5 Steps to Help Secure Your City before a Large-Scale Event

Large-scale events present a unique set of risks and logistical complexities, which require detailed operational planning, coordination between multiple stakeholders with differing interests, and continuous situational awareness.

Given the high-visibility and level of public interaction of large-scale events, they are often viewed as attractive targets for cyber, physical, and information operation threats. This threat environment requires public safety officials and event organizers to stay aware of emerging threat trends, proactively engage in information sharing, establish crisis communications protocols, and implement robust physical security standards to safeguard large-scale events.

These preparatory steps are necessary given what's at stake. For instance, at the time of publication, cities across the United States, Canada, and Mexico are preparing to host millions of fans, players, and spectators for FIFA World Cup 2026. The United States alone is expecting 5-7 million international visitors. The scale of the tournament is unprecedented, prompting one of the largest commitments of safety resources ever made for a single event. As of this writing, over $1 billion in U.S. federal funding has been designated towards securing the tournament, including a grant program to support local security efforts and additional funding for counter-unmanned aircraft system needs.

Based on current intelligence, engagements with law enforcement and homeland security officials, and insight from related municipalities and FIFA World Cup 2026 Host Cities, the Center for Internet Security^® (CIS^®) recommends the following five mitigation measures as part of a comprehensive approach to secure your city ahead of hosting a large-scale event.

1. Ensure Multi-layered Security Planning at Venues

Due to their large, concentrated crowds and high-visibility, large-scale events face distinct security challenges. These challenges require venue-specific planning, redundancies in the event of disruptions, and preparation for threat actor use of emerging technologies.

• Conduct a venue-specific risk assessment using the Cybersecurity and Infrastructure Security Agency’s (CISA's) Security Planning Workbook addressing physical perimeters, crowd flow, and cyber-enabled systems (e.g., ticketing, scoreboards, broadcast infrastructure).
• Apply CISA's Venue Guide for Security Enhancements to assess and plan for dependency disruptions (e.g., power loss, network outages).
• Ensure all security personnel are trained on layered security protocols prior to the event.
• Establish a counter‑unmanned aircraft systems (UAS) capability to protect against drones used to conduct physical or cyber attacks or cause disruption. Learn more about the evolving UAS risks to large-scale events.

2. Strengthen Processes for Identifying and Reporting Suspicious Activity

To keep attendees safe and limit disruptions, we recommend event organizers, public safety officials, and other stakeholders prioritize their efforts to identify and report suspicious activity.

• Ensure suspicious activity reporting mechanisms (e.g., apps, hotlines, venue signage) align with the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) indicators and standards.
• Train venue staff, transportation personnel, and volunteers on the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and National Counterterrorism Center (NCTC) U.S. Violent Extremism Mobilization Indicators.

3. Establish an Integrated Cybersecurity Posture

A strong cybersecurity posture is integral to creating a safe, enjoyable experience for attendees, fans, entertainers, athletes, and all participants of a major event. Strong cybersecurity means a safer event and fewer disruptions. Event organizers and public safety officials should implement the steps below to mitigate against cyber attacks and other cyber risk.

• Implement the CIS Critical Security Controls^® (CIS Controls^®) to identify all critical tournament systems, assign ownership, and enforce baseline safeguards, such as multi-factor authentication (MFA), patching, and network segmentation.
  • Apply the CIS Benchmarks^® to all applicable systems on your network.
  • If you are an owner or operator of critical infrastructure, review the CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) Guide.
• Become a member of the Multi-State Information Sharing and Analysis Center^® (MS-ISAC^®) to receive threat intelligence specific to U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, including cyber and multidimensional threat reporting, along with 24x7x365 U.S.-based CIS Security Operations Center (SOC) support.
• Follow CIS’s Blueprint for Ransomware Defense and CISA's #StopRansomware guidance to establish offline backups, maintain incident response playbooks, and define cybersecurity requirements in vendor contracts.
• Subscribe to CISA's Cybersecurity Alerts and Advisories to monitor threat actor tactics, techniques, and procedures (TTPs) in the leadup to the tournament.
• Apply the MS-ISAC's Distributed Denial of Service (DDoS) mitigation guidance to protect public-facing systems (e.g., websites, ticketing, and fan engagement platforms), which are attractive disruption targets.

4. Detect and Counter Information Operations

Protecting against and responding to information operations are necessary components of any comprehensive large-scale event security posture. Information operations conducted by foreign state and non-state threat actors can incite, inform, or facilitate illegal activity, all of which have the potential to harm the security posture of a large-scale event. These efforts have become even more pressing with the widespread adoption of content that's generated and manipulated by artificial intelligence (AI).

• Review applicable joint NCTC, DHS, and FBI resources:
  • Violent Extremists’ Use of Generative Artificial Intelligence
  • Violent Extremist Mobilization Indicators and the Tech Sector
  • Tech Sector Outreach: Identifying Violent Extremist Indicators and Reporting Mechanisms for Online Service Providers
  • Emerging Technologies and Possible Malign Uses by Terrorists
  • Emerging Technologies May Heighten Terrorist Threats
• Train public affairs and communications teams to identify and respond to AI-generated or manipulated content using established detection indicators across image, audio, text, and video formats.
• Build a digitally literate workforce and implement rapid communications protocols to identify, attribute, and counter false or manipulated narratives before they spread widely.

5. Establish Unified Command, Communications, and Public Messaging

Clear, timely, and actionable communications are fundamental to executing a safe and secure large-scale event. It allows event organizations and public safety officials to communicate effectively with one another and the public, creating trust with attendees and minimizing the impact of potential security breaches.

• Develop and rehearse pre-scripted response protocols for active assailant/shooter, vehicle ramming, IED, and bomb threat scenarios, leveraging guidance from CISA. Conduct regular joint exercises across law enforcement, emergency management, venue security, and emergency medical services.
• Implement verification protocols to rapidly assess swatting calls and hoax threats, minimizing diversion of resources from legitimate incidents.
• Establish designated, authenticated communication channels (e.g., social media, mobile alerts, venue public address systems) that are pre-identified to the public as a trusted source during emergencies.

Receive Support Securing Your City's Large-Scale Event

Large-scale events require specialized planning and dedicated resources to support a safe, engaging, and welcoming experience for attendees, entertainers, athletes, and the public.

To execute a safe and secure large-scale event with minimal disruption, multiple stakeholders must work together to defend against the most pressing threats and mitigate ongoing cyber, physical, and information operation risks. Drawing on our cyber and multidimensional threat planning expertise, coupled with engagements with law enforcement, public safety officials, and large-scale event planners, these five steps provide a safety roadmap for securing your event.

Review our whitepapers, Transportation Infrastructure Sabotage as a World Cup 2026 Risk Multiplier and Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings, for additional threat information and risk planning recommendations.

For more information on our special events support, please reach out.