Digital Warfare Hits Delhi Airport: GPS Spoofing Disrupts 800+ Flights as NSA Office Launches Investigation

India's busiest airport becomes latest target in escalating cyber threat to civil aviation

In an unprecedented cybersecurity incident that sent shockwaves through India's aviation sector, Delhi's Indira Gandhi International Airport experienced severe GPS spoofing attacks over seven consecutive days in early November 2025, disrupting more than 800 flight operations and forcing India's National Security Advisor office to launch a formal investigation.

The incident, which aviation experts are calling a watershed moment for civil aviation cybersecurity, saw aircraft navigation systems fed false satellite data beginning approximately 60 nautical miles from the airport, creating chaos in one of Asia's busiest airspaces and raising urgent questions about the vulnerability of critical transportation infrastructure to electronic warfare techniques.

The Attack Unfolds

Between November 1 and November 7, 2025, pilots approaching Delhi reported increasingly severe navigation anomalies. Aircraft systems displayed incorrect terrain warnings, false positional data, and misleading altitude information—all hallmarks of GPS spoofing, a sophisticated cyber attack technique that broadcasts counterfeit satellite signals to override legitimate GPS transmissions.

The disruption peaked on November 5-7, when the navigation integrity of Delhi's airspace deteriorated catastrophically. The Navigation Integrity Category value, which measures GPS accuracy and normally sits at 8, plummeted to zero—a reading aviation experts describe as "highly unusual" and potentially catastrophic for aircraft safety.

During Tuesday night alone, at least seven flights were diverted to alternative airports in Jaipur and Lucknow. Flight tracking data from Flightradar24 showed Delhi experiencing the second-highest air traffic disruptions globally that evening, with pilots forced to rely on manual air traffic control guidance through some of the most congested airspace in the world.

"We were getting readings that suggested we were in a completely different location," one pilot reported. "The system was telling us we were heading in the wrong direction. Manual navigation in that environment is extremely challenging and risky."

National Security Response

The severity and sophistication of the attack prompted immediate action from India's highest security apparatus. The office of National Security Advisor Ajit Doval has launched a comprehensive investigation led by National Cyber Security Coordinator Naveen Kumar Singh, who was appointed to the position in August 2025.

The National Cyber Security Coordinator operates under the National Security Council Secretariat and coordinates with multiple agencies including the Indian Computer Emergency Response Team and the Ministry of Electronics and Information Technology to address cyber threats with national security implications.

The investigation is examining whether the interference was accidental, resulted from technical malfunction, or represents deliberate hostile action—possibly linked to electronic warfare testing or state-sponsored cyber operations. Given Delhi's proximity to sensitive military installations and strategic assets, experts warn that GPS manipulation in the National Capital Region poses extraordinary national security risks.

"If spoofing continues unchecked, it can compromise both aviation safety and the integrity of civilian navigation systems," warned a former Ministry of Civil Aviation official. "These are not merely technical glitches; they are acts of warfare, executed with silent precision that can cripple economies and undermine sovereignty without a single shot being fired."

A Perfect Storm of Vulnerabilities

The timing of the attack exposed a critical vulnerability in Delhi's aviation infrastructure. The airport's main runway 10/28 had its Instrument Landing System (ILS) temporarily withdrawn for upgrades to Category III standards—improvements designed to enable landings in dense winter fog conditions expected in coming months.

Without the ground-based ILS, arriving aircraft became entirely dependent on satellite-based Required Navigation Performance (RNP) systems—precisely the systems targeted by GPS spoofing. This created a perfect storm: maximum dependence on GPS technology coinciding with sustained spoofing attacks.

Delhi International Airport Limited is racing to deploy the upgraded ILS by November 27, 2025, while working to re-enable traditional ground-based navigation systems as backup. The incident has accelerated calls for multi-layered navigation frameworks that can detect anomalies in real-time and reduce sole reliance on any single system.

The Broader Threat Landscape

The Delhi incident is far from isolated. Indian authorities revealed in March 2025 that between November 2023 and February 2025, there were 465 documented GPS interference and spoofing incidents in India's border regions, primarily along the India-Pakistan frontier in areas including Amritsar and Jammu.

Globally, the threat is escalating at an alarming rate. The International Air Transport Association reported that GPS signal loss and spoofing cases increased by 220% between 2021 and 2024, with hotspots concentrated in Eastern Europe, the Middle East, and South Asia. In 2024 alone, approximately 430,000 GPS jamming and spoofing incidents were recorded worldwide—a 62% increase from 2023.

Recent high-profile incidents include:

• December 2024: An Azerbaijan Airlines crash in Kazakhstan that killed 38 people, believed linked to Russian GPS interference systems
• March 2025: Indian Air Force transport aircraft delivering earthquake relief to Myanmar encountered Chinese-backed GPS spoofing
• Ongoing: Daily GPS spoofing affecting approximately 10% of flights in the Delhi Flight Information Region throughout 2024-2025

The International Civil Aviation Organization officially designated GNSS interference as a "significant cyber risk" at its 14th Air Navigation Conference in 2024, recognizing the threat as a critical aviation safety hazard requiring international cooperation.

Technical Analysis: How GPS Spoofing Works

Unlike GPS jamming, which simply blocks satellite signals, spoofing is far more insidious. Attackers broadcast fake satellite signals that mimic legitimate GPS transmissions, causing receivers to calculate incorrect positions, velocities, or times. Because the false signals appear authentic, spoofing can be significantly harder to detect than jamming.

The technology required for GPS spoofing has become alarmingly accessible. Using commercially available software-defined radios (SDRs) and GPS simulators, relatively unsophisticated actors can generate spoofing signals. As detailed in privacy analyses of location tracking, GPS signals are relatively weak by design, making them easy to overpower with stronger ground-based signals—a vulnerability that extends from smartphones to commercial aircraft.

These devices can be:

• Portable and easily concealed
• Operated remotely
• Deployed from ground vehicles or fixed positions
• Coordinated across multiple locations for wider impact

In conflict zones and contested border regions, GPS spoofing has become a standard tool of electronic warfare, used by state actors to protect military assets, disrupt adversary operations, and create strategic confusion without kinetic engagement.

India's Response and Path Forward

The Directorate General of Civil Aviation (DGCA) has issued urgent advisories to airlines and pilots, mandating the use of alternative navigation systems and heightened vigilance. The agency is requiring airlines to submit bimonthly reports on spoofing incidents and has initiated comprehensive data collection from air traffic controllers.

Aircraft already possess some built-in redundancies to counter GPS interference. Inertial Reference Systems can track aircraft movement independently of satellite signals, while legacy navigation technologies like VOR/DME (VHF Omnidirectional Range/Distance Measuring Equipment) provide ground-based position verification.

However, these systems alone are insufficient against sophisticated, sustained spoofing campaigns. Experts are calling for a multi-pronged defensive strategy:

1. NavIC Integration

India possesses its own indigenous satellite navigation system—NavIC (Navigation with Indian Constellation), developed by ISRO. Unlike GPS, which is controlled by the United States, NavIC offers regional coverage with dual-frequency signals (L5 and S-band) and authentication features specifically designed to resist spoofing and jamming.

Fast-tracking NavIC adoption across India's aviation sector would provide independent positioning capabilities and reduce vulnerability to GPS-targeted attacks. The system's authentication protocols make it significantly more difficult for adversaries to inject false signals.

2. Multi-Constellation Navigation

Modern aircraft can integrate data from multiple satellite systems including GPS, NavIC, Galileo (European), and GLONASS (Russian). By cross-referencing position data from multiple constellations, aircraft systems can identify inconsistencies that indicate spoofing attempts.

3. Signal Authentication and Encryption

Next-generation navigation signals with encrypted authentication codes prevent spoofing by ensuring receivers can verify the legitimacy of satellite transmissions. Deploying receivers capable of processing authenticated signals would dramatically raise the bar for successful attacks.

4. Real-Time Monitoring Networks

Establishing GPS interference detection systems near airports and critical infrastructure enables rapid identification of spoofing events and allows authorities to implement countermeasures before safety is compromised.

5. Enhanced Training and Protocols

Pilots and air traffic controllers require comprehensive training on recognizing spoofing indicators and executing manual navigation procedures when satellite systems become unreliable.

The Cybersecurity Implications

For cybersecurity professionals, the Delhi incident illuminates several critical lessons about infrastructure resilience and threat evolution:

Critical Infrastructure Convergence: The attack demonstrates how cyber capabilities can directly impact physical transportation systems. As explored in our analysis of smart airport vulnerabilities, traditional air-gapped safety systems are vulnerable when they depend on external positioning signals.

State-Level Capabilities Proliferating: GPS spoofing technology, once the exclusive domain of major military powers, is now accessible to a broader range of actors. This democratization of electronic warfare tools creates unpredictable threat vectors.

Supply Chain and Dependency Risks: Over-reliance on foreign-controlled systems (like GPS) creates strategic vulnerabilities. Nations must develop and integrate indigenous alternatives for critical functions. As examined in analyses of GPS dependencies in critical infrastructure like agriculture, even sectors far removed from aviation face similar navigation system vulnerabilities that can cascade across entire economies.

Gray Zone Warfare: GPS spoofing exemplifies gray zone tactics—operations that create disruption and strategic advantage while remaining below the threshold of conventional armed conflict. Attribution is difficult, response options are limited, and the attacks can be sustained over long periods.

Resilience Through Redundancy: The incident underscores the necessity of maintaining diverse, independent systems for critical functions. Complete digitization without legacy backup capabilities creates single points of failure.

The US Aviation Crisis: Could GPS Spoofing Be a Hidden Factor?

While India grapples with confirmed GPS spoofing attacks, the United States faces its own mounting aviation crisis—one that has primarily been attributed to severe air traffic controller shortages, but which may have more sinister digital components lurking beneath the surface.

In January 2025, 67 people died when an American Airlines jet collided midair with an Army helicopter near Reagan National Airport. This tragedy followed a concerning pattern: the first two months of 2023 saw seven runway incursions of US commercial aircraft—the highest rate in five years. By August 2023, The New York Times documented 46 close calls involving commercial airliners in just one month.

In March 2025, military jets came within seconds of colliding with a Delta Air Lines flight near Reagan National Airport when air traffic controllers failed to hold departing flights during an Arlington Cemetery flyover. The military jets came less than 3,900 feet laterally and 100 feet vertically from the Delta Airbus A319.

The official narrative centers on a systemic air traffic controller crisis. The FAA employs approximately 13,800 controllers but is more than 3,000 short of full staffing levels. The shortage has become so acute that Transportation Secretary Sean Duffy announced bonuses for retirement-eligible controllers and expedited hiring from military ranks in May 2025.

During the November 2025 government shutdown, the crisis intensified dramatically. On November 9, 2025, 1,623 of 25,735 scheduled US flights were canceled—6.3% of the day's schedule. President Trump threatened to dock controllers' pay while simultaneously promising $10,000 bonuses for those who continued working.

But here's the question aviation security experts are beginning to ask: Are we missing something?

The GPS Spoofing Blind Spot

In September 2025, a coalition of 14 industry groups—including Airlines for America, the Air Line Pilots Association, and the US Chamber of Commerce—sent an urgent letter to the Department of Transportation and Department of Defense warning that GPS interference poses "a growing threat to aviation and maritime safety and commerce." Analysts estimate more than 700 jamming or spoofing incidents occur worldwide each day.

Previously undisclosed Federal Aviation Administration data for 2017 and 2018 revealed hundreds of aircraft losing GPS reception near military tests. On a single day in March 2018, 21 aircraft reported GPS problems near Los Angeles, including a medevac helicopter and a dozen commercial passenger jets. Five aircraft reported making unexpected turns or navigating off course.

Critically, aircraft that have had to turn off GPS-dependent functions in interference zones often cannot reset them after leaving affected areas. This means US-bound flights that have passed through GPS trouble spots may approach the United States with inaccurate position data.

The Convergence of Crises

The US aviation sector faces a perfect storm: overworked controllers operating with critically outdated infrastructure, GPS interference both from domestic military testing and foreign adversaries, and an industry-wide cybersecurity crisis that has seen a 600% increase in attacks from 2024 to 2025.

InvestigateTV investigations uncovered at least 135 accidents or incidents since 2010 where air traffic controllers were listed as a cause or contributing factor. In 42 events, there was at least one fatality.

Could some of these incidents—particularly those involving aircraft unexpectedly going off course, experiencing navigation anomalies, or receiving false terrain warnings—have GPS spoofing components that investigators haven't fully explored?

At Reagan National Airport alone, at least two pilots reported near-misses with helicopters while landing in the three years before the fatal January 2025 collision. There have been 23 near midair collisions between passenger planes and helicopters at the airport since 1988, with 10 occurring in the past 12 years.

The concentration of incidents at specific airports, particularly those near military installations and in complex airspace like Washington DC, raises questions about whether electromagnetic interference—whether from defensive systems, testing, or adversary action—plays a larger role than currently acknowledged.

What Makes This Particularly Concerning

GPS spoofing is insidious because it's nearly impossible to distinguish from human error or system malfunction without detailed forensic analysis. When a plane deviates from its flight path, investigators typically look at:

• Pilot error
• Air traffic control communication failures
• Weather conditions
• Mechanical issues
• Controller fatigue and understaffing

GPS spoofing rarely makes the initial investigation checklist. Yet as the Delhi incident demonstrates, sophisticated spoofing attacks can:

• Cause aircraft to believe they're in completely different locations
• Trigger false terrain warnings
• Disable backup navigation systems that rely on GPS updates
• Create cascading failures across multiple aircraft simultaneously
• Persist for days or weeks undetected

The U.S. military routinely conducts GPS jamming tests in the Southwest that regularly cause civil aviation GPS disruptions, documented via FAA NOTAMs. Research at the University of Texas proved that commercial UAVs could be hijacked with tailored spoofing attacks.

FAA Administrator Bryan Bedford told the Senate Commerce Committee in June 2025 that the National Airspace System "needs massive upgrading." A Government Accountability Office review found that DOT lacks a fully documented process for identifying and responding to GPS interference—a gap that becomes more alarming when viewed alongside India's recent experience and the global surge in GPS attacks.

While US officials focus on hiring more controllers and offering retention bonuses, the Delhi incident suggests they may be treating symptoms while missing a critical underlying condition. The convergence of controller shortages, aging infrastructure, and GPS vulnerability creates a threat matrix where human error, system failures, and digital attacks become nearly indistinguishable from one another.

A Wake-Up Call for Global Aviation

Both India and the United States face aviation crises rooted in the same fundamental challenge: critical infrastructure built on assumptions of signal integrity and system reliability that no longer hold in an era of sophisticated electronic warfare and ubiquitous cyber threats.

India's transparent acknowledgment of GPS spoofing and swift action by the National Security Advisor's office provides a model for addressing these threats directly. The United States, meanwhile, continues to frame its aviation crisis primarily through the lens of staffing shortages—a narrative that, while accurate, may be dangerously incomplete.

As a Parliamentary Standing Committee on Transport warned in August 2025, comprehensive modernization to address cybersecurity vulnerabilities has become urgent. The Delhi investigation will determine whether the city experienced a coordinated cyber attack, spillover from military electronic warfare operations, or catastrophic technical failure. The US aviation community must ask similar questions about its own mounting incidents.

The investigation by India's National Security Advisor's office will be closely watched by aviation authorities worldwide. As nations grapple with GPS spoofing implications, the Delhi and US experiences serve as critical case studies in infrastructure vulnerability, incident response, and the urgent need for resilient, multi-layered defense architectures.

In an interconnected global aviation system where a single compromised technology provider can disrupt airports across continents and supply chain attacks cascade across borders, the distinction between physical security and cybersecurity has ceased to exist. The skies are no longer safe through controllers and radar alone—they require a comprehensive digital defense posture that treats GPS spoofing, cyber attacks, and electronic warfare as core aviation safety concerns, not peripheral IT issues.

The question is no longer whether GPS spoofing will affect US aviation at scale. Based on global trends and the warnings from industry coalitions, it's when—and whether we'll recognize it for what it is when it happens.

The investigation into the Delhi airport GPS spoofing incident remains ongoing. This article will be updated as new information becomes available from official sources.

About CISO Marketplace

CISO Marketplace provides cybersecurity consulting, offensive security assessments, and incident response services to organizations worldwide. For inquiries about GPS spoofing risks, critical infrastructure security, or incident response planning, visit cisomarketplace.com or contact our team at quantumsecurity.ai.