Civil aviation is facing a new threat that has so far received little attention but could have potentially devastating consequences for aircraft safety. The U.S. Federal Cybersecurity Agency (CISA) has warned of vulnerabilities in the Traffic Collision Avoidance System (TCAS).
One such incident occurred on March 1, 2025, in the airspace surrounding Ronald Reagan Airport in Washington, D.C. Several pilots were misled by false alerts from the system, which incorrectly reported a collision course with other aircraft. These disruptions, known in technical jargon as "TCAS false alerts," raise questions about the possibility of external interference with the system by hackers or other unauthorized actors.
In its January 2025 analysis, CISA first highlighted the possibility that manipulated GPS data could be interpreted by TCAS as actual traffic data. In the worst case, the system could indicate a nonexistent aircraft, leading pilots to perform dangerous evasive maneuvers—a scenario known in aviation as "shadow veering." Particularly concerning is that older TCAS systems could be particularly vulnerable to such manipulation, as their sensitivity is relatively easily compromised from outside. This article examines the risks associated with this new aviation security vulnerability and the potential consequences for the aviation industry.
False alarms in the airspace around Washington DC
The incident, which occurred on March 1, 2025, took place in a corridor of airspace surrounding Ronald Reagan Airport in Washington, D.C., a heavily used region of U.S. airspace. On that day, several aircraft were crossing the airspace when the TCAS (Combat Collision Avoidance System) triggered false alarms in several cockpits. The systems reported a perceived threat from other aircraft that did not exist. What was particularly noteworthy about this incident was that the false alarms persisted for an extended period of time. "This has been going on all morning," explained an air traffic control employee in response to a query from a crew that had previously received a TCAS avoidance order.
This incident not only alarmed pilots and air traffic controllers, but also prompted the U.S. Federal Aviation Administration (FAA) to take action. The FAA has announced that it will address the issue of TCAS false alarms and investigate possible technical malfunctions. However, experts have raised the question of whether external manipulation of the systems by unauthorized third parties should be considered. The suspected possibility that hackers could interfere with the system from the ground and put it into a false alert poses a serious security risk that could have far-reaching consequences for the aviation industry.
Manipulated GPS data as a new threat to aviation
The security document published by CISA in January 2025 sheds light on this new threat to aviation. The analysis indicates that hackers could feed manipulated GPS data into the TCAS system as genuine traffic data. The collision warning system would then interpret this fake data as real flights. This would lead to the false display of a nonexistent aircraft on the TCAS display. In this case, pilots would be forced to swerve and maneuver to avoid a perceived collision that would never occur. Such false alarms can have fatal consequences in busy airspace like that around Washington, D.C., especially when multiple flights are affected simultaneously.
This threat particularly affects older TCAS systems, which are still installed in many aircraft around the world. These older systems are more vulnerable to tampering because their security measures are less robust than those of more modern devices. Hackers could relatively easily access the sensor data and alter its sensitivity so that the system reacts to nonexistent aircraft. For pilots, this would mean maneuvering in a situation that has no basis in reality. It is well known that such false alarms can not only lead to dangerous evasive maneuvers but also undermine confidence in the reliability of collision warning systems.
Cybersecurity risks for the aviation industry
The discovery of these vulnerabilities sheds new light on cybersecurity in civil aviation. While in the past, hacker attacks on airlines' and airports' computer systems have been the focus of particular attention, this incident demonstrates the importance of also reviewing security vulnerabilities in the systems onboard aircraft. The TCAS (Combat Collision Avoidance System), which plays a key role in preventing collisions in airspace, could become a target for targeted attacks. Introducing false traffic data into the system would not only jeopardize aircraft safety but also undermine confidence in the entire aviation industry.
The incident has also brought the issue of aircraft system safety certification back onto the agenda. Experts are calling for regular review and updating of safety protocols to prevent such tampering. Air traffic control and pilots must also be prepared for this new threat. It is essential that they respond appropriately to false alarms and TCAS system malfunctions and recognize when a threat is real and when it is merely a false signal.
Reactions and measures of the aviation authorities
The US aviation authorities have already initiated initial measures following the incident on March 1, 2025. The FAA has announced that it will conduct an investigation into the incident and examine possible technical defects in the TCAS system.
However, it is expected that other authorities around the world will also become aware of this security gap and review their own systems for similar vulnerabilities. Furthermore, new guidelines and standards for cybersecurity in the aviation industry could be developed to counteract the risks posed by hacker attacks and compromised systems.