communities, and partnering more closely with law enforcement agencies.

Unfortunately, much as we do not care to admit it to ourselves, the threats are real; there have been too many incidents to deny that. Now in the second decade of the twenty-first century, we find ourselves in an era where those who promote anti-Jewish rhetoric and instigation have the technical tools to reach a broader audience in less time than ever before. In fact, as recently as March 2016, the Islamic State in Iraq and Al-Sham (ISIS) publicly encouraged its followers to attack Jews and their allies, “wherever they find them.”

It is vital that the American Jewish community, together with our law enforcement partners, learn the lessons of the past, understand the nature of the challenges arrayed against it, and take the proper precautions to ensure that violent acts against Jews and Jewish institutions can be prevented in the future.

Click here for the full report.

December 7, 2016December 8, 2016

Armed or unarmed security, what’s best?

December 07, 2016

The answer is, it depends. The question comes up at almost every one of our security training sessions. Honestly, there are both advantages and disadvantages of either option. Guns and Security: the Risks of Arming Security Officers in the December issue of Security Management (a publication of the security industry trade association, ASIS) discusses many of the issues that must be considered.

Each organization must carefully weigh the pluses and minuses themselves, as applied to their building, their constituencies and their culture. Since this decision could possibly affect your brand, your reputation and/or your liability, it is advisable to include your board of directors in the decision. If your organization is leaning towards armed security, we suggest four “best practices”:

Hire any armed security guard on the basis of their experience, training and judgement rather than their weapon. If you hire e.g., an off-duty/retired law enforcement officer, you are hiring much more than their gun.
Deploy armed guards as one element of a multi-layer security plan. If a determined intruder is targeting a specific institution, a solo guard (armed or not) may become the first, unfortunate target without any opportunity to even his/her weapon.
Contract with an outside firm. Given the documented risks associated with armed guards (outlined in the Security Magazine article), consider contracting with an independent vendor and make sure that they are responsible for the supervision of armed guards, all aspects of the armed guard’s ongoing training and compliance with governmental training, licensing and other requirements.
Discuss your decision with your insurer. Whether the armed guard is, or is not, your employee you may have some liability and/or named in any lawsuit. Make sure that your insurer knows about your decision and that your are appropriately and adequately covered. (n.b., Some institutions employ an outside security consultant to manage their employees. A discussion between the security consultant and the insurer may assuage the concerns raised by the insurer).

NYPD does have a Paid Detail Unit which provides officers to perform off-duty, uniformed security work within New York City for approximately $45/hour. Click here for more information and contact details. Of course, the above recommendations still apply.

Quick tips: What should your guard(s) be doing?
Guards should not be merely uniformed potted plants adorning your lobby. Rather, they should be an important and active component of your overall security plan. If you have a single guard, his/her logical priority is access control (see our suggestions on how to develop an access control policy here). At the same time, don’t lose sight of other important functions, including: Vigilance. While they are on duty they can observe what is going on outside your building and monitor CCTV, possibly leading to the early detection of hostile surveillance or imminent hostile acts. See our suggestions for detecting hostile surveillance here. Walk-arounds. Remember the Chelsea bombs? They were hidden in a trash container and a suitcase. If someone planted a device in your garbage can would anyone find it? One best practice is to have your guard tour your facility, inside and out, looking for something that “Just doesn’t look right”. Notifications.Your guard should be given defined protocol and procedures if something “Just doesn’t look right” : who to notify (e.g., senior staff, general alarm), how to act and what else to do. Crisis management. A well trained guard should be able to follow the protocols and procedures defined by you. They should be able to support responses such as bomb threats, evacuations and/or sheltering-in-place. The security management industry calls instructions for guards, “post orders” which clearly outline the duties, responsibilities, and expectations of security guards. For example, your post orders should clearly set forth your access control policies and define the areas of your property that should be included in a walk-around and their time and frequency (e.g., upon arrival and upon returning from lunch).

Quick tips: What should your guard(s) be doing?

Guards should not be merely uniformed potted plants adorning your lobby. Rather, they should be an important and active component of your overall security plan.

If you have a single guard, his/her logical priority is access control (see our suggestions on how to develop an access control policy here). At the same time, don’t lose sight of other important functions, including:

Vigilance. While they are on duty they can observe what is going on outside your building and monitor CCTV, possibly leading to the early detection of hostile surveillance or imminent hostile acts. See our suggestions for detecting hostile surveillance here.
Walk-arounds. Remember the Chelsea bombs? They were hidden in a trash container and a suitcase. If someone planted a device in your garbage can would anyone find it? One best practice is to have your guard tour your facility, inside and out, looking for something that “Just doesn’t look right”.
Notifications.Your guard should be given defined protocol and procedures if something “Just doesn’t look right” : who to notify (e.g., senior staff, general alarm), how to act and what else to do.
Crisis management. A well trained guard should be able to follow the protocols and procedures defined by you. They should be able to support responses such as bomb threats, evacuations and/or sheltering-in-place.

The security management industry calls instructions for guards, “post orders” which clearly outline the duties, responsibilities, and expectations of security guards. For example, your post orders should clearly set forth your access control policies and define the areas of your property that should be included in a walk-around and their time and frequency (e.g., upon arrival and upon returning from lunch).

December 1, 2016

Phishing: Will you be a victim?

December 01, 2016

Phishing attacks — usually giving you a plausible reason to “change” your password — have increased. Once they have your account information many criminal avenues open up. Here’s some background and good advice from Stratfor.

November 6, 2016November 8, 2016

Heightened threats. Do you know what to do?

November 06, 2016

We assume that you saw the recent media report that the U.S. intelligence community has alerted law enforcement to potential al-Qa’ida attacks in the U.S. planned for Monday, November 7, the day before Election Day. This threat is reportedly still being assessed and its credibility has not yet been validated. However, the counterterrorism and homeland security communities remain vigilant and well-postured to defend against attacks here in the United States.

According to a statement from the FBI, the Bureau shares and assesses intelligence on a daily basis and will continue to work closely with law enforcement and intelligence community partners to identify and disrupt any potential threat to public safety. The NYPD Counterterrorism Bureau continues to work closely with federal, state, local, and private sector partners to maintain situational awareness of the current threat environment.

For more information on the current situation scroll down below the “What should we do?” section.

What should we do?

In police speak, we should “remain vigilant” and “maintain situational awareness of the current threat environment.” How does that translate to your site? What should you be doing? You should “step up” your security profile and maintain heightened vigilance through the election and the days thereafter.

Pre-determine how you will step up your game. Don’t wait for an emergency. Consider the steps you should take when the experts advise you to go to “high alert”, e.g., add guards, close doors, more-thorough bag checks.
Increase visible security measures. Someone planning an attack should look at your facility, conclude that it is defended and decide to go elsewhere. While the presence of armed security and law enforcement personnel and the placement of security checkpoints do not guarantee that an attack will be averted or interrupted, their presence can enable the timely discovery and quick resolution of potential threats and reduce the lethality of terrorist attacks.
Test your systems. OK, you’ve identified systems to screen your mail, respond to bomb threats and suspicious objects and you have an active shooters plan. The key question is: “Will they work in reality?” Do your panic buttons function? Test them (after you first alert the alarm company). Have you had tabletop exercises and drills covering multiple hazards? How can you make sure that your entire staff and constituencies are on their collective toes?
Check in with your local police. Reach out to your local police and make sure that they know about the times of services, events, school arrivals and dismissals. Offer them the opportunity to get to know your programs, your rhythms, your people and your building. Ask them for suggestions as to how to make your people safer.
If you see something, say something. Think how to build a culture of security, because security is everybody’s business. If any of your staff, students, volunteers, congregants or clients sees or hears something suspicious they should feel comfortable to report it to the appropriate person in your facility and the information should be passed on to the police. Make sure all of the key staff have the right contact info in your jurisdiction. (In NYC, 1-888-NYC-SAFE/in NYS, 1-866-SAFE-NYS).

The information below is adapted from NYPD Shield’s analysis from the NYPD Counterterrorism, Bureau Terrorism Threat Analysis Group.

Foreign violent extremists

Recent propaganda produced by al-Qa’ida’s Yemen-based affiliate, al-Qa’ida in the Arabian Peninsula (AQAP), have made reference to the upcoming U.S. presidential election; however, the group, which has previously launched multiple plots against the U.S. homeland, has not voiced any specific threats in these publications.

When commenting on the prospect of either a Hillary Clinton or Donald Trump presidency, a March 2016 issue of the group’s Arabic-language al-Masra newsletter argued that a Clinton victory would mean “an extension of the policy of Obama and the Democrats in the region,” while Trump being elected would mean “a drastic change in American policy towards Muslims, since the hostility that Trump bears and the Islamophobia from which he suffers will have a huge impact in the conflict in the Middle East region and the Muslim countries in general.”

Meanwhile, in May 2016, an issue of the group’s English-language Inspire magazine included a reference to the presidential election by the magazine’s editor-in-chief, who argued that the outcome was irrelevant since it will not impact “inhuman American policies in Islamic lands.” Historically, there have been other indications that al-Qa’ida and its sympathizers have viewed elections as significant events.

For example, the 2004 Madrid bombings were carried out by an al-Qa’ida-inspired cell three days before Spain’s general elections. The coordinated blasts, which targeted Madrid’s commuter railway system, killed 192 people and wounded an estimated 2,000 others.

Meanwhile, declassified documents recovered by U.S. forces in the May 2011 raid on Usama Bin Laden’s compound in Abbottabad, Pakistan, revealed that the topic of U.S. elections was discussed among al-Qa’ida’s leadership in the context of the group planning its propaganda releases.

Domestic violent extremists

The 2016 presidential campaign has included unprecedented divisive political rhetoric, sparking occasional violence from supporters of both the Democratic and Republican candidates. Throughout the campaign, a wide range of organizations—from non-profits to media outlets—as well as the candidates and delegates have received harassing messages, including threats of violence. Election Day 2016 comes at a time of heightened tension throughout the country, including perceived public unrest over law enforcement activity and mistrust of government institutions. Exacerbating this tense political climate are the recent assertions that the 2016 election may be “rigged,” potentially undermining the legitimacy of the presidential election process. Several domestic armed militias and extremist groups, including the Ku Klux Klan (KKK) and prominent anti-government forces such as the Oath Keepers, have used the accusation of election fraud to announce their intention to overtly, or covertly, monitor voting sites, stoking concerns that organizations may intimidate or coerce voters at the polls.

The election is also taking place at a time of elevated concern over attacks in the west perpetrated by terrorist organizations and their sympathizers such as the Islamic State of Iraq and the Levant (ISIL) and al-Qa’ida, both of which have experienced recent territorial defeats and leadership losses. Of note, an April 2016 issue of Dabiq, ISIL’s English-language magazine, specifically named Huma Abedin, Clinton’s vice chairwoman for her campaign, as a target for assassination. The continual threat of homegrown violent extremism remains a key concern as evidenced by the recent bombings in Seaside Park, NJ, Manhattan’s Chelsea neighborhood, and the attempted bombing in Elizabeth, NJ. Though the suspect in these incidents was apprehended and there is no indication that he was part of a broader conspiracy, the September 17 blasts serve as a reminder that New York City remains a top target for extremists.

Sources

“Sources: U.S. intel warning of possible al Qaeda attacks in U.S. Monday,” CBS News, November 4, 2016.
Tharoor, Ishaan, “Al-Qaeda’s analysis of the U.S. election is actually pretty accurate,” Washington Post, March 30, 2016.
“Letters from Abbottabad: Bin Ladin Sidelined?,” Combatting Terrorism Center (CTC) at West Point, May 3, 2012.
“Editor’s Letter,” Inspire Magazine, No. 15, al-Malahem Media, May 2016.

October 13, 2016November 1, 2016

Start with Security: A Cybersecurity Guide for Business (even nonprofits)

October 13, 2016

Lessons from Federal Trade Commission cases

Go to the FTC Start with Security website here or click here to download a PDF copy of their full recommendations.

When managing your network, developing an app, or even organizing paper files, sound security is no accident. Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved. Threats to data may transform over time, but the fundamentals of sound security remain constant. As the Federal Trade Commission outlined in Protecting Personal Information: A Guide for Business, you should know what personal information you have in your files and on your computers, and keep only what you need for your business. You should protect the information that you keep, and properly dispose of what you no longer need. And, of course, you should create a plan to respond to security incidents.

There’s another source of information about keeping sensitive data secure: the lessons learned from the more than 50 law enforcement actions the FTC has announced so far. These are settlements – no findings have been made by a court – and the specifics of the orders apply just to those companies, of course. But learning about alleged lapses that led to law enforcement can help your company improve its practices. And most of these alleged practices involve basic, fundamental security missteps. Distilling the facts of those cases down to their essence, here are ten lessons to learn that touch on vulnerabilities that could affect your company, along with practical guidance on how to reduce the risks they pose.

October 5, 2016June 19, 2017

It’s National Cyber Security Awareness Month

October 05, 2016

Cyber Security is Everyone’s Responsibility

Data breaches resulting in the compromise of personally identifiable information of thousands of Americans. Intrusions into financial, corporate, and government networks. Complex financial schemes committed by sophisticated cyber criminals against businesses and the public in general.

These are just a few examples of crimes perpetrated online over the past year or so, and part of the reason why Director James Comey, testifying before Congress last week, said that “the pervasiveness of the cyber threat is such that the FBI and other intelligence, military, homeland security, and law enforcement agencies across the government view cyber security and cyber attacks as a top priority.” The FBI, according to Comey, targets the most dangerous malicious cyber activity—high-level intrusions by state-sponsored hackers and global cyber syndicates, and the most prolific botnets. And in doing so, we work collaboratively with our domestic and international partners and the private sector.

But it’s important for individuals, businesses, and others to be involved in their own cyber security. And National Cyber Security Awareness Month—a Department of Homeland Security-administered campaign held every October—is perhaps the most appropriate time to reflect on the universe of cyber threats and on doing your part to secure your own devices, networks, and data.

What are some of the more prolific cyber threats we’re currently facing?

Ransomware is type of malware that infects computers and restricts users’ access to their files or threatens the permanent destruction of their information unless a ransom is paid. In addition to individual users, ransomware has infected entities such as schools, hospitals, and police departments. The actors behind these sophisticated schemes advise the users that if they pay the ransom, they will receive the private key needed to decrypt the files. Most recently, these cyber criminals—demonstrating some business savvy—give victims the option of decrypting one file for free to prove that they have the ability to restore the locked files.

Business e-mail compromise, or BEC, scams continue to impact many businesses across the U.S. and abroad. BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts—often belonging to either the chief executive officer or the chief financial officer—for the purpose of conducting unauthorized wire transfers. After compromising a company’s e-mail account—usually through social engineering or malware—the criminals are then able to send wire transfer instructions using the victim’s e-mail or a spoofed e-mail account. BEC scams have been reported in all 50 states and in 100 countries and have caused estimated losses of more than $3 billion worldwide. More on BEC scams.

Intellectual property theft involves robbing individuals or companies of their ideas, inventions, and creative expressions—often stolen when computers and networks are accessed by unscrupulous competitors, hackers, and other criminals. Intellectual property can include everything from trade secrets and proprietary products and parts to movies, music, and software. And the enforcement of laws protecting intellectual property rights (IPR)—which are critical to protecting the U.S. economy, our national security, and the health and safety of the American public—is an FBI criminal priority. The Bureau’s IPR focus is the theft of trade secrets and infringements on products that can impact consumers’ health and safety, including counterfeit aircraft, automotive, and electronic parts.

“The FBI is doing everything we possibly can, at every level, to make it harder for cyber criminals to operate,” says Associate Executive Assistant Director David Johnson, “and I believe many of them are now starting to think twice before they put fingers to keyboard. But we also ask that the public do its part by taking precautions and implementing safeguards to protect their own data.”

Check back on our website during the month of October for information on protecting your data and devices and on FBI efforts to combat the most egregious cyber criminals.

Resources:

Internet Crime Complaint Center (IC3)
More on National Cyber Security Awareness Month
Department of Justice’s Best Practices for Victim Response and Reporting of Cyber Incidents
U.S. Computer Emergency Readiness Team cyber security tips
Department of Homeland Security cyber security information
Stay Safe Online website
FBI Cyber’s Most Wanted
More on FBI efforts to combat cyber crime

September 26, 2016September 11, 2019

High Holidays: Are you ready to get out if you have to?

September 26, 2016

It’s happened more than once…a fire in a synagogue during High Holiday services. Bomb threats and suspicious packages … you have a plan, but fires?

Most people tend to exit through the door they entered. In an emergency, if people don’t use all of the doors there will be bottlenecks leading to injuries or worse. With a little bit of planning and rehearsal this problem can be readily mitigated.

We all have seen the “cards in the seat pockets in front of you” on a plane. Simply figure out how to divide your sanctuary spaces so that all of the exits will be used and create a chart like the one below (add some instructions), reproduce it and stick it in the pockets in front of the pews.
No one expects you to conduct a fire drill on Yom Kippur, but you can ask your ushers and key staff to attend a rehearsal meeting in advance of services. Discuss your plans and their roles with them ahead of time.
Pre-write directions that should be kept on the bimah. In the event of an emergency you shouldn’t count on people to call an “audible” (i.e., improvise).

September 15, 2016

Ransomware victims urged to report infections

September 15, 2016

FBI

September 15, 2016/Alert Number I-091516-PSA

RANSOMWARE VICTIMS URGED TO REPORT INFECTIONS TO FEDERAL LAW ENFORCEMENT

The FBI urges victims to report ransomware incidents to federal law enforcement to help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

What Is Ransomware?

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.

Why We Need Your Help

New ransomware variants are emerging regularly. Cyber security companies reported that in the first several months of 2016, global ransomware infections were at an all-time high. Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day.

Ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.

Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.

The FBI is urging victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.

Threats to Users

All ransomware variants pose a threat to individual users and businesses. Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network. Actors engaging in this targeting strategy are also charging ransoms based on the number of host (or servers) infected. Additionally, recent victims who have been infected with these types of ransomware variants have not been provided the decryption keys for all their files after paying the ransom, and some have been extorted for even more money after payment.

This recent technique of targeting host servers and systems could translate into victims paying more to get their decryption keys, a prolonged recovery time, and the possibility that victims will not obtain full decryption of their files.

What to Report to Law Enforcement

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):

Date of Infection
Ransomware Variant (identified on the ransom page or by the encrypted file extension)
Victim Company Information (industry type, business size, etc.)
How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
Requested Ransom Amount
Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
Ransom Amount Paid (if any)
Overall Losses Associated with a Ransomware Infection (including the ransom amount)
Victim Impact Statement

The Ransom

The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain. While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers.

Defense

The FBI recommends users consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack.

Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
Disable macro scripts from files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

Additional considerations for businesses include the following:

Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
Patch all endpoint device operating systems, software, and firmware as vulnerabilities are discovered. This precaution can be made easier through a centralized patch management system.
Manage the use of privileged accounts by implementing the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; they should operate with standard user accounts at all other times.
Configure access controls with least privilege in mind. If a user only needs to read specific files, he or she should not have write access to those files, directories, or shares.
Use virtualized environments to execute operating system environments or specific programs.
Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment.
Require user interaction for end user applications communicating with Web sites uncategorized by the network proxy or firewall. Examples include requiring users to type in information or enter a password when the system communicates with an uncategorized Web site.
Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.

September 13, 2016June 12, 2017

High Holiday security: stay vigilant

September 13, 2016

Bernard Picart [Public domain], The Sounding of the Shofar on Rosh Hashanah, illustration circa 1733–1739 by Bernard Picart from “The Ceremonies and Religious Customs of the Various Nations of the Known World”

Security and emergency planning should be an integral component of every synagogue’s High Holiday preparations. Here are some tools to guide you:

High Holiday Security and Emergency Preparedness Planning Library

Synagogue-specific Security & Emergency Planning

JCRC-NY: Sample Building Access Policies & Procedures
JCRC-NY: Security & Emergency Preparedness Committees
DHS: Potential Indicators, Common Vulnerabilities, and Protective Measures: Religious Facilities
FEMA: Guide for Developing High-Quality Emergency Operations Plans for Houses of Worship
National Counter Terrorism Security Office, United Kingdom: Counter Terrorism Protective Security Advice for Places of Worship

Consider the following elements of heightened vigilance:

Increase visible security measures. Someone planning an attack may look at your facility, conclude that it is defended and decide to go elsewhere. Several recent incidents also underscore that the presence of armed security and law enforcement personnel and the placement of security checkpoints do not guarantee that an attack will be averted or interupted. Nevertheless, their presence can enable the timely discovery and quick resolution of potential threats and reduce the lethality of terrorist attacks.
Review your policies and procedures. How else can you send a signal to outsiders that your facility is a tough target? For example, does your staff do regular inspections of your facility looking for something that, “Just doesn’t look right?” If not, start now. If they do, should you increase the frequency. Review JCRC’s Sample Access Policies and Procedures to identify additional steps.
Test your systems. OK, you’ve identified systems to screen your mail, respond to bomb threats and suspicious objects and you have an active shooters plan. The key question is: “Will they work in reality?” Do your panic buttons function? Test them (after you first alert the alarm company). Have you had tabletop exercises and drills covering multiple hazards? How can you make sure that your entire staff and constituencies are on their collective toes?
Check in with your local police. For most Jewish organizations, September is the start of a new program year. Reach out to your local police. Offer them the opportunity to get to know your programs, your rhythms, your people and your building. Ask them for suggestions as to how to make your people safer.
If you see something, say something. Think how to build a culture of security, because security is everbody’s business. If any of your staff, students, volunteers, congregants or clients sees or hears something suspicious they should feel comfortable to report it to the appropriate person in your facility and the information should be passed on to the police. In NYC the number is 1-888-NYC-SAFE. Elsewhere in New York State the number is 1-866-SAFE-NYS. Every tip is investigated.

September 6, 2016

Increased vigilance as 9/11 anniversary nears

September 06, 2016

Vigilance A recent federal bulletin urged state and local law enforcement to be on high alert ahead of 9/11 anniversary. It explained that that terrorists – specifically those aligned with
ISIS – “may be inspired or directed to conduct attacks against events associated with 9/11 memorial commemorations or other mass gathering targets timed to this date.” The report notes the symbolism associated with the somber anniversary as a motivating factor for a potential terrorist attack.

While the FBI reports that it is “unaware of any specific, credible information” of a plot against the U.S. homeland (or against Jewish communal targets), Daesh (aka “ISIS”) and Al Qaeda propaganda have repeatedly tried to inspire attacks by individuals — such as the ones in Paris, Nice, Istanbul and Orlando — using firearms, edged weapons, improvised explosive devices (IEDs), and commercial vehicles. Federal analysts note that there is an “ongoing heightened threat environment.”

Heightened security measures should be in place through 9/11 and through the Jewish holiday season (Remember: the potential attacker in Aventura, FL was aware of the Jewish calender and planned to strike on a Jewish holiday in order to maximize the impact of his attack). Many of the terrorists responsible for recent incidents engaged in “pre-operational surveillance”, i.e., they checked out the site while planning their attack. Consider the following elements of heightened vigilance:

Increase visible security measures. Someone planning an attack may look at your facility, conclude that it is defended and decide to go elsewhere. Several recent incidents also underscore that the presence of armed security and law enforcement personnel and the placement of security checkpoints do not guarantee that an attack will be averted or interupted. Nevertheless, their presence can enable the timely discovery and quick resolution of potential threats and reduce the lethality of terrorist attacks.
Review your policies and procedures. How else can you send a signal to outsiders that your facility is a tough target? For example, does your staff do regular inspections of your facility looking for something that, “Just doesn’t look right?” If not, start now. If they do, should you increase the frequency. Review JCRC’s Sample Access Policies and Procedures to identify additional steps.
Test your systems. OK, you’ve identified systems to screen your mail, respond to bomb threats and suspicious objects and you have an active shooters plan. The key question is: “Will they work in reality?” Do your panic buttons function? Test them (after you first alert the alarm company). Have you had tabletop exercises and drills covering multiple hazards? How can you make sure that your entire staff and constituencies are on their collective toes?
Check in with your local police. For most Jewish organizations, September is the start of a new program year. Reach out to your local police. Offer them the opportunity to get to know your programs, your rhythms, your people and your building. Ask them for suggestions as to how to make your people safer.
If you see something, say something. Think how to build a culture of security, because security is everbody’s business. If any of your staff, students, volunteers, congregants or clients sees or hears something suspicious they should feel comfortable to report it to the appropriate person in your facility and the information should be passed on to the police. In NYC the number is 1-888-NYC-SAFE. Elsewhere in New York State the number is 1-866-SAFE-NYS. Every tip is investigated.

Previous page 1 … 16 17 18 19 20 … 47 Next page

Blog