ILS and Navigation Aid Cybersecurity: Protecting Critical Ground Systems

Quick Answer

Instrument Landing Systems (ILS) and navigation aids are increasingly vulnerable to cyber threats due to remote monitoring capabilities, legacy Windows XP systems, default passwords, and network connectivity that was never designed with security in mind. These systems provide critical guidance for aircraft during low-visibility landings, making them safety-critical infrastructure. While TSA cybersecurity requirements implicitly include navigation aids under "critical systems," the FAA is developing specific rulemaking that will likely impact funding and compliance requirements. Protection requires applying fundamental network security principles to operational technology environments, addressing physical security at remote sites, implementing proper access controls, and navigating the complex challenge of patching safety-critical systems that require SMS processes for changes.

Why Navigation Aid Cybersecurity Matters Now

For decades, ILS and navigation aids or navaids operated in relative isolation. Localizers, Glide Slopes, VORs, and DMEs sat in equipment shelters at remote locations, accessible only to authorized FAA technicians and non-federal airport maintenance staff. Security meant a padlock on the door.

That world no longer exists.

Today's navigation aids are becoming more networked. They're monitored remotely from airport towers, TRACONs, and maintenance facilities. Status data flows across IP networks. Remote access allows technicians to troubleshoot issues remotely, eliminating the need to travel to the site. This connectivity allows for operational efficiency—and creates cyber vulnerabilities that didn't exist in the analog era.

The stakes are uniquely high: Navigation aids provide critical guidance for aircraft operations. An ILS malfunction during low-visibility conditions isn't an inconvenience; it's a safety issue. A compromised system that provides false guidance or is taken offline by a cyberattack directly impacts flight operations and safety.

Yet, these systems operate in a challenging security environment: legacy equipment that predates modern cybersecurity concepts, 24/7 operational requirements that make updates difficult, physical locations that are often remote and difficult to secure, and regulatory frameworks that are still catching up to cyber realities.

Understanding the ILS and NAVAID Environment

What We're Protecting

Before addressing cybersecurity, let's establish what navigation aid systems actually include from a cyber perspective:

Transmitting Equipment:

• ILS localizer and glide slope transmitters

• VOR (VHF Omnidirectional Range) stations

• DME (Distance Measuring Equipment)

• Marker beacons

• GPS reference stations

Monitoring and Control Systems:

• Remote monitoring equipment (RMM)

• Status display panels in towers and facilities

• Maintenance interfaces and diagnostic systems

• Performance monitoring computers

• Alarm and notification systems

Supporting Infrastructure:

• Network connectivity (IP-based, cellular, microwave links)

• Power management and UPS systems

• Environmental monitoring (temperature, intrusion detection)

• Backup and redundancy systems

The Critical Point: While the transmitters themselves are typically standalone and hardened, the monitoring and control infrastructure is where cyber vulnerabilities concentrate. This is the attack surface.

How Navigation Aids Connect to Networks

Modern navigation aid monitoring follows several common patterns:

Tower-Based Monitoring: Most airports display ILS and navigation aid status in the control tower. Controllers must verify that systems are operating normally, especially during low-visibility operations. This requires network connectivity between remote equipment sites and the tower.

Remote Facility Monitoring: TRACONs, ARTCCs, and maintenance facilities often remotely monitor navigation aids. Technicians can view status, acknowledge alarms, and sometimes access diagnostic information without physically visiting the site.

Maintenance Access: Technicians require remote access for troubleshooting, software updates, and configuration changes. This access may be through dedicated connections, VPNs, or, in some cases, direct network paths.

The Problem: These necessary connections create pathways. A compromised tower network could provide access to navigation aid monitoring systems. Weak authentication on remote access could allow unauthorized control. Network segmentation failures could expose safety-critical systems to attacks originating in administrative networks.

Real-World Vulnerabilities in Navigation Aid Systems

Based on nearly three decades working with ILS and navigation aid systems across the FAA, here are the vulnerabilities I've observed—not theoretical risks, but actual conditions that exist today.

Legacy Operating Systems

The Reality: Navigation aid monitoring systems often run on Windows XP, Windows 7, or other operating systems that no longer receive security updates. I've personally worked with monitoring computers that are 15-20 years old, still running because "if it ain't broke, don't fix it."

Why This Happens:

• Equipment was installed when these operating systems were current

• Replacing systems requires capital funding and complex procurement

• Fear of breaking operational systems discourages upgrades

• Vendor support may not exist for newer operating systems

• Certification and testing requirements make changes expensive

The Risk: These systems have known, publicly documented vulnerabilities that attackers can exploit. No patches are coming. The vulnerabilities aren't going away.

What This Means: If these systems are network-connected, they're exploitable. Period.

Default and Weak Passwords

The Reality: Default passwords are disturbingly common on navigation aid monitoring equipment. In many cases, passwords haven't been changed since installation. Sometimes they're documented in manuals that are easily obtained. Sometimes they're just "admin/admin" or "password" or some other easy login.

Why This Happens:

• Installation technicians use defaults and never change them

• Password management procedures don't exist or aren't followed

• Operational pressure discourages "unnecessary" security steps

• Multiple contractors and maintenance personnel need access

• No central credential management system

The Risk: Anyone who obtains or guesses these credentials can access monitoring systems. This includes disgruntled employees, contractors with questionable backgrounds, or external attackers who've gained initial network access.

Real Scenario: I've seen situations where contractors working on unrelated projects at airports gained access to FAA facilities—not through sophisticated hacking, but simply by walking into unlocked equipment rooms. If those same individuals had malicious intent instead of just being careless, the consequences could be severe.

Physical Security at Remote Sites

The Challenge: Navigation aids often sit in remote locations—the approach end of runways, hilltops for VOR stations, or isolated parcels of airport property. Physical security at these sites varies dramatically.

What I've Observed:

• Equipment shelters left unlocked

• Gates that are left open or easily bypassed

• No cameras or intrusion detection

• Minimal lighting

• Infrequent inspections

• Multiple contractors with keys or access codes

The Cyber Connection: Physical access to navigation aid equipment means cyber access. An attacker who can physically reach monitoring computers, network equipment, or control systems can:

• Connect to networks directly

• Install malicious devices

• Steal credentials stored locally

• Modify configurations

• Plant malware on USB ports

• Bypass network security entirely

This isn't theoretical. I've personally responded to situations where unauthorized individuals accessed FAA facilities external to airports. They caused operational issues—not through intentional attack, but through carelessness or curiosity. Now imagine if those individuals were actual threat actors with malicious intent and technical capabilities.

Network Architecture Vulnerabilities

Common Problem #1: Flat Network Navigation Aid Monitoring Systems Often Exist on the Same Network as Airport Administrative Systems, Terminal Computers, and Even Public WiFi in Some Cases. No segmentation means a compromised laptop in the administrative office can potentially access ILS monitoring systems.

Common Problem #2: Remote Access Without Strong Authentication. Technicians require remote access for troubleshooting and maintenance purposes. But remote access that relies solely on passwords (especially default passwords) creates vulnerability. If that access isn't properly secured—with multi-factor authentication, session logging, and time-limited credentials—it's an entry point.

Common Problem #3: "It Needs to Work" Trumps "It Needs to Be Secure." Here's a reality from the field: when network connectivity issues arise, the pressure to restore service often overrides security concerns. I've heard this many times: "This IP connection needs to be done now—we'll secure it later." Except "later" rarely comes, and the insecure configuration becomes permanent.

Cybersecurity is challenging. Collaborating with cybersecurity offices can be cumbersome. There are forms, approvals, risk assessments, and delays. When operations are impacted, the temptation to bypass security processes is strong.

But this is precisely when security matters most.

The Threat Scenarios

Let's be clear about what we're defending against, without providing a roadmap for attackers to follow.

Unauthorized Access to Monitoring Systems

The Scenario: An attacker gains access to ILS or navigation aid monitoring systems through compromised credentials, network exploitation, or physical access.

What They Could See:

• Real-time system status and performance data

• Configuration details and network topology

• Alarm thresholds and maintenance schedules

• Historical performance logs

• System vulnerabilities and weak points

Why This Matters: Even read-only access provides reconnaissance. An attacker learns how systems work, when they're serviced, and where vulnerabilities exist. This intelligence supports future attacks.

False Status Information

The Scenario: An attacker modifies monitoring data to show a false status, indicating that systems are operational when they're not, or creates false alarms.

Operational Impact:

• Controllers may clear aircraft for ILS approaches when the system is actually degraded.

• Maintenance personnel respond to false alarms, wasting resources and creating confusion.

• Actual system failures might be dismissed as "another false alarm."

• Trust in monitoring systems erodes

Safety Implication: If controllers believe an ILS is operational based on displayed status, but the actual system is malfunctioning, aircraft could receive incorrect guidance during critical landing phases.

Denial of Service

The Scenario: An attacker disrupts monitoring systems, rendering them unable to display status or triggering system shutdowns.

Operational Impact:

• Airport loses ability to monitor navigation aid performance

• Controllers cannot confirm ILS availability for low-visibility operations; the airport may need to suspend operations or revert to higher minimums

• Maintenance personnel cannot diagnose actual equipment problems

The Complication: Even if the navigation aids themselves continue transmitting correctly, loss of monitoring capability means controllers can't verify system status. In low-visibility conditions, this may force operational restrictions.

Configuration Changes

Worst-Case Scenario: An attacker with sufficient access modifies system configurations, calibration parameters, or operational settings.

Why This is Particularly Dangerous: Navigation aids are precision systems. Minor configuration changes may result in incorrect guidance, even though systems appear to operate normally. This is far more dangerous than an apparent system failure.

Important Note: I will not detail specific methods or vulnerabilities that would enable such attacks. The key is to recognize that the risk exists and requires appropriate security controls.

Applying Network Security Principles to ILS and Navigation Aids

Here's the practical guidance for engineers, technicians, and airport operators responsible for these systems.

Principle 1: Don't Become Complacent

After decades of operating navigation aids without significant security incidents, complacency is a natural consequence. "We've always done it this way" and "Nobody's going to attack our VOR" are common attitudes.

This complacency is dangerous.

The Reality Check: Cyberattacks on critical infrastructure are on the rise. Aviation is a high-profile target. Navigation aids are vulnerable legacy systems. The threat is real, even if your specific facility hasn't experienced an attack yet.

The Mindset Shift: Treat cybersecurity for navigation aids with the same seriousness you treat physical security, safety management, and regulatory compliance. It's not optional, and "we haven't been attacked yet" isn't a security strategy.

Principle 2: Network Segmentation is Non-Negotiable

Navigation aid monitoring systems should be isolated from general-purpose networks.

Minimum Requirements:

• Separate a VLAN or a physical network for operational technology

• Firewall between the OT network and the corporate IT network

• No direct paths from the internet to navigation aid monitoring

• Controlled access points with logging and monitoring

Ideal Architecture:

• Dedicated OT network for all safety-critical systems

• Jump boxes or bastion hosts for any necessary IT-to-OT communication

• Read-only data replication to the IT network (monitoring data flows in one direction)

• All configuration and control access originates within the OT network only

The "Air Gap" Question: True air gaps (complete physical separation from networks) are ideal, but often impractical due to operational monitoring requirements. If remote monitoring is necessary, implement compensating controls: strong authentication, encrypted connections, session logging, intrusion detection, and regular security audits.

Principle 3: Eliminate Default Credentials Immediately

This should be a day-one activity for any navigation aid installation or upgrade, but it's often overlooked.

Required Actions:

• Change all default passwords on monitoring equipment, network devices, and control systems to ensure security.

• Use strong, unique passwords (not "Airport123" or "ILS2024")

• Implement a password management system (don't write passwords on equipment or in desk drawers)

• Document credential changes in secure locations

• Establish procedures for rotating passwords periodically

For Contractors and Vendors: Include credential management in contracts. Require vendors to use unique credentials, not shared defaults. Revoke vendor access when projects are complete.

Principle 4: Implement Strong Authentication for Remote Access

Any remote access to navigation aid systems must use multi-factor authentication. No exceptions.

What This Means:

• Something you know (password) + something you have (token, certificate, mobile device)

• VPN connections with certificate-based authentication

• Time-limited access credentials (not permanent remote access)

• Session logging and monitoring

• Regular review of who has remote access and why

The Operational Reality: Yes, MFA adds an extra step. Yes, it slows down emergency troubleshooting slightly. But the security benefit far outweighs the minor inconvenience. A compromised password leading to unauthorized navigation aid access is far more disruptive than the extra 30 seconds MFA requires.

Principle 5: Address Physical Security at Remote Sites

Cybersecurity and physical security are closely connected, particularly for equipment located in remote areas.

Minimum Physical Security Controls:

• Quality locks on all equipment shelters and cabinets

• Intrusion detection (alarms, sensors, cameras, where feasible)

• Regular inspections and lock checks

• Documented access control (who has keys/codes)

• Remove or turn off unnecessary access points

• Tamper-evident seals on critical equipment

Monitoring Considerations:

• Security cameras at remote sites (if budget permits)

• Motion sensors that trigger alerts

• Regular review of access logs

• Immediate response to unauthorized access alarms

Contractor Management:

• Vet contractors thoroughly

• Escort contractor access when possible

• Review and document what contractors accessed

• Revoke access when projects are complete

• Include security requirements in contracts

Principle 6: Patch Management for Safety-Critical Systems

Here's where theory meets operational reality: How do you patch systems that require Safety Management System (SMS) processes for any changes, when patches need to be applied quickly to address vulnerabilities?

The Challenge:

• Navigation aids are safety-critical systems

• FAA systems require SMS analysis before changes

• Non-federal airport operators may lack SMS frameworks

• Patches from vendors may require extensive testing

• Systems can't be taken offline easily for updates

• Legacy systems may have no available patches

The Practical Approach:

For Systems with SMS Requirements:

1. Risk-based prioritization: Critical security patches get expedited SMS review

2. Pre-approved change procedures for security updates

3. Testing in non-operational environments first

4. Scheduled maintenance windows that accommodate security patching

5. Document the greater risk of NOT patching versus patching

For Legacy Systems Without Patches:

1. Compensating controls: network isolation, strict access control, monitoring

2. Consider system replacement in capital planning

3. Enhanced monitoring to detect exploitation attempts

4. Incident response procedures specific to these systems

For Non-Federal Facilities:

• Develop patch management procedures aligned with TSA requirements

• Work with vendors to understand patch availability and testing

• Consider managed security services if internal expertise is limited

• Don't let "we don't know what to do" become "we do nothing."

The Bottom Line: Patching aviation systems is complicated, but "we can't patch it" cannot be the final answer. Either patch with appropriate safety processes or implement strong compensating controls if patching is truly not feasible.

Principle 7: Monitor for Suspicious Activity

You can't defend what you can't see. Monitoring and logging are essential for detecting attacks and investigating incidents.

What to Monitor:

• Failed authentication attempts to navigation aid systems

• Network traffic to/from OT segments (especially unexpected connections)

• Configuration changes on monitoring systems

• Physical access to remote equipment sites

• System performance anomalies that might indicate tampering

Tools and Approaches:

• Centralized logging (SIEM if budget allows, basic log aggregation at minimum)

• Baseline normal behavior,or so anomalies stand out

• Automated alerts for critical events

• Regular log review (weekly at a minimum)

• Incident response procedures when suspicious activity is detected

Principle 8: Work with Cyber Security Offices (Even When It's Cumbersome)

Yes, working with cybersecurity offices can be frustrating. The processes seem slow. The requirements seem excessive. The paperwork is tedious.

But these offices exist for good reasons, and they're often your allies in securing funding, navigating compliance requirements, and implementing security controls properly.

How to Make It Work:

• Engage early: Don't wait until you need emergency approval

• Explain operational requirements: Help cybersecurity understand aviation constraints

• Document safety implications: Connect security requirements to safety management

• Build relationships: Work together, not adversarially

• Prepare justifications: Have cost-benefit analyses ready

The Trap to Avoid: "This IP connection needs to be done—we'll figure out security later." That path leads to permanent insecurity. Build security into the implementation from the start, even if it takes longer initially.

Regulatory Context: Where We Are and Where We're Heading

Current TSA Requirements

TSA Security Directive 1542-04-21B (covered in detail in our previous post on TSA cybersecurity requirements) applies to TSA-regulated airports and aircraft operators. While the directive doesn't specifically call out ILS or navigation aids by name, they fall under the category of "critical cyber systems" that require protection.

TSA Mandate Implications for Navigation Aids:

• Network Segmentation: OT systems (including navigation aids) must be isolated from IT systems

• Access Controls: Strong authentication is required for accessing operational systems

• Continuous Monitoring: Detect and respond to threats affecting critical systems

• Vulnerability Management: Risk-based patching and security updates

Who This Covers: TSA requirements formally apply to ALL TSA-regulated airport and aircraft operators, including Part 139 commercial service airports, aircraft operators (airlines and air carriers), Civil Reserve Air Fleet operators, and other entities under TSA security authority. General aviation airports and private facilities not under TSA regulation are not legally required to comply; however, these requirements represent best practices and reflect where industry standards are heading. The FAA's upcoming rulemaking will likely expand cybersecurity requirements across the broader aviation ecosystem.

Coming FAA Cybersecurity Rulemaking

The FAA is developing specific cybersecurity rulemaking through its Civil Aviation Cybersecurity Aviation Rulemaking Committee. While details are still emerging, expect:

Potential Impacts:

• Particular requirements for navigation aids and ground systems

• Integration with existing Part 139 safety requirements

• Cybersecurity requirements tied to airport certification

• Funding implications: Compliance may become a condition for federal grants and AIP funding

Timeline: "Get ready for the ride" is the appropriate warning. Rulemaking is coming, and it will have significant operational and financial impacts. Airports that start implementing security measures now will be better positioned to comply; those who wait will face rushed and expensive implementation.

The SMS Connection

For FAA-operated navigation aids, the Safety Management System (SMS) framework already applies to operational changes—including cybersecurity patches and security enhancements.

Why SMS Matters for Cyber:

• Changes to operational systems require hazard analysis

• Security patches are operational changes

• SMS processes can actually help prioritize security work

• Documentation from SMS supports compliance

For Non-Federal Airports: Part 139 SMS requirements (effective since 2023 for certain airports) provide a framework for integrating cybersecurity into safety management. If your airport has SMS, cybersecurity should be part of your hazard identification and risk management processes.

Practical Implementation: Where to Start

This can feel overwhelming, especially for smaller facilities with limited resources and personnel. Here's a pragmatic approach.

Immediate Actions (First 30 Days)

1. Inventory Your Systems:

• List all navigation aid equipment at your facility

• Document monitoring systems and where they're located

• Identify network connections and remote access methods

• Note operating systems and software versions

2. Change Default Passwords:

• Prioritize systems with remote access or network connectivity

• Use strong, unique passwords

• Document new credentials securely

• Establish a password rotation schedule

3. Assess Physical Security:

• Inspect remote equipment sites

• Check locks and access controls

• Document who has keys/codes

• Identify immediate physical security gaps

4. Review Network Architecture:

• Document how navigation aid systems connect to networks

• Identify if systems are on the same networks as IT

• Locate remote access paths

• Note any systems directly accessible from the internet

Short-Term Priorities (90 Days)

1. Implement Basic Network Segmentation:

• At a minimum, a separate VLAN for operational technology

• Firewall rules controlling OT access

• Disable unnecessary network connections

2. Establish Access Controls:

• Multi-factor authentication for remote access

• Document who has access and why

• Revoke unnecessary access

• Implement logging of administrative access

3. Enhance Physical Security:

• Upgrade locks where needed

• Add intrusion detection where feasible

• Establish a regular inspection schedule

• Install cameras at high-priority sites if the budget allows

4. Begin Monitoring:

• Centralize logs from critical systems

• Establish a baseline of regular activity

• Configure alerts for critical events

• Develop initial incident response procedures

Long-Term Security Program (12 Months)

1. Formal Risk Assessment:

• Comprehensive vulnerability assessment of all systems

• Threat modeling specific to your environment

• Risk prioritization and remediation planning

2. Security Architecture Maturation:

• Defense-in-depth network design

• Jump boxes or bastion hosts for controlled access

• Enhanced monitoring and detection capabilities

• Encrypted communications for sensitive data

3. Patch Management Process:

• Procedures for security updates

• Testing environments for navigation aid systems

• Integration with SMS, where applicable

• Compensating controls for unpatchable legacy systems

4. Training and Awareness:

• Security training for technicians and operators

• Contractor security requirements and briefings

• Incident response exercises

• Regular security awareness updates

5. Vendor Management:

• Security requirements in contracts

• Vendor access procedures and monitoring

• Regular vendor security assessments

• Escorted access policies

Working Within Aviation's Unique Constraints

Navigation aid cybersecurity isn't just applying generic IT security to aviation systems. The operational environment demands approaches that strike a balance between security, safety, uptime, and regulatory requirements.

Constraint 1: 24/7 Operational Requirements

The Challenge: ILS systems guide aircraft approaches. You can't just "take the system down for patching" during business hours.

Solutions:

• Schedule security maintenance during low-traffic periods (typically 2-4 AM)

• Coordinate with ATC for planned outages

• Implement redundant systems where feasible

• Use staged rollouts (test on non-critical systems first)

• Develop rapid rollback procedures if updates cause problems

Constraint 2: Safety-Critical Nature

The Challenge: Any change to navigation aid systems could potentially impact flight safety if something goes wrong.

Solutions:

• Rigorous testing before production deployment

• Change management processes that include hazard analysis

• Backup and recovery procedures

• Graduated implementation (test, staging, production)

• Extra scrutiny for changes to operational equipment

Constraint 3: Certification and Regulatory Requirements

The Challenge: Aviation systems often require FAA certification, flight checks, and regulatory approvals that are not typically found in IT environments.

Solutions:

• Understand which changes require formal approval or recertification

• Build security requirements into equipment procurement specifications

• Work with vendors who understand the aviation regulatory environment

• Engage the FAA early when planning significant changes

• Document security enhancements as part of SMS

Constraint 4: Legacy Equipment Lifecycle

The Challenge: Navigation aid equipment often operates for 15-20 years or longer. Security concepts from 2005 are inadequate in 2025.

Solutions:

• Accept that perfect security on ancient systems isn't achievable

• Focus on compensating controls: network isolation, strong access controls, and monitoring

• Factor cybersecurity into equipment replacement justifications

• Plan capital improvements with security in mind

• Don't let "it's old" become an excuse for doing nothing

Constraint 5: Limited Specialized Personnel

The Challenge: How many airports have staff who understand both ILS technical operations AND cybersecurity? The combination is rare.

Solutions:

• Cross-train existing personnel (teach ILS techs basic security, teach IT staff about aviation operations)

• Leverage aviation cybersecurity expertise (consultants who understand both domains)

• Participate in industry groups (learn from peer airports)

• Consider managed security services for monitoring and detection

• Build relationships between operational and security teams

The Path Forward: Building Navigation Aid Cyber Resilience

Here's what I've learned after 28 years working with ILS and navigation aid systems: These are strict, reliable systems built by skilled engineers who understood RF propagation, antenna theory, and precision navigation. They were designed to operate in harsh weather conditions, provide accurate guidance, and ensure the safety of aircraft.

They were not built with cybersecurity in mind because the threat didn't exist when they were designed.

But the threat exists now. And while we can't redesign legacy systems overnight, we can protect them through thoughtful application of security principles, operational awareness, and realistic risk management.

This isn't about making ILS systems hack-proof. No system is truly hack-proof. It's about making unauthorized access difficult enough that casual attackers move on to easier targets, and determined attackers leave enough forensic evidence that you can detect and respond before they cause significant harm.

This isn't about achieving perfect security. Perfect security is incompatible with operational aviation. It's about finding the right balance: good enough security that doesn't compromise safety or operations.

This is about not becoming complacent. The fact that your VOR hasn't been attacked doesn't mean it won't be. The fact that physical security has always been adequate doesn't mean it will be tomorrow. The fact that "we've always done it this way" doesn't mean that way is secure in a networked, interconnected environment.

And this is about starting now, not waiting for the following incident or the following regulation. Every day you operate vulnerable navigation aid systems is another day of risk. Every default password that stays unchanged is an open door. Every unmonitored remote access path is a potential attack vector.

Cybersecurity is challenging. Working with security offices is cumbersome. Balancing operational requirements with security needs is a complex task.

However, compromised navigation aids that provide false guidance to aircraft are unacceptable. We protect these systems because protecting them protects flight safety.

That's the job. Let's do it right.

Next Steps and Resources

For Airport Operators

If you're responsible for airport operations, and navigation aid systems fall under your purview:

Immediate Actions:

1. Inventory navigation aid systems and monitoring infrastructure

2. Assess current security posture honestly

3. Engage with your IT/cybersecurity personnel about OT security

4. Budget for security improvements in the upcoming fiscal cycles

Longer-Term Planning:

• Include navigation aid cybersecurity in airport security plans

• Integrate with SMS hazard identification and risk management

• Please coordinate with the FAA on any navigation aids they operate at your airport

• Plan for the coming regulatory requirements

For Ground Systems Engineers and Technicians

If you maintain ILS, VOR, DME, or other navigation aids:

Skills to Develop:

• Basic network security concepts

• Authentication and access control principles

• Physical security best practices

• Incident recognition and response

Operational Practices:

• Follow credential management procedures

• Report suspicious activity immediately

• Document configuration changes

• Maintain physical security at remote sites

• Question requests that bypass security processes

For Aviation Facility IT Teams

If you manage networks and IT systems at airports or aviation facilities:

Understand the Difference:

• Navigation aids are operational technology, not traditional IT

• Availability and safety take precedence over confidentiality

• Changes require different approval processes

• Operational personnel may lack an IT security background

Build Bridges:

• Work with operations to understand requirements

• Explain security needs in operational terms

• Design security that enables operations rather than blocking them

• Provide training and support for operational personnel

Training and Education

Consider aviation-specific cybersecurity training:

• Aviation Cybersecurity Academy: Module 2 (Airport Ground Systems Security) covers navigation aids, lighting systems, and OT in depth

• FAA training programs: Safety Management Systems courses often include risk management concepts applicable to cybersecurity

• Industry conferences, such as AAAE and ATCA, as well as similar organizations, are increasingly incorporating cybersecurity topics.

Getting Help

Navigation aid cybersecurity sits at the intersection of three specialized domains: aviation operations, navigation aid technology, and cybersecurity. Few people have deep expertise in all three.

Aviation Relations provides education and consulting specifically for this challenge—combining FAA ILS engineering experience with cybersecurity expertise to help airports and aviation facilities protect their ground systems.

What We Offer:

• Gap assessments for navigation aid security

• Practical implementation guidance that understands operational constraints

• Training for operations personnel and technicians

• Support for TSA compliance and FAA regulatory requirements

Schedule a free 30-minute discovery call to discuss your facility's specific navigation aid security challenges.

About the Author: Teddy Cooper is an ILS Electronic Engineer with the FAA's Advanced System and Design Service, with 28 years of aviation experience, including 17 years in military avionics and 16 years with the FAA. He has worked extensively with Instrument Landing Systems, VOR, DME, and other navigation aids across the National Airspace System. He holds an MSIT degree with a specialization in Information Security and operates Aviation Relations, providing cybersecurity education and consulting services to aviation facilities. His unique combination of hands-on navigation aid experience and cybersecurity expertise makes him one of the few professionals who deeply understand both the technical operations and cyber risks of these critical systems.

Disclaimer: This article discusses defensive cybersecurity principles for protecting aviation navigation aid systems. It is intended for airport operators, engineers, and security personnel responsible for protecting these systems. Nothing in this article should be construed as instructions for exploiting vulnerabilities or attacking aviation infrastructure. Any attempt to gain unauthorized access to aviation systems is both illegal and unethical, and it poses a significant threat to flight safety. Always follow proper authorization procedures and coordinate with appropriate authorities when conducting security assessments.