Skip to content
Menu
menu

LAS VEGAS, NEVADA - FEBRUARY 08: A video board displays logos for Super Bowl LVIII at Allegiant Stadium ahead of Super Bowl LVIII on 8 February 2024 in Las Vegas, Nevada. (Photo by Candice Ward/Getty Images)

CISA Releases New Guidance to Improve Venue Security and Safety

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released guidance on Tuesday to assist venue operators in their efforts to enhance safety, protect assets, and create secure environments.

“Venues have increasingly become targets, yet many lack the resources to secure their day-to-day operations and special events effectively,” said Dr. David Mussington, CISA’s executive assistant director for infrastructure security, in a statement. “In response, and in collaboration with industry experts and security professionals, our agency has developed this guide to empower venue operators with the tools needed to identify and manage risk effectively.”

The Venue Guide for Security Considerations includes voluntary guidance for venue owners and operators, such as actionable guidance and a tailored menu of security options which allows venues to “select the most suitable and effective measures for their venue’s budget, size, location, and risk factors.”

CISA said it worked with industry experts and security practitioners to craft the guidance but could not confirm with Security Management which groups were involved in the effort.

Within the guide, CISA recommends that venues conduct site-specific physical security assessments to identify and mitigate potential threats. Venue operators can then use the “Security Considerations Table” in the document, keeping in mind their venues’ complexity and budgetary constraints, to identify security measures to cover the gaps in established security strategies.

“These measures prevent unauthorized access to sensitive areas and enhance security within the venue,” the guide explains. “Overall, these security measures work in tandem to create a safe and secure space for venue activities.”

Security measures in the table are divided into the following categories:

  • Low: Measures that are easy to implement using readily available resources, including training existing staff, upgrading basic systems, or using easily accessible and affordable equipment.

  • Moderate: Measures that require resources not readily available but possibly accessible with increased effort, like hiring staff with unique expertise, acquiring new systems or technologies, investing in equipment upgrades, or allocating capital to support security initiatives.

  • High: Measures that require resources that will involve significant effort to obtain, such as hiring specialized security personnel or consultants, acquiring advanced security systems or equipment that exceeds the existing budget, extensive training, long-term construction projects, or allocating substantial capital to support security initiatives.

Brandon Allen, director of research at the National Center for Spectator Sports Safey and Security (NCS4), says the center supports the CISA document as a scalable guide for venues of all sizes.

“The Security Considerations Table allows venue directors to reflect on their venue risk assessment and strategically improve security gaps within their facility,” Allen says.

James DeMeo, founder, president, and CEO of Unified Sports and Entertainment Security Consulting LLC, says the new guide is a timely resource for today’s venue ownership entities that provides security leaders with tools to bolster their sports security playbooks.

“The guide covers such areas as risk assessment, a security consideration table—an excellent resource to support the overall learning process—along with a schematic breakdown of such key venue security considerations such as crowd management, traffic management, and emergency management,” DeMeo explains. “CISA continues to lead the way in providing timely educational resources to public/private stakeholders. Venue ownership groups would be hard pressed to not avail themselves of such a valuable resource to ensure duty of care responsibilities for safeguarding venues, fans, brand, and organizational assets.”

Security Analysis of the Guide

Mark Herrera, director of safety and security for the International Association of Venue Managers (IAVM), says that IAVM was not directly involved in drafting the guide from CISA but adds that it provides a “well-structured and practical framework for addressing the multifaceted security challenges venues face today.”

For Herrera, key takeaways from the guide include its emphasis on risk assessments.

“The guide’s focus on conducting tailored risk assessments resonates strongly with IAVM’s approach to proactive security,” Herrera says. “This ensures venues can identify vulnerabilities and implement strategies that are not only effective but also cost-efficient and scalable to their unique operations.”

He also highlighted the guide’s emphasis on layered security measures, including both low-cost and high-complexity security options that provide venues of all sizes the ability to enhance their security posture incrementally.

“Measures such as perimeter security, crowd management, and access control are critical in mitigating risks across a range of potential threats,” Herrera adds.

Additionally, the guide focuses on training and exercises as an essential element of preparedness. Herrera says these activities not only refine response strategies, but also build staff confidence, which is a priority for IAVM’s safety initiatives.

“For me, the top priority is fostering collaboration among venue operators, local law enforcement, and federal agencies like CISA to ensure the guidance is applied effectively,” Herrera adds. “Coordination ensures that venues can access expertise, resources, and the latest intelligence to adapt to evolving threats.

“I also appreciate the guide’s acknowledgment of financial and operational constraints, providing venues with flexible options aligned with their capacity and goals,” he continues. “This approach supports our mission to enhance safety across all venue types without imposing undue burdens.”

For security managers reviewing the CISA guide, Herrera suggests using the guide as a benchmarking tool and a roadmap for continuous improvement.

“By framing security initiatives as strategic investments that protect people and the organization’s bottom line, leadership is more likely to see them as essential rather than optional,” he adds. “The goal is to position these measures not as expenses but as critical safeguards that enable long-term success.”

The Wider View

There have been numerous physical security incidents at venues and stadiums in recent years. One pivotal incident, however, that changed the threat landscape and how operators consider security measures is the 2017 Las Vegas Route 91 Harvest Festival Shooting, Herrera says.

“This tragedy profoundly impacted how venues approach security, particularly in outdoor vents and spaces with high visibility and accessibility,” he adds.

Some of the lessons learned from this major incident include an emphasis on perimeter security. The Las Vegas attack highlighted the vulnerabilities in open-air venues and emphasized the need for layered security measures.

“Venues now focus more on securing areas beyond traditional perimeters, such as parking lots, hotels, and other adjacent spaces that could be exploited for line-of-sight attacks,” Herrera says.

Additionally, the incident enhanced the use of surveillance and technology—accelerating the adoption of real-time surveillance technologies, such as drones, artificial intelligence analytics, and geofencing, to monitor broader areas and detect potential threats proactively.

The Vegas attack also changed collaboration between stakeholders.

“Collaboration between venues, law enforcement, and private security firms has become a cornerstone of risk mitigation,” Herrera says. “Regular joint drills, scenario planning, and intelligence sharing are now prioritized to prepare for complex threats.”

Herrera adds that the aftermath of the shooting also underscored the need for advanced training in behavioral profiling to identify unusual or pre-attack behaviors, as well as the need to identify individuals who may pose a risk and provide pathways for intervention.

“While devastating, the lessons learned from such incidents have driven innovation and collaboration across the industry,” Herrera says.

For more insights on stadium and venue security, check out our Sports Security Security Technology issue. 

 

arrow_upward