Threat, yes. Is it credible?

January 27, 2014

Today, Jewish organizations were made aware of an email threat sent to a national Jewish organization threatening violence.  It is unknown at this time if the threat is credible and no specific locations were named.

Given the nature of the email and threat of violence, law enforcement officials are actively investigating the threat. In light of the number of shootings at universities, schools, malls and other public places over the past several weeks (none of which had any Jewish connection), we are sharing this information out of an abundance of caution. We encourage Jewish organizations to increase security awareness and vigilance at your facilities, review security plans and ensure appropriate security measures are in place.

Action Steps

  • Connect with local law enforcement to discuss security. If you have not established personal relationships with key police personnel, set up a meeting to do so.
  • Ensure that your institution’s rules and procedures dealing with who gets into your facility and events are sufficient and are functioning (access control). See JCRC-NY’s Sample Building Access Policies & Procedures (PDF).
  • A facility should have as few entry points as possible (ideally one), so that no one is able to enter your facility without being greeted and observed. Be sure to obey all fire codes and ensure adequate routes for exiting the building.
  • Suspicious behavior should be promptly reported to the police or security personnel. See ADL’s Guide to Detecting Surveillance of Jewish Institutions.
  • Suspicious packages and strange devices should be promptly reported to the police or security personnel. See US Postal Inspection Service Guide to Mail Center Security (PDF).
  • Ensure that your staff members, including newly hired personnel, know their role in security and what to do in the event of an emergency.
  • Ensure that existing safety devices (video cameras, lights, walkie talkies, etc.) are in good working condition.
  • Trust your instincts. If something strikes you as being out of place or problematic, call the police immediately.

Jewish organizations should work to create a “culture of security” that balances keeping everyone and everything safe, with an organization’s need to be warm and welcoming. If your organization has a culture of security you will have a plan to implement when there is a threat.

Are you ready to start? The resources on JCRC-NY’s Security Info WebpageJCRC-NY’s Security Resources WebpageADL’s Security Website, ADL’s security manual Protecting Your Jewish Institution and Emergency Planning Manual: Disaster and Crisis Response Systems for Jewish Organizations, published by United Jewish Communities and written by John Jay College of Criminal Justice and JCRC-NY are great places to start.

Prospects look good for a 2014 grant

January 09, 2014

Update January 15: Today, the House voted overwhelmingly, 359-67, to approve a $1.1 trillion spending bill for the current fiscal year. It is expected to move quickly through the Senate and be signed by the President. The bill appropriates $13 million for the Nonprofit Security Grant Program, an increase of 30% over last year.

Update January 14: Congress filed the omnibus appropriations bill late yesterday, including funding for the Nonprofit Security Grant Program. The bill will be debated over the weekend.

Thanks to the incredible work of a coalition led by The Jewish Federations of North America/JFNA (with JCRC-NY and UJA-Federation playing active roles) there is likely to be another round of the Nonprofit Security Grant Program (NSGP). The JFNA Washington Office, directed by William Daroff, and its Senior Director, Legislative Affairs, Rob Goldberg deserve our most heartfelt gratitude.

For those who want the gory details: The House and Senate Appropriations Committees continue work to complete the FY14 Omnibus Appropriations bills before the current Continuing Resolution (CR) expires on January 15th. As has been the case over the past few years, it is doubtful that they will complete their work before the deadline, so there is likely to be another, short CR, giving Congress additional time to debate and vote (after all, the Omnibus bills cover virtually the entire federal budget). According to reports as of January 8th, the DHS budget was not yet approved, but is largely completed. Once the DHS budget is approved, our Washington champions will learn how much was allocated for the NSGP.

Appropriators on both sides of the aisle and chambers have pressed for a clean bill that does not include divisive partisan policy riders.  However, once the bill is filed and details emerge there are likely to be calls for amendments to diminish or obstruct implementation of Obamacare, EPA rules, and Wall Street protections or support anti-abortion policies (more than 130 such policy riders that have been mentioned, including aid for houses of worship damaged by Superstorm Sandy). There also remain, especially in the House, a number of conservatives who would still prefer passing a year-long CR at the lower FY13 spending level.

Get Ready

We strongly urge organizations contemplating applying for a grant to immediately take steps to deal with some of the details of the application package:

  • Pre-qualify with NY State. Applications from New York nonprofit organizations that have not “pre-qualified” will not be considered, so start this process immediately. There are five parts of this process so we strongly urge you to start now because it may take some time. We will schedule a webinar on pre-qualification in the near future.

Effective August 1, 2013, not-for-profit organizations must be prequalified in order to do business with New York State (i.e., to receive a grant). In order to prequalify, not-for-profit organizations must submit an online Prequalification Application through the Grants Gateway. The Prequalification Application is comprised of five components to gauge your organizational structure and the types of services you provide. The required forms and document uploads are all part of the Document Vault. Resources to complete the application and associated document vault can be found in the Quick Links Section of the Grants Gateway website: http://grantsreform.ny.gov/Grantees.

  • Vulnerability assessment. We expect that the “Investment Justification” will again be based on a “previously conducted vulnerability assessment.” See Getting a vulnerability assessment for more details and suggestions.
  • Read and understand the Investment Justification. Download the Investment Justification from last year here. There will be some changes, but they are usually minor. You can find JCRC-NY’s guidance on each section on the “Security Grants” webpage (and below). Note: many applicants lost points last year because they did not properly respond to the questions.

JCRC offers $5,000 reward for “knockout” assailants

December 04, 2013

The Jewish Community Relations Council of New York (JCRC-NY) announced a reward of up to $5,000 for information leading to the arrest and conviction (or a finding of delinquency) of individuals responsible for any of the reported, so-called “knockout” assaults in New York City.

Michael S. Miller, Executive Vice President and CEO of the Jewish Community Relations Council of New York (JCRC-NY) explained, “These attacks have dislodged the sense of safety and security that most New Yorkers feel when they walk our streets. The cowardly assailants often prey on the most vulnerable: Jews and Christians, Blacks and Whites. There have already been arrests. We want to give the NYPD an additional tool to stop these crimes as quickly as possible”.

The so-called “knockout” attacks are being investigated as possible hate crimes by the NYPD Hate Crimes Task Force. Michael Miller continued, “We thank Police Commissioner Kelly for his response to this outbreak. The Hate Crimes Task Force has some of the finest investigators in the NYPD, who are employing every resource available to arrest those responsible. We offer this reward in order to help make the streets safe for all New Yorkers.”

Because there are multiple attacks, the JCRC-NY will work with the NYPD to determine the amount of each reward, up to a maximum total of $5,000.

Anyone with information about any of the so-called “knockout” attacks should contact NYPD Crimestoppers at 1-(800) 577-TIPS. Your identity and information will be kept anonymous.

New cyberthreats (including CryptoLocker Ransomware)

November 17, 2013
Stop. Think. Connect.
Click on the icon to download a set of posters to help you create a culture of cybersecurity.

The FBI and the National Cybersecurity and Communications have identified new computer malware threats and recommend that, “organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.” Destructive malware is a direct threat to your daily operations. Because of the increasing sophistication of malware, anyone (employee, client, volunteer, student) who  is on your network could trigger an infection affecting everyone. Organizations should work to develop a culture of safe computing.

  1. The publication, Planning and Recommended Guidance: Destructive Malware is technical, but it is a good guide for techies. Please pass it on to your IT departments and/0r consultants to assist them to protect you, your data, your credit and your reputation.
  2. The National Cyber Awareness System reports outbreak of “ransomware” that restricts access to infected computers and demands a payment to to decrypt and recover your files (see CryptoLocker Ransomware Infections for more information and how to undo the damage). The latest means of infection appears to be phishing emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. Some victims saw the malware appear following after a previous infection from existing botnets lurking on infected computers.

Recommendations:

    • Do not follow unsolicited web links in email messages or submit any information to webpages in links.
    • Use caution when opening email attachments. Refer to Using Caution with Email Attachments for more information on safely handling email attachments.
    • Maintain up-to-date anti-virus software.
    • Perform regular backups of all systems to limit the impact of data and/or system loss.
    • Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity.
    • Secure open-share drives by only allowing connections from authorized users.
    • Keep your operating system and software up-to-date with the latest patches.
    • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
    • Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

US-CERT and DHS encourage users and administrators experiencing a ransomware infection NOT to respond to extortion attempts by attempting payment and instead to report the incident to the FBI at the Internet Crime Complaint Center (IC3).

Related information:

For more tips about cybersecurity, check out the following non-technical publications:

Street closures during UN Week

September 18, 2013

Due to the visit of world leaders for the 68th Session of the United Nations General Assembly and other High-Level Meetings, there will be street closures and other traffic restrictions, security check points, and extremely limited parking in the vicinity of the United Nations from Monday, September 23, 2013 through Wednesday, October 2, 2013.

See the details on road closings, other restrictions and help numbers at UN_General_Assembly_20130917

Schumer, Gillibrand secure over $3.4 million for 39 at-risk Jewish organizations

September 04, 2013

SCHUMER, GILLIBRAND SECURE OVER $3.4 MILLION TO IMPROVE EMERGENCY PREPAREDNESS FOR RELIGIOUS INSTITUTIONS & ORGANIZATIONS IN-AND-AROUND NYC; GRANTS AWARDED TO 39 AT-RISK JEWISH SCHOOLS AND CONGREGATIONS

Schumer and Gillibrand Secured over 30% Of Total Funding For Organizations Based in New York – Out of the Total $10 Million Granted to Awardees Across the Country

The Awardees Include 39 Jewish Educational Institutions and Congregations; The Money Will Help These At-Risk Nonprofits For Security Preparedness

Schumer, Gillibrand: These Schools and Congregations are Vital Parts of our Community and Like Institutions Have Been Targeted Before; We Must Do All We Can to Protect All At-Risk Institutions

U.S. Senators Charles Schumer and Kirsten Gillibrand today announced that 39 New York Jewish organizations, including schools and congregations, and more have received a combined total of $3,425,148 for the 2013 fiscal year as Urban Areas Security Initiative (UASI) Nonprofit Security Grant Program (NSGP) Awardees. The program, run by the Federal Emergency Management Agency (FEMA), awards federal funds to nonprofit organizations that are at a high risk of a national terrorist attack to encourage preparedness efforts.

“Would-be evildoers have previously targeted schools and congregations for attacks and that’s why FEMA’s Nonprofit Security Grant Program is critical in making sure that high-risk organizations like Jewish schools and congregations are safe and protected from terrorist attacks,” said Schumer. “It is especially important for organizations in and around New York City to receive this federal funding, which will go a long way to ensure that they are fully prepared for whatever may happen in the future.”

“New York’s religious institutions and non-profit organizations are the backbone of our communities,” Senator Gillibrand said. “No New Yorker, or American, should ever have to live or worship in fear of being targeted because of who they are or what they believe. As we have seen, New York City’s places of faith, worship and community gatherings continue to be targeted by hatred. These homeland security dollars will help arm our non-profits with the resources they need to guard us from attacks and keep us safe.”

The Nonprofit Security Grant Program (NSGP) is run under the Federal Emergency Management Agency’s (FEMA) Urban Areas Security Initiative (UASI). For the 2013 fiscal year, the UASI NSGP was budgeted $10 million. Only eligible nonprofit organizations, as described by the 501(c)(3) tax code of 1986, may apply for this grant. To be eligible, the nonprofit must be at high risk for an international terrorist attack and must be located in one of the designated urban areas throughout the country.

The 39 Jewish organizations that received funding from the New York City area are the Bay Terrace Jewish Center, Bnos Square of Williamsburg, Bnos Zion of Bobov, Boro Park Hatzolah, Chabad Israel Center of the Upper East Side, Chabad Lubavitch of Brooklyn Heights, Chabad of Great  Neck, East Meadow Jewish Center, Greater Five Towns YM & YWHA-DBA-JCC, Hatzolah of Williamsburg, Hebrew Academy of the Five Towns and Rockaway, Jewish Community Council of Greater Coney Island, Jewish Foundation School of Staten Island, Jewish Institute of Queens, Lincoln Square Synagogue, Magen David Yeshivah, Manetto Hill Jewish Center, Mayon Chai, North Shore Hebrew Academy, Old Westbury Hebrew Congregation, Park East Synagogue, Rabbi Arthur Schneier Park East Day School, Ramaz School, Shulamith School for Girls of Brooklyn, Sid Jacobson Jewish Community Center, Talmud Torah D’Nitra, Temple Israel of Great Neck, Temple Israel of Northern Westchester, The Bialystoker Synagogue, The Center for Jewish Life, United Talmudical Academy, Yeshiva Beth Hillel of Williamsburg, Yeshiva of Brooklyn, Yeshiva Tifereth Moshe, Yeshiva of Flatbush, Young Israel of Flatbush, Young Israel of Midwood, Young Israel of Woodmere and Young Mens and Young Womens Hebrew Association of Bronx.

Syria: potential repercussions

September 01, 2013

The escalating drumbeat for military action naturally leads to questions about possible terrorism here in New York. Note: as of today there are no specific, credible threats against New York or the Jewish community. Nevertheless, all Jewish organizations should review their security and emergency preparedness plans to ensure that they are up-to-date and that they can be readily implemented. Some specifics:

High Holidays

If you are an organizations hosting High Holiday services and/or programs you should:

  1. Notify your local police about all planned services and programs. Discuss the number of people expected at each service and ask them for any suggestions that could improve your security and emergency preparedness plans.
  2. Review your security and emergency preparedness measures, especially access control, evacuation and lockdowns. Meet with your staff and volunteers and make sure that everyone is on the same page and knows what to do. Check the “High Holidays” category for more suggestions..

Potential for Cyberattacks

Last week the Syrian Electronic Army compromised the New York Times website and others. Western financial institutions are also targetted by others. We all should review our own cybersecurity because, in the past, anti-Israel hackers have attacked Jewish-related sites. See JCRC’s Cybersecurity Resources.

This week the FBI distributed the following:

  • The Syrian Electronic Army (SEA), a pro-regime hacker group that emerged during Syrian antigovernment protests in 2011, has been compromising high-profile media outlets in an effort to spread proregime propaganda. The SEA’s primary capabilities include spearphishing, Web defacements, and hijacking social media accounts to spread propaganda. Over the past several months, the SEA has been highly effective in compromising multiple high-profile media outlets.
  • The SEA has recently compromised high profile media Web sites through a new tactic of hacking third party networks – including a Domain Name System (DNS) registrar and a content recommendation website.
  • In April 2013, the SEA compromised the Twitter feed of the Associated Press, posting a false story that President Obama was injured, causing in a brief drop in the stock market.
  • In addition to Syrian hackers, groups or individuals sympathetic to the SEA may also be observed participating in CNO efforts against US Web sites and networks.
  • Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security. If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force or the FBI CyWatch (855) 292-3937 immediately.

Defending Against Hacktivism

In general, hacktivism cyber attacks may result in denial of service, Web site defacements, and the compromise of sensitive information which may lead to harassment and identify theft. Although the specific OpUSA claims referenced above speak specifically to DDoS attacks, precautionary measures to mitigate a range of potential hacktivism threats include:

  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks. 
  • Have a DDoS mitigation strategy ready ahead of time and keep logs of any potential attacks.
  • Scrutinize links contained in e-mail attachments.
  • Regularly mirror and maintain an image of critical system files.
  • Encrypt and secure sensitive information.
  • Use strong passwords, implement a schedule for changing passwords frequently and do not reuse passwords for multiple accounts.
  • Enable network monitoring and logging where feasible.
  • Be aware of social engineering tactics aimed at obtaining sensitive information.
  • Securely eliminate sensitive files and data from hard drives when no longer needed or required.
  • Establish a relationship with local law enforcement and participate in IT information sharing groups for early warnings of threats.

Nonprofit Security Grant Program 2013 statistics

August 29, 2013

The US Department of Homeland Security announced the winners of the 2013 NSGP and New York did better than ever.

This year, New York State awardees will have to do additional paperwork and we realize that  the requirements may be inappropriate for some of the grantees. JCRC reached out to Gov. Cuomo’s office to request alternatives. Stay tuned. Meanwhile, if you have any questions about prequalification, please go to the Grants Reform website at http://www.grantsreform.ny.gov/ or contact Valerie Bloomer at (518) 242-5099 or via email at vbloomer@dhses.ny.gov.

Thanks to NY DHSES Commissioner Jerome M. Hauer, Shelley Wahrlich and Valerie Bloomer for making this critical program work in New York.
Thanks to NY DHSES Commissioner Jerome M. Hauer, Shelley Wahrlich and Valerie Bloomer for making this critical program work so well in New York.

Unrest overseas: security and emergency planning for the High Holidays

August 29, 2013

International terror alerts and the possibility of U.S. military action in the Middle East remind us that we should devote extra attention to security and emergency planning.  Here are important resources to help make the High Holiday season meaningful, safe and secure.

Check out guidance from the JCRC-NY’s and the ADL:

Is Rosh Hashanah really early this year?

August 06, 2013
From the collection of the Center of Jewish History via the JTA.

No, it’s always exactly as scheduled. Rosh Chodesh Elul signals that the High Holidays are soon upon us and the international terror alerts remind us that we should devote extra attention to security and emergency planning.  Here are important resources to help make the High Holiday season meaningful, safe and secure:

  1. Police briefingsThe NYPD (Tuesday, August 27, 2013) and Nassau County Police (Wednesday, August 28th) will host briefings for the Jewish community. Both departments will brief the community on their assessments of the security environment. The meetings are also an important opportunity for community and police leaders to meet and shmooze. Click here for more information and to RSVP to either of the meetings.
  2. Review the ADL’s Security Recommendations for the High Holidays.
  3. Check out the JCRC-NY’s presentations on High Holiday access control and preparing for the unexpected.
    1. Houses of Worship and the High Holidays (PDF excerpt from Emergency Planning: Disaster and Crisis Response Systems for Jewish Organizations) The High Holidays are a special challenge for synagogues. Find tips for security and emergency planning here.
    2. High Holidays Security and Emergency Preparedness Thinkplate
    3. Access control considerations during high holiday services” (PDF) Dov Horwitz, Security Specialist, JCRC-NY
    4. Tips on detecting hostile surveillance” (PDF) Paul DeMatties, Senior Advisor on Corporate Security Programs and Director of the Counter-Terrorism Assessment Program, John Jay College of Criminal Justice
    5. Planning for the unexpected: High Holiday edition” (PDF) David Pollock, JCRC-NY
    6. View a video transcript of these presentations.

Police briefings. The NYPD and Nassau County Police will host briefings for the Jewish community. Both departments will brief the community on their assessments of the security environment. The meetings are also an important opportunity for community and police leaders to meet and shmooze.

    1. The NYPD High Holiday Security Briefing with Police Commissioner Raymond W. Kelly is scheduled for  Tuesday, August 27, 2013 at 11 AM  (refreshments will be available at 10 AM) at One Police Plaza. RSVP’s are required. Email your reservation to Sgt. Richard Taylor in the Office of the Chief of Community Affairs by clicking here.
    2. Note time change: The Nassau County Police Department’s briefing with Police Commissioner Thomas Dale is scheduled for Wednesday, August 28th at 2 PM in the Donald F. Kane Auditorium of Police Headquarters, 1490 Franklin Avenue, Mineola. Email your reservation by clicking here.