• Military
• WMD
• Intelligence

• Security Menu                     

• Systems
• Industry
• Operations
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Links

• Space

Cyber-Defence Campus of the DDPS identifies vulnerabilities in collision warning system of civil aviation

Swiss Government

Bern, 10.02.2025 -- The Cyber-Defence Campus of the DDPS has found two vulnerabilities in the collision warning system "Traffic Alert and Collision Avoidance System (TCAS) II" of civil aviation. On 21 January 2025, the detected and published vulnerabilities were classified by the American Cyber Defence Agency CISA and the Federal Aviation Authority (FAA) of the USA as moderate to severe.

In autumn 2023, a team from the Cyber-Defence (CYD) Campus succeeded in triggering false warnings in a pilot cockpit on a certified TCAS processor with its own radio setup in their Cyber Avionics Laboratory. The manufacturer and the aviation authorities in Europe and the USA have been informed about the new findings.

On 21 January 2025, the American Cyber Defence Agency CISA of the United States Department of Homeland Security published a security message together with the FAA as the first organisation. Here, they classified two of the vulnerabilities found by the Cyber-Defence Campus in the collision warning system "Traffic Alert and Collision Avoidance System II" as moderate to severe - a pioneering assessment for other regions, including Europe. The FAA's assessment shows that no technical countermeasures are currently available.

Security for civil aviation

The findings of the Cyber-Defence Campus provide an important basis for the international safety assessment and future safeguard measures. The organisations concerned are therefore recommended to take compensatory measures for identifying such attacks at an early stage, in order to be able to react appropriately in cases of emergency.

In the summer of 2024, researchers at the Cyber-Defence Campus demonstrated the findings at the "DEF CON Hacking Conference" in Las Vegas, Nevada and at the "USENIX Security", a security conference in Philadelphia, Pennsylvania.

Research at CYD Campus

Researchers at CYD Campus have been working on this topic for over five years. The Cyber Avionics Lab in Thun, which was set up for this purpose, allows them to investigate cyberattacks on certified aviation systems. CYD Campus researchers have been doing pioneering work in this field for years. Various systems such as ADS-B, MLAT, CDPLC and GPS have been scrutinised to show how these digital aviation systems would react to realistic cyberattacks.

Over the past two years, a team from CYD Campus has been working intensively with Italian researchers on the investigation of TCAS II. This system is mandatory in civil aviation for aircraft weighing 5,700 kg or more or carrying more than 19 passengers and serves as a last resort for avoiding collisions when all other procedures for maintaining distance between aircraft have failed. Pilots are obliged to respond immediately to TCAS collision warnings, for example by adjusting their altitude up or down.

The Cyber-Defence Campus

The CYD Campus forms the link between the DDPS, industry and science in the areas of research, innovation and training for cyber defence. Its tasks include the early identification of the latest trends in the cyber area, the development and testing of cyber technologies and the training of cyber specialists.

It was founded in 2019 as part of the DDPS' cyber defence action plan at armasuisse Science and Technology and contributes to the DDPS cyber strategy as well as to the National Cyber Strategy (NCS).