GPS spoofing threat at IGIA: A wake-up call for national security

The disruption at Indira Gandhi International Airport (IGIA) last week, where more than 800 flights were delayed or diverted following an alleged GPS-spoofing incident, is a wake-up call for India’s aviation and communication systems. The fact that the office of the National Security Advisor Ajit Doval is directly overseeing the investigation underscores the seriousness of this threat and the growing strategic concern around satellite-based navigation and timing.

GPS and Global Navigation Satellite Systems (GNSS) underpin not only aircraft navigation but also other critical communication infrastructure, including telecom networks, financial exchanges, data centres, power grids, and supply chain logistics. In a spoofing attack, rogue agents transmit counterfeit satellite signals that override authentic ones, causing receivers to calculate false positions or times.

In the case of India, the implications are massive, as its telecom networks depend on precise timing derived from GNSS signals. 5G synchronisation, backhaul coordination, distributed data centres, and even digital financial platforms use the very clocks that satellites provide. When those clocks err, the systems built on them also suffer from inaccuracies. The aviation system at IGIA may be salient, but similar vulnerability exists across other sectors—and an attack on the timing layer could be as damaging as one on the navigation layer.

So, what must India and other nations do to build resilience?

First, signal authentication must be accelerated. GNSS signals must move beyond open-access broadcasting to include cryptographic authentication, allowing receivers to determine that the source is genuine. India’s indigenous system, NavIC, may offer a partial route forward, but industry-wide adoption of multi-GNSS receivers with built-in verification would raise the barrier for spoofers.

GNSS signals must move beyond open-access broadcasting to include cryptographic authentication, allowing receivers to determine that the source is genuine. 

Second, diverse timing sources are essential. Communications network operators should deploy terrestrial alternatives, such as fibre-based time distribution, eLoran, or synchronised atomic clocks, at critical nodes, so that even if GNSS fails or is spoofed, services can continue uninterrupted. Redundancy is the name of the game.

Third, anomaly-detection and incident-reporting mechanisms must be expanded beyond aviation. The DGCA’s new 10-minute reporting mandate for suspected GPS interference in aviation is a correct step. Telecom, maritime, and power sector regulators should implement similar protocols, mandating the rapid detection and reporting of GNSS irregularities—including signal spike detection, unexpected shifts in receiver-computed location or time, and monitoring of satellite geometry. Cyber-incident-response teams should treat GNSS spoofing as a trigger event.

Besides, multi-sensor cross-verification should become standard in navigation- and timing-critical systems. Fusing GPS data with inertial sensors, visual odometry, cellular triangulation, Wi-Fi positioning, or map-based validation can help devices recognise absurd jumps in position or time and reject suspect data.

The IGIA incident has demonstrated that when satellites can be manipulated, any sector that depends on them is vulnerable. With the NSA’s office now probing the events in Delhi, it is time for a comprehensive review of GNSS dependencies across communication, navigation and timing infrastructures. India must strengthen its defences before the next spoofed signal triggers a wider disruption.