March 1, 2026

Threat Intelligence Update for Churches

Threat Level: LIKELY (Elevated Threat) – ORANGE

Situation Summary

The Department of Homeland Security has issued a National Terrorism Advisory System bulletin warning of a heightened threat environment following United States strikes on Iranian targets. The bulletin cites the possibility of retaliatory actions by Iran aligned actors, including low level cyber activity and the potential for violence inspired by foreign events. Major metropolitan areas, including New York, Los Angeles, and Washington, D.C., have increased visible security at sensitive, cultural, and religious locations.

In addition to the DHS bulletin, senior Iranian officials have publicly stated that the recent strikes crossed what they described as a red line and have warned of significant retaliation against the United States and its allies. That rhetoric is being amplified across international media and social platforms. While such statements are part of strategic messaging during conflict, they contribute to an elevated threat environment and can act as a catalyst for both state directed and inspired activity.

At this time, there is no publicly identified, specific, credible threat directed at churches. The advisory reflects broader geopolitical tension and the potential for secondary effects inside the United States.

Threat Assessment

Based on currently available information, the most realistic near term risks to churches fall into three categories.

First, the possibility of inspired lone actors. When foreign conflict escalates and receives sustained media coverage, individuals who are already radicalized or unstable can interpret events as justification for violence. Houses of worship remain symbolic and comparatively soft targets.

Second, low level cyber activity. DHS specifically referenced distributed denial of service attacks and website defacements. Many churches rely heavily on livestream platforms, online giving portals, and web based communication systems. Even nuisance level cyber disruption can create confusion during services or interfere with administrative functions.

Third, increased tension within local communities. Heightened rhetoric surrounding international conflict can lead to protests, counter protests, or emotionally charged encounters near religious or cultural sites.

Fourth, Open source reporting and prior counterterrorism interviews conducted through Christian Warrior Training have documented long standing Hezbollah infrastructure inside the United States, including a report from a retired Joint Terrorism Task Force officer that thousands of operatives and sympathizers are present nationwide. Hezbollah has historically functioned through compartmentalized cell structures capable of activation if directed by Iranian leadership.

Given the current escalation involving Iran, it would be irresponsible to assume that coordinated action is impossible. While there is no publicly released intelligence bulletin identifying a specific church target or confirmed operational timeline, the combination of Iranian retaliation rhetoric, existing Hezbollah infrastructure, and ongoing Middle East conflict creates a credible risk environment that includes the possibility of coordinated or near simultaneous attacks should activation orders be given.

Churches should therefore operate under the assumption that both inspired lone actors and organized cells are plausible threat vectors during this period of escalation. Elevated posture and disciplined awareness are warranted.

Recommended Actions for Churches

Church leadership and safety teams should take practical, visible steps this week and reassess regularly as the situation develops.

Increase visible presence during services and events. Uniformed safety team members positioned at primary entrances, parking areas, and high traffic zones provide deterrence and reassurance.

Conduct exterior checks prior to services. Walk parking lots, check doors, observe for unattended bags or unusual vehicles, and identify any individuals lingering without clear purpose.

Ensure CCTV monitoring is active and staffed. Cameras should be observed in real time when possible, not simply recorded. Confirm that recording systems are functioning and that footage can be retrieved if needed.

Test communications equipment. Radios should be charged, functional, and used in plain language. Confirm that key leaders have updated contact information for local law enforcement.

Review lockdown and evacuation procedures. Safety teams should refresh their understanding of who initiates a lockdown, how it is communicated, and how children’s ministry areas are secured.

Address basic cyber hygiene. Enable multi factor authentication on church administrative accounts, confirm who has website and livestream platform access, back up critical data, and ensure hosting providers are current on security patches.

Maintain normal ministry operations while remaining alert. Doors should remain open to those who come to worship, but teams should operate with disciplined situational awareness.

Outlook

This elevated environment is driven by international developments and may fluctuate quickly. Churches should monitor official DHS updates and maintain communication with local law enforcement partners. Further updates will be provided as additional intelligence becomes available.

Leave a comment