Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings Companion Guide

Unmanned Aircraft Systems (UAS), or drones, should be treated not only as potential physical security threats but also as mobile cyber-access platforms, which can be exploited by threat actors targeting large-scale events. By providing an aerial vantage point, drones can bypass fences, gates, guards, access-control points, and other ground-based security measures to position cyber tools near wireless networks, rooftop equipment, upper-floor offices, stadium operations centers, broadcast infrastructure, or other sensitive systems. The Center for Internet Security^® (CIS^®) whitepaper Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings identifies cyber-enabled UAS operations as a distinct threat vector, noting that drones can carry Wi-Fi exploitation tools, radio-frequency (RF) jamming equipment, and rogue access points near protected infrastructure, bypassing the physical separation that many cybersecurity architectures assume.

This supplemental whitepaper further examines drones as potential platforms for proximity-based cyber intrusion, electronic disruption, and data collection. It also identifies associated vulnerabilities and layered mitigation considerations for security planners, especially those focused on large-scale gatherings and special events. Addressing these risks also requires a collective defense approach in which government, law enforcement, emergency management agencies, private sector operators, and venue stakeholders share information, align capabilities, and coordinate response to detect and mitigate UAS-enabled cyber threats.