Syria: potential repercussions

September 01, 2013

The escalating drumbeat for military action naturally leads to questions about possible terrorism here in New York. Note: as of today there are no specific, credible threats against New York or the Jewish community. Nevertheless, all Jewish organizations should review their security and emergency preparedness plans to ensure that they are up-to-date and that they can be readily implemented. Some specifics:

High Holidays

If you are an organizations hosting High Holiday services and/or programs you should:

  1. Notify your local police about all planned services and programs. Discuss the number of people expected at each service and ask them for any suggestions that could improve your security and emergency preparedness plans.
  2. Review your security and emergency preparedness measures, especially access control, evacuation and lockdowns. Meet with your staff and volunteers and make sure that everyone is on the same page and knows what to do. Check the “High Holidays” category for more suggestions..

Potential for Cyberattacks

Last week the Syrian Electronic Army compromised the New York Times website and others. Western financial institutions are also targetted by others. We all should review our own cybersecurity because, in the past, anti-Israel hackers have attacked Jewish-related sites. See JCRC’s Cybersecurity Resources.

This week the FBI distributed the following:

  • The Syrian Electronic Army (SEA), a pro-regime hacker group that emerged during Syrian antigovernment protests in 2011, has been compromising high-profile media outlets in an effort to spread proregime propaganda. The SEA’s primary capabilities include spearphishing, Web defacements, and hijacking social media accounts to spread propaganda. Over the past several months, the SEA has been highly effective in compromising multiple high-profile media outlets.
  • The SEA has recently compromised high profile media Web sites through a new tactic of hacking third party networks – including a Domain Name System (DNS) registrar and a content recommendation website.
  • In April 2013, the SEA compromised the Twitter feed of the Associated Press, posting a false story that President Obama was injured, causing in a brief drop in the stock market.
  • In addition to Syrian hackers, groups or individuals sympathetic to the SEA may also be observed participating in CNO efforts against US Web sites and networks.
  • Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security. If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force or the FBI CyWatch (855) 292-3937 immediately.

Defending Against Hacktivism

In general, hacktivism cyber attacks may result in denial of service, Web site defacements, and the compromise of sensitive information which may lead to harassment and identify theft. Although the specific OpUSA claims referenced above speak specifically to DDoS attacks, precautionary measures to mitigate a range of potential hacktivism threats include:

  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks. 
  • Have a DDoS mitigation strategy ready ahead of time and keep logs of any potential attacks.
  • Scrutinize links contained in e-mail attachments.
  • Regularly mirror and maintain an image of critical system files.
  • Encrypt and secure sensitive information.
  • Use strong passwords, implement a schedule for changing passwords frequently and do not reuse passwords for multiple accounts.
  • Enable network monitoring and logging where feasible.
  • Be aware of social engineering tactics aimed at obtaining sensitive information.
  • Securely eliminate sensitive files and data from hard drives when no longer needed or required.
  • Establish a relationship with local law enforcement and participate in IT information sharing groups for early warnings of threats.

Nonprofit Security Grant Program 2013 statistics

August 29, 2013

The US Department of Homeland Security announced the winners of the 2013 NSGP and New York did better than ever.

This year, New York State awardees will have to do additional paperwork and we realize that  the requirements may be inappropriate for some of the grantees. JCRC reached out to Gov. Cuomo’s office to request alternatives. Stay tuned. Meanwhile, if you have any questions about prequalification, please go to the Grants Reform website at http://www.grantsreform.ny.gov/ or contact Valerie Bloomer at (518) 242-5099 or via email at vbloomer@dhses.ny.gov.

Thanks to NY DHSES Commissioner Jerome M. Hauer, Shelley Wahrlich and Valerie Bloomer for making this critical program work in New York.
Thanks to NY DHSES Commissioner Jerome M. Hauer, Shelley Wahrlich and Valerie Bloomer for making this critical program work so well in New York.

Updated: Bomb Threat Guidance 2013

June 25, 2013

OBP_DHS DOJ Bomb Threat Guidance Image

Did you hear the one about a forgetful British bridegroom who made a hoax bomb threat rather than admit he’d neglected to book the venue for his wedding? He was sentenced to a year in jail.

What should you do if your organization receives a threat? The FBI and DHS released a new “pocket” bomb threat guidance document available here. It provides a two-page overview to help  you deal with bomb threats: planning and preparation, your “emergency toolkit”, what you should do if you receive a threat, how to assess the threat and the possible responses.

Now is a good time to review, or to think through your own plans. Our own Emergency Planning: Disaster and Crisis Response Systems for Jewish Organizations has a longer chapter discussing the issue. Learn how to handle a phone threat with this checklist.

Finally, read an New York Times account of an October 15, 2012 bomb threat (with an actual pipe bomb) to the Home Depot store in Huntington, NY. The store’s bomb threat plan was put to good use.

NY Application Package Released | More JCRC assistance

May 29, 2013

The NY application package is posted here.
(Thank you Val)

All NY applicants must submit their materials via E-Grants by 11:59 PM on June 10, 2013.

  1. Check this blog and www.jcrcny.org/securitygrants often. We update existing and create additional materials. Find valuable additional assistance and suggestions at JFNA’s homeland security web page (registration required)
  2. Webinar. Click here to view a recording of the JCRC Webinar on the Nonprofit Security Grant Program application process here and the slides here.
  3. Nonprofit Security Grant Checklist 2013. The checklist is a step-by-step guide to help you complete the application package. Download it here.
  4. NY required attachments. This year applicants are required to submit a number of additional forms. Find out more here.
  5. Mission statement. Applicants will be required to upload their organizational mission statements along with theirInvestment Justification. We haven’t checked this, but it is likely that organizations that have not attached their mission statements will not be considered for a grant. Fear not. We posted What is a mission statement? to guide organizations without a mission statement.

Nonprofit Security Grant: Webinar and more info

May 23, 2013

2013 Nonprofit Security Grant Program Webinar

Tuesday, May 28, 2013
2:00 PM

Learn about the grant requirements and the NY E-Grants system.

Click here to RSVP. You will be sent a confirmation with the connection links. The system requires a high speed computer connection and speakers or headphones.

Our friends at NY DHSES are hard at work getting out the formal application package. However, you can get started immediately (remember: the grant is due on June 10, 2013). Since the guidance was released:

  1. Changes from last year. The grant application is essentially the same as last year. We have updated the JCRC Security Grants webpage at: www.jcrcny.org/securitygrants.
  2. Nonprofit Security Grant Checklist 2013. The checklist is a step-by-step guide to help you complete the application package. Download it here.
  3. Investment Justification template. Many people (including yours truly) were frustrated that DHS only posted a PDF copy of the template. A working template is now available on the JCRC Security Grants webpage. Click here to download a copy. (Thank you Val!)
  4. Mission statement. Applicants will be required to upload their organizational mission statements along with their Investment Justification. We haven’t checked this, but it is likely that organizations that have not attached their mission statements will not be considered for a grant. Fear not. We posted What is a mission statement? to guide organizations without a mission statement.
  5. E-Grants system. New York  applicants must submit their grants through the E-Grants system. If you have a E-Grants account and remember your information you need not do anything else. If you need to be reminded of your account name and/or password, send a note to grants@dhses.ny.gov.  New applicants must fill out an E-Grants Registration available in two formats: doc pdf.

The NY DHSES package should be available on or before Tuesday, May 28th, but you have plenty to do before then.

Updated: Nonprofit Grants Announcement

May 21, 2013

FY 2013 Urban Areas Security Initiative (UASI) Nonprofit Security Grant Program (NSGP)

Key Dates and Time 

This is why we suggested that you start your work. The application window will be very short. Download the preliminary PDF version by clicking FY 2013 NSGP Investment Justification Template and get going now! N.B. It’s a PDF document, you will have to copy your answers into the official Excel spreadsheet which will be available on the NY DHSES website when they post the application package no later than Tuesday, 05/28/2013.

  • Application Start Date: In New York the NY DHSES needs to obtain certain clearances as required by the NY State contracting process before posting the application packet. It will be available no later than 05/28/2013. Click here to look at the NY DHSES website to see if the application package is posted.)
  • Application Submission Deadline Date: In New York,  the deadline will be June 10th.
  • E-Grants registration. New York  applicants must submit their grants through the E-Grants system. If you have a E-Grants account and remember your information you need not do anything else. If you need to be reminded of your account name and/or password, send a note to grants@dhses.ny.gov.  New applicants must fill out an E-Grants Registration  available in two formats: doc pdf
  • Mission statement. We are in the process of reviewing the guidance. Thus far, we’ve noticed one change: a requirement that applicants submit their “mission statements.” If your organization does not have a mission statement we will post some samples by next week at www.jcrcny.org/securitygrants.
  • Eligibility. You must be a 501(c)(3) organization located in an eligible area. New York City, Nassau, Suffolk and Westchester are eligible. No other counties in New York are eligible. For other states click here.
  • Anticipated Funding Selection Date: 08/02/2013
  • Anticipated Award Date: 09/30/2013

Total Funding Available in FY 2013: $10,000,000

Purpose: The FY 2013 NSGP provides support for target hardening and other physical security enhancements and activities to nonprofit organizations that are at high risk of terrorist attack and located within one of the specific UASI-eligible Urban Areas.  While this funding is provided specifically to high-risk nonprofit organizations under The Department of Homeland Security Appropriations Act, 2013 (Public Law 113-6), the program seeks to integrate nonprofit preparedness activities with broader State and local preparedness efforts.  It is also designed to promote coordination and collaboration in emergency preparedness activities among public and private community representatives, as well as State and local government agencies.

The FY 2013 NSGP plays an important role in the implementation of the National Preparedness System (NPS) as detailed in Presidential Policy Directive 8 (PPD-8) by supporting the development and sustainment of core capabilities.  Core capabilities are essential for the execution of each of the five mission areas outlined in the National Preparedness Goal (NPG).  The development and sustainment of these core capabilities are not exclusive to any single level of government or organization, but rather require the combined effort of the whole community.  The FY 2013 NSGP supports all core capabilities in the Prevention, Protection, Mitigation, Response, and Recovery mission areas based on allowable costs.

Eligible Applicants: The State Administrative Agency (SAA) is the only entity eligible to apply to FEMA for NSGP funds on behalf of eligible nonprofit organizations (as described under section 501(c)(3) of the Internal Revenue Code of 1986).  Eligible nonprofit organizations determined to be at high risk of a terrorist attack due to their ideology, beliefs or mission and located within one of the designated FY 2013 UASI-eligible Urban Areas must apply for funding through their SAA.

Program Awards: FY 2013 NSGP funds will be allocated based on risk analysis, effectiveness, and integration with broader state and local preparedness efforts.  Each nonprofit organization may apply through their SAA for up to a $75,000 grant award.

Additional Information

  • FY 2013 NSGP Funding Opportunity Announcement
  • FY 2013 NSGP Fact Sheet
  • FY 2013 NSGP Investment Justification Template
  • FY 2013 NSGP Scoring Worksheet (to be completed by the SAA only)
Last Updated:
05/21/2013 – 10:48

Patience: There will be a 2013 Nonprofit Security Grant Program

May 03, 2013

Timing: Yes, everyone is frustrated and we still don’t know when US DHS will release the guidance document for the Nonprofit Security Grant Program. Best guess: third of fourth week of May. New York DHSES will release its application documents soon thereafter. As soon as the guidance is released we will schedule a training session.

What you can do now: If you are thinking of applying for a grant we strongly suggest that you have all of the materials for your Investment Justification (your vulnerability assessment and the answers to the questions on the 2012 Investment Justification) ready to submit when the New York Division of Homeland Security and Emergency Services releases the official Request for Applications. We will alert you regarding any changes in the 2013 Investment Justification and you will be able to easily cut and past your answers into the 2013 spreadsheet.

Any changes in the status of the grants will be posted in the JCRC-NY Security and Emergency Planning Blog. Click here to subscribe to the JCRC-NY Security and Emergency Preparedness Alert list in order to receive ongoing alerts and updates, including information on grants.

Hope for a security grant program in 2013

March 14, 2013

After conferring with the staffs of key members of both chambers on both sides of the aisle, we are cautiously optimistic that there will another round of grants this year. The efforts to renew the grant program are led by the Washington office of the JCPA. William Daroff, Rob Goldberg, Ron Soloway of UJA-Federation of NY and David Pollock of JCRC-NY attended a whirlwind round of meetings in Washington, DC.

Our group learned that Senate Appropriations Chair, Sen. Barbara Mikulski, hammered out a Continuing Resolution, together with her ranking Republican, Sen. Richard Shelby, that included $10 million dollars for the Nonprofit Security Grant Program. As written, the funding will be subject to sequestration (about a 5.1% reduction), but that DHS/FEMA could not redirect the funding elsewhere. At this time, we understand that the Senate Continuing Resolution was carefully preconferenced (negotiated) with the House and arguably should be adopted with few changes. However, trouble always seems to find the House and Senate and procedural hurdles and the amendment process could get in the way.

If there is a 2013 program the application period might be very short, e.g., 2 weeks. If you are thinking of applying for a grant we strongly suggest that you check out our Security Grant Assistance Page because we expect that there will be minimal changes in the application process. Have all of the materials for your Investment Justification (your vulnerability assessment and the answers to the questions on the 2012 Investment Justification) ready to submit before Congress acts. If a new round of grants is announced you will be able to quickly determine any changes in the 2013 Investment Justification and merely cut and past your answers into the 2013 spreadsheet.