Accessing Federal Funding to Mitigate Nonprofit Threat Vulnerabilities

Guest Post by Robert B. Goldberg

FEMA logo.png

Congress appropriated $305 million in December for this year’s (FY 2023) Department of Homeland Security (DHS) Nonprofit Security Grant Program (NSGP). This constituted a $55 million increase over the previous year’s funding and a 12-fold increase since FY 2017. The meteoric jump in funding coincides with a recognition of elevated threats targeting faith-based communities and the nonprofit sector.

Administered by the Federal Emergency Management Agency (FEMA), NSGP is now the largest of FEMA’s Preparedness Grant Programs by volume. Last year, FEMA reviewed over 3,500 NSGP applications and awarded more than 1,800 grants. This year, with increased funding, more than 2,000 grant awards are expected to be made.

NSGP provides federal funding to support target hardening and other physical security enhancements and activities to nonprofit organizations that are determined to be at high risk of and vulnerable to terrorist or terroristic attack. NSGP grants are commonly used to fund security surveillance cameras/CCTV, controlled entry and access systems, security enhanced doors or windows, alarm, alert, or notification systems, blast proof doors or windows, and physical barriers, fences, or bollards. Funds may also be used to support security planning, training, and exercises and to contract security personnel. There are more than thirty eligible categories of approved equipment and activities.

Over the past year, DHS issued three threat advisory bulletins (on 30 November, 7 June, and 7 February) that warned faith-based institutions were under threat from both white supremacists and Islamicists. This past November, Homeland Security Secretary Alejandro Mayorkas testified before Congress, “those driven to violence are targeting … soft targets such as … faith-based institutions,” and that addressing these threats requires an approach that includes nonprofits. Echoing these warnings, FBI Director Christopher Wray testified in August that the “top domestic terrorism threat we face continues to be from … Racially or Ethnically Motivated Violent Extremists,” who more recently have focused on accessible targets such as houses of worship.

The threats to faith, ethnic, and minority communities are complex and diffuse. This past year’s public record underscores the frequency and breadth of the targeting that included the use of BB guns, stun guns, handguns, ghost guns (3-D printed and untraceable), shot guns, sub-machine guns, fully automatic machine guns, arson, explosives, edged weapons, assault, intimidation, trespass, and property damage. Released in November, the FBI’s 2021 Hate Crimes Report (HCR) found that of the 1,112 crimes motivated by religious bias, anti-Jewish (31.6 percent), anti-Sikh (19.6 percent), anti-Islamic (Muslim) (10.9 percent), anti-Eastern Orthodox (Russian, Greek, Other) (6.7 percent), and anti-Catholic (6.4 percent) were the top victim categories. Note: The HCR data is imperfect and undercounts the actual number of crimes that occur.

The next threat event could happen anywhere and without warning. FBI Director Wray and other law enforcement and counterterrorism experts warn repeatedly that violent extremists are likely to act alone and are unlikely to conspire with others regarding their plans, are increasingly choosing soft targets for their attacks, such as houses of worship, and provide limited opportunity for law enforcement to detect and disrupt attacks before they occur.

In response, DHS, through the Cybersecurity and Infrastructure Security Agency (CISA) and within recent National Terrorism Advisory System bulletins, advocates for faith-based institutions, and by extension at-risk nonprofits, to bolster their security, including through the NSGP program. CISA also advises, and the NSGP program requires, nonprofits to undertake a Vulnerability Assessment (VA) to determine potential threats, vulnerabilities, and consequence of an attack and to identify and prioritize appropriate mitigation actions and activities to respond.

Despite the VA being a cornerstone of the NSGP program, FEMA provides only limited guidance on what a VA should entail. According to FEMA, the VA may be conducted by a contractor/vendor, by a state or local law enforcement agency, through a self-assessment tool, or through other “valid” method (i.e., experienced community security personnel). As the grant’s primary focus is to harden the physical structure of the nonprofit organization and persons and property inside, FEMA advises the VA focus on the “internal vulnerabilities and weaknesses” of the entity’s physical facility/address. The projects and activities requested through the NSGP application must align specifically to mitigate the internal vulnerabilities identified and prioritized in the VA. If an otherwise permissible cost is not identified and substantiated in the VA, it cannot be approved for funding. Finally, FEMA instructs NSGP applicants to check to see whether their State Administrative Agencies have any additional supplemental VA requirements to fulfill. Other than that, FEMA provides no other VA guidance.

Unfortunately, many nonprofits applying for the grant, overlook the significance of the VA as a foundational document and road map to completing a strong NSGP application. To their detriment, they may mistakenly view the VA merely as a qualifying “check the box” requirement to fulfill, which is a strategic error.

This is unfortunate because the NSGP grant is highly competitive. The application review/scoring process is diffuse and is influenced by multiple stages of review (i.e., federal, state, and local) involving multiple factors. Factors include quantity of applicants (i.e., limited resources), quality of applications (i.e., competency, completeness, and impact), risk analysis and ranking (i.e., by state or jurisdiction), national intelligence analysis (i.e., immediate security concerns facing the nation), and discretion (i.e., policy priorities).

Of these factors, the nonprofit has control over application quality. A strong application will be complete, comprehensive, and succinct and will clearly and straightforwardly relay to the reviewers/scorers a logical sequence of justifications and investments that when implemented will successfully mitigate the vulnerabilities and increase the preparedness and security of the organization. The key to drafting a strong application is obtaining a quality VA, taking the time to read and understand its details, and relying on the VA to formulate responses to the application questions. A strong VA will make the application drafting experience much easier. VAs may vary in quality and cost (from free to fee). Obtaining a professional assessment is considered a best practice towards this end. However, any costs associated with the VA are not reimbursable through the NSGP grant.

Bottom line: Faith-based and community organizations that plan and draft NSGP applications early and undertake and rely upon quality Vulnerability Assessments have a competitive edge. Whether applying for the NSGP grant or not, ALL faith-based and community organization are strongly recommended to obtain a base-line VA to better understand their vulnerabilities and the range of solutions available to them to manage their risk.

Rob Goldberg is an attorney and seasoned federal lobbyist. He played leading roles in establishing, developing, continuing, and expanding the DHS Nonprofit Security Grant Program (as well advancing several state homeland security grant programs). Over the past 20 years, Rob has advised and assisted thousands of houses of worship, faith-based institutions, nonprofit organizations, professional grant writers, and security vendors and personnel on navigating the NSGP program and application process. Rob is the founder and principal of Goldberg & Associates, LLC, which specializes in NSGP grant writing assistance. For questions or comments, Rob may be reached at

Leave a Comment