Skip to content

Illustration by iStock; Security Management

How Faith-Based Organizations Can Improve Threat Intelligence Collection

On 9 March 2023, a gunman attacked a Jehovah’s Witness meeting hall in Hamburg, Germany, killing four men, two women, and an unborn baby, the BBC reported. The alleged gunman later killed himself. The suspect reportedly had “ill feelings” toward the religious community, and he was a former member of the group. Police had previously received an anonymous tip that raised concerns about the suspect’s mental health, but they did not have enough grounds to confiscate his weapon at the time, according to The Guardian. It is unclear if those concerns were shared with leaders at the Jehovah’s Witness congregation before the attack, or if any additional security measures could have been taken given early warning.

Houses of worship and religious institutions worldwide face myriad threats, from petty crime and politically influenced vandalism to extremism and mass shootings. Many faith-based organizations lack formal resources and functions dedicated to security and risk monitoring, however, which puts them at a disadvantage when it comes to early warning and threat response.

Fortunately, many countries have extensive resources to help houses of worship reinforce their security posture.

Shared Resources

Houses of worship are unlikely to be able to perform threat assessments using only their internal resources—“that is very rare” says Alejandro Liberman, CPP, consultant at Gloher Group and former head of the Jewish Security Office in Argentina. Instead, faith-based organizations often turn to government sources and each other for some assistance.

In the United States, resources from the U.S. Department of Homeland Security (DHS) and its secondary Cybersecurity and Infrastructure Security Agency (CISA) offer houses of worship across religions and denominations threat information, checklists, security guidance, and intelligence-sharing.

“The United States is regularly creating spaces where government agencies—including DHS, the Federal Emergency Management Agency (FEMA), and the FBI—can conduct outreach to any group wanting to self-protect or improve its security,” Liberman says.

U.S. states and major cities often have fusion centers that collect and disseminate threat intelligence, and law enforcement agencies have terrorism liaisons who can work with houses of worship on extremism threats and concerns. This infrastructure enables houses of worship to rely on a single congregant or employee to manage an intelligence function, Liberman says.

Meanwhile, the Community Security Trust (CST)—a UK charity that offers security guidance and intelligence to protect British Jews from anti-Semitism and related threats—provides a terrorism and hate crime database and tipsheets for physical security best practices.

This is not a universal net of assistance, though. In Latin America, resources are thin on the ground and response capabilities are not centralized. Even in Buenos Aires—arguably home to the largest Jewish population in Argentina—the Jewish community center has little money and no resources for security challenges, Liberman says. This means that keeping in touch with other groups about shared threats is essential. Faith-based groups can centralize some response capabilities, such as crisis communications or threat assessment, across denominations or facilities. In addition, organizations may need to look to unexpected sources for assistance, such as the local Israeli embassy or another religious institution’s analysis.

In some countries, including Argentina, it is frowned upon (or even illegal) for a private institution—including religious ones—to have a formal intelligence function, so houses of worship and religious groups should frame their efforts carefully, Liberman cautions.

Triggers for Attention

So, where should an organization start in building a threat monitoring program? It can be daunting to determine a starting point—especially when threats and extremist themes echo on social media and online forums.

In his work around security for the Argentine Jewish community, Liberman and his team compiled lists in two primary categories: priority threat groups or individuals and priority dates.

Groups or personalities of interest. Liberman maintained two lists here: personalities and groups that could be targeted and personalities or groups who could pose a threat. The first category included members of the Jewish community in Argentina and beyond who are frequent lightning rods for controversy or pushback; highly visible members of the local community, such as artists, politicians, or religious figures; and organizations or groups that might host events or be targeted for protests or direct action. The second category included people who have voiced negative activity against protected sites in the Jewish community, including houses of worship, community centers, or businesses that could be targeted.

“We would monitor media, their declarations, their own websites, and—when social networks started to spread—all the open-source information we could get, and we would look for triggers and red flags,” Liberman says.

Dates. These can be dates that matter to the threat actors—such as 20 April (Adolf Hitler’s birthday), 30 April (the date of Hitler’s death), or the summer solstice, which are considered relevant to some neo-Nazi factions. They could also be dates that hold significance to the religious group and could draw a large amount of people or attention. For Liberman, that includes Jewish events or memorial dates, such as Holocaust Remembrance Days, high holy days, and broader historically significant dates like 9/11.

While a calendar of priority dates gives houses of worship a good starting point, threats rarely stick to a schedule. This is why monitoring threat groups or divisive personalities is useful.

“We monitor the groups to see what they are going to call for during a certain event or for a certain point in time,” Liberman adds.

Left-wing groups are traditionally particularly vocal online about their intentions to protest, which makes gathering open-source intelligence straightforward. In response to Israeli settlement activity on the Palestinian West Bank or clashes in Israel, left-wing anti-Zionists would regularly launch protests at the Israeli embassy in Argentina that would spill over to Jewish community centers or sites. Monitoring those groups’ social media handles enabled the organization to take appropriate and early physical security precautions, Liberman says.


After identifying groups and dates of interest, Liberman would rely heavily on open-source intelligence (OSINT) to monitor activity of both friends and foes. Posts on publicly accessible websites and social media pages are free to access and provide the lowest acceptable level of intelligence, he adds.

“If I have less than what is public, that is negligence,” Liberman says. “If there is a left-wing party gathering near a synagogue to protest anything and I am not aware, that’s negligence.”

For more secretive or informal groups—such as the Boogaloo Bois in the United States—security teams might need to monitor alternative networks, including those on the Deep Web or non-mainstream sites, Liberman adds. For security teams with a bigger budget, they can hire a private security company to collect all of this material and develop reports, but few faith-based organizations or houses of worship have the resources to support such a contract, he says.

After collecting information through open sources and evaluating any potential risk, Liberman would then use human intelligence (HUMINT), sending plainclothes security professionals to gather more information on groups near a place of interest or an event. Those professionals can evaluate the mood on the ground and glean early warning of any shifting plans or escalating emotions.

In Argentina, private organizations are not authorized to produce intelligence with subterfuge, so security cannot go undercover or use false identities—either in person or online—so Liberman would collaborate with government and law enforcement teams if that level of in-depth intelligence was required.

Acting on Intelligence

Once credible intelligence has been gathered and assessed, faith-based groups can take a number of actions to prepare for events or threats.

Extend the security perimeter. The faith-based institution or site holding a service or event could extend its perimeter outward, working with authorities to close down streets or change the flow of traffic. Security teams can also ask law enforcement to add or staff roadblocks to further limit unhindered access to the location. This expanded view lets security teams detect potential threats further out from the protected site and respond faster.

Get reinforcements. Depending on the threat or the event, security leaders can ask law enforcement or government authorities to provide extra personnel, potentially including plainclothes officers outside the perimeter to monitor for suspicious individuals or changing conditions, Liberman says.

Define actions for specific triggers. This thought process helps security teams plan out their responses to diverse and escalating scenarios, Liberman says.

“The good practices would indicate that the planning of an event should consider threat information, should consider the possible actions of the adversary, and try to specify what are going to be the red lines: ‘If this group appears, what are we going to do? If this group comes toward us, what are we going to do? If this group steps over this line, what are we going to do?’”

Liberman recalls a major event he secured in a stadium in Buenos Aires in honor of Israel’s Independence Day.  The activity—which was attended by 5,000-7,000 people—faced a counter-event a few blocks away hosted by members of the Arab-Islamic community and left-wing protesters. When the protesters began marching toward the event, Liberman’s team was watching.

“We had a red line that we had defined because if they passed that line and tried to attack the event en masse, it would be very difficult to avoid or counter that, and we could only be protected by government officials,” Liberman says. “I had a security team of 90 people that day, and we could not fight them, not in those numbers and that terrain.”

So, Liberman and his team determined where their red lines were and formalized those plans with the Argentine government before the event to let them know what the security team could handle and when additional support would be required.

In the end, the protesters stopped 100 meters short of the red line, raising concern but not triggering additional action. Liberman suspects that law enforcement officials approached the counter-event organizers to explain where the red line was, what action would be taken if they crossed it, and warned against it.

Because Buenos Aires is a demonstration-rich city, Liberman says, the police have lots of practice in negotiating with protesters about how they can use public space safely and without excessive disruption of daily life. These negotiations are often tactical solutions meant to avoid broader conflicts.

Although negotiating over barriers and disclosing some security measures and triggers undercuts the rule of law, Liberman says, police are very aware of protesters’ ability to escalate to violence and choose to prepare multiple avenues for de-escalation, including these types of compromises.

Communicate. From events to the day-to-day, Liberman emphasizes the need to stay in regular communication with stakeholders inside the faith-based organization and its counterparts in the area, plus government counterparts and support teams where available.

Methods of information dissemination can vary depending on the type and urgency of the intelligence. Liberman used WhatsApp groups to informally share information across Jewish institutions and sites, and he leveraged ASIS Connects to communicate across the local chapter about emerging threats and trends.

If more direct action was required based on the information collected, Liberman would send a more formal email to stakeholders in his local network.

When communicating with law enforcement or security forces, the outreach approach depended on the level of intelligence. For acute threats with significant substantiating evidence, Liberman would communicate directly to authorities with formal statements, outlining security plans and flagging requests for appropriate support. For less acute threats—such as emerging trends or a new person of interest who has been making threatening statements—Liberman would have an informal face-to-face meeting with a security force contact to discuss concerns.

If red flags start cropping up through regular threat actor monitoring or open-source intelligence, proactively share advice, best practices, and reminders—as well as resources.

Claire Meyer is managing editor for Security Management. Connect with her on LinkedIn or email her directly at [email protected].