Root Cause Analysis of the Delhi ATC / GPS Interference Incident

[Amber G.]

@admin: Starting a new thread. It can be merged with other suitable thread if of value.

Root Cause Analysis of the Delhi ATC / GPS Interference Incident

Several credible news outlets (Livemint, NDTV, and others) have now reported that the massive disruption at Delhi’s Indira Gandhi International Airport — which affected over 800 flights on 7 November 2025 — stemmed from a failure in the Automatic Message Switching System (AMSS) and suspected GPS/GNSS interference or spoofing. The Air Traffic Controllers’ Guild says it had flagged automation vulnerabilities months earlier, while the DGCA and Airports Authority of India have ordered investigations into both the system malfunction and possible navigation-signal anomalies.

From a technical standpoint, this appears to be more than an isolated glitch. Reports point to GNSS spoofing — where counterfeit GPS-like signals mislead receivers about their position or timing — coinciding with the AMSS failure that crippled ATC message routing. Such interference can arise accidentally (equipment faults, local jammers) or deliberately (testing, cyber-attack, or “spoofing experiments”). Similar regional incidents have been logged in the Black Sea, the Middle East, and parts of Russia, where multiple aircraft or ships simultaneously reported impossible positions. If confirmed, this would mark one of the first major civil-aviation disruptions linked to GNSS manipulation in India.


The security implications are significant. Modern air-traffic and airline operations rely heavily on satellite navigation for not just positioning, but also timing, ADS-B location broadcasts, and synchronization of ground systems. A successful spoofing event — even short-lived — can trigger cascading delays, false targets on radar displays, or timing errors in communication networks. Beyond operational inconvenience, this raises questions about critical infrastructure resilience and the adequacy of existing safeguards against intentional signal manipulation.

For India, this also underscores the strategic importance of developing and integrating NAVIC (Indian Regional Navigation Satellite System) more deeply into both civil aviation and critical infrastructure. A multi-constellation approach — using NAVIC alongside GPS, Galileo, and GLONASS — could provide redundancy and authentication options that help isolate or reject spoofed signals. The learning here is clear: indigenous capability and diversification of navigation sources are not just matters of pride, but of operational security.

It would be useful to gather verifiable data, observations, or logs from those in the aviation, RF, or systems-engineering domains — e.g., any recorded GNSS anomalies, RAIM alerts, ADS-B inconsistencies, or timing deviations observed around 6–8 Nov. If anyone has insights on how the AMSS fault interacted with navigation data, or knows of parallel incidents elsewhere, please share.

Let’s use this thread to piece together a technically grounded understanding of what happened — separating speculation from evidence — and discuss what measures (redundancy, monitoring, or procedural) might be necessary to prevent a repeat.

- Amber G.

[Amber G.]

References:

Delhi airport's ATC glitch: Flight operations normal; govt directs officials to conduct detailed root-cause analysis

The article reports that on 7 November 2025 the Delhi airport (IGI) experienced a technical issue in its air traffic control (ATC) system, which disrupted over 800 flights.

- Multiple incidents of GPS spoofing, where false GPS signals are broadcast to mislead receivers, affecting aircraft navigation/monitoring systems.

“GPS spoofing” is explained - adversarial manipulation of GPS-receiver data, causing receivers to believe they are elsewhere or receive false timing/location info.

- The disruption was compounded by runway/approach changes (due to eastern winds) in Delhi, increasing congestion.
mint

- August 2025 report by the Parliamentary Standing Committee on Transport calling for a time-bound overhaul of India’s ATC automation systems, warning that the technology is outdated especially at high-density airports (Delhi, Mumbai).

The regulatory authority (Directorate General of Civil Aviation – DGCA) is reported to be investigating the spoofing incident

'Flagged Issues In July': Air Traffic Controllers After Delhi Airport Glitch

-This article focuses on statements by the ATC Guild of India, which say that they had written to the Airports Authority of India (AAI) back in July, flagging issues and calling for upgrades to air navigation/automation systems.

-They pointed out that India’s automation system should be benchmarked against the European Eurocontrol and the U.S. Federal Aviation Administration (FAA), which use modern tech, real-time data sharing, AI threat detection etc.

[Amber G.]

Notable incidents (A quick list)

Delhi, Nov 2025: widespread delays (~800 flights) tied to AMSS failure and reported GNSS interference/spoofing; authorities investigating. This exposed how a messaging system fault and navigation anomalies can coincide and cascade.

Black Sea (2016–2017 and repeated events): many ships’ GPS solutions jumped inland/onto an airport — analysis concluded regional spoofing sources produced false positions across many receivers. This showed how area spoofing can simultaneously affect many users and create a plausible but false common track.

Middle East (2023–2024 reporting): multiple civilian aircraft reportedly experienced misleading GNSS guidance near Iranian airspace — raised risk of near-airspace incursions.

Wider pattern in Russia/Crimea (2016–2024): thousands of spoofing events observed in multiple regions according to NGO and academic analyses — indicates both deliberate/state-level use.

For India: (Public information)

- The Indian government told Parliament that between November 2023 and February 2025, around 465 incidents of GPS/GNSS interference or spoofing were reported in airline operations in the border regions around Amritsar and Jammu.

-The DGCA\ has been compiling data on such occurrences since 2023 instructing airlines to report interference events.

- Per India today - A report that at Indira Gandhi International Airport (Delhi) there were suspected spoofing events in early November 2025 coinciding with runway/ILS changes and ATC messaging glitch
(@admin - I am just quoting / citing the Amritsar/Jammu region data and the Delhi event (easily confirmed by reputable news papers)..{not others.. for obvious reasons)

[Amber G.]

Technical Glitch, GPS spoofing disrupt 350 flights at Delhi Airport
Synopsis
Flight operations at Delhi’s Indira Gandhi International Airport were disrupted on Friday morning after a malfunction in the Air Traffic Control (ATC) messaging system coincided with GPS spoofing incidents over the capital’s airspace, forcing a shift to manual flight planning. Over 350 flights were delayed through the day before the issue was resolved, the civil aviation ministry said.


Read more at:
https://economictimes.indiatimes.com/in ... aign=cppst

[A_Gupta]

AI adds: "Range: The spoofing signals reportedly started affecting aircraft approximately 60 nautical miles from the airport." {Delhi}

[Amber G.]

Happened to talk/discuss this with an expert -
Few points -- Root causes / vulnerabilities
Civil GNSS signals are unencrypted and unauthenticated. Civil L1 C/A and many broadcast signals lack cryptographic authentication; inexpensive transmitters can mimic them. (Military signals are secured, but civil receivers typically don’t use them.)

-Dependency on GNSS for many functions. Modern ATC/aircraft operations and airline flight-management systems increasingly rely on GNSS for RNAV, ADS-B position stamping, datalinks and time-synchronization. Where GNSS is primary, spoofing can create operational confusion.

- Lack of redundant PNT safeguards. If ground systems or aircraft lack robust inertial sensing, cross-checking, or authentication, spoofed inputs can be accepted.

-Operational complexity & single points of failure. The AMSS and flight-data distribution chain are critical — an AMSS software/firmware fault or overload forces manual processing and magnifies any concurrent navigation anomalies into system-wide disruption. (Delhi reporting cites AMSS malfunction in parallel with spoofing reports.)

[Tanaji]

This is a strange one. There were two failure modes: failure of the AMSS and the GPS system. Were those related? Did GPS failing cause issues on AMSS? One of the reports mentioned “server failure” but this could be DDM reporting: these systems are highly redundant and a server failure cannot cause the system on the whole to fail.

The question now is IF the failures were unrelated (i.e. no cause and effect) then it is fairly certain that a state level actor is at play - no one else would have the resources to cause both at once.

The GPS spoofing is of course deliberate. Either a jehadi parked himself next to the airport and stuck out a big transmitter that put out watts of radio power and effectively drowned out valid GPS signals (or used multiple transmitters but unlikely). The other option is Starlink sats or any other LEO sats are doing the spoofing. That Starlink does PNT is obvious:
https://insidegnss.com/spacex-details-s ... c-inquiry/

Does it do so in the same band? What was the issue: was it specifically spoofing where the receiver finds wrong coordinates like the Black Sea incident or was it just interference? The involvement of Starlink PNT would cause interference if in the same band but not spoofing unless it was deliberate. It should be possible to correlate what Starlink sats were overhead at the time of the incident.

If the AMSS failed because of an overload situation or similar resulting from GPNS spoofing then the solution is self evident.

We need to start thinking of similar DoS attacks on airports as we grow relevant. The drone excursions we see at Western airports that result in disruptions can easily be done here.

[SriKumar]

Is there any note or report on how affected people became aware that there was a problem.

[Amber G.]

AI adds: "Range: The spoofing signals reportedly started affecting aircraft approximately 60 nautical miles from the airport." {Delhi}

Thanks. Adding - For the record: Details - Two links:

TOI: 1st ever ‘spoofing’ scare at Delhi airport: Pilots misled by fake GPS signals, forced to divert flights

Zee:Pakistan Plotting Passenger Aircraft Crash In Delhi? GPS Spoofing Sparks Security Concerns

Per these reports:
- The source of spoofing may be linked to Pakistan (implying a deliberate hostile act) targeting civil aviation in India, although it frames this notion as suspicion/possible.

- The article raises the alarm that the spoofing might be more serious than benign interference — in fact, that the purpose could be to cause a passenger aircraft crash or major disruption.

-The article interlinks this with previously reported spo­ofing incidents in border regions and the broader context of over 465 GPS interference/spoofing events between Nov 2023–Feb 2025, especially near the India-Pakistan border.

- My take: (FWIW):
What we know:
- Spoofing is the deliberate broadcast of counterfeit GNSS (e.g., GPS) signals so that receivers compute wrong positions or time.
- The article implies that aircraft or navigation systems around Delhi received such misleading signals.
- Earlier reports (Financial Express) say one key root cause of disruption at IGI was the AMSS (Automatic Message Switching System) malfunction, which forced manual processing of flight

Speculative at present:
-Whether crippling the AMSS and spoofing GNSS are co-incident or part of a single orchestrated attack ?

(I have few more thoughts.. may be later)

Given the gravity of the scenario, I invite inputs from those with relevant observations:

-GNSS receiver logs (civil or airport ground station) around Delhi or within ~100 km of IGI on the dates in question (first week of Nov 2025) — especially looking for anomalous pseudorange jumps, Doppler inconsistencies, RAIM/FF alerts.

- Aircraft approach/departure track deviations or ADS-B anomalies logged by airlines or monitoring platforms in the same period.

- ATC/AMSS system logs (timestamp discontinuities, message delays, manual intervention flags) from IGI or nearby centers around Nov 6-8 2025.

-Any RF-spectrum or emitter detection data (fixed or mobile) indicating a ground-based spoofing source in the region.

- Correlations with regional defence/military activity or border jamming reports that could contextualize interception or diversion of GNSS signals.

Let’s build a technically grounded timeline of what happened → what was affected → how (root-cause) → what can be done operationally/technically to strengthen resilience.

If you have data or know where to access it, please share or point to the source.

[Amber G.]

Additional Data :

DGCA) is reported to be actively compiling data on GPS interference/spoofing incidents. One official said there were “at least eight such instances” at Delhi in recent days (domestic + international flights) and that the regulator is collecting anonymised logs to better understand the trend.

(The data collection effort follows a circular issued in 2023 requiring airlines to report GNSS interference.)

The report emphasised that while most prior incidents in India were along border areas, the fact that they are now being reported in the congested Delhi airspace is especially concerning.


Several outlets report that the spoofing incidents in Delhi included false navigation data and terrain warnings. Eg::

“Aircraft flying over Delhi have faced disruptions … pilots and air-traffic controllers reported receiving false navigation data, including incorrect aircraft positions and misleading terrain warnings, particularly within a 60-nautical-mile radius of the national capital.”


A pilot said “such incidents are rare in Delhi … I encountered spoofing on all six days of my operations last week.”

"The region of interference is cited as up to ~60 nautical miles from Delhi. (Many news papers)

- The disruption at Delhi included two concurrent failures:

A malfunction of the Automatic Message Switching System (AMSS) in ATC/aircraft flight-plan messaging that forced manual work-arounds.

A cluster of GNSS spoofing/interference episodes affecting aircraft navigation. The conjunction of these failures is .. “Delhi’s Automatic Message Switching System … and GPS navigation signals over northern India faltered almost simultaneously … less like coincidence and more like a coordinated vulnerability.”


The regulator apparently accelerated the implementation of a ground-based fallback navigation system because of the spoofing risk. F

Wider pattern: It’s not just Delhi. The reports cite 465 GPS interference/spoofing instances in the India-Pakistan border region (Amritsar, Jammu) between Nov 2023 and Feb 2025.


- Some Key Observations (for Technical Discussion)

The fact that spoofing/false navigation data were reported in a congested region (60 NM around Delhi) is especially alarming: navigation errors here could lead to proximity/safety issues.

The concurrence of ATC messaging system failure + GNSS spoofing suggests systemic vulnerability rather than isolated malfunction.

The quick regulatory response (accelerating ILS upgrade) is a practical indicator that ground-based fallback is being emphasised.

Though many incidents have been along border areas, moving into high-density airspace like Delhi signals an escalation in risk profile.

The data collection by DGCA suggests the authorities expect more incidents and are trying to formalise awareness and logging — which means future reports may produce richer technical logs.

[Amber G.]

Grok Uvach:

GPS spoofing at Delhi's IGI Airport is a confirmed issue, with DGCA probing multiple incidents causing flight disruptions, as reported by aviation authorities and news outlets. This tactic, often linked to adversarial nations like Pakistan per security analyses, mimics signals to mislead navigation—pilots switched to manual modes successfully. Attributing it solely to domestic governance ignores global patterns in GNSS interference near tense borders. India bolsters defenses amid rising such threats.

[Tanaji]

https://indianexpress.com/article/citie ... -10351280/

While sparse, this is what AMSS does. It helps the ATC to prioritise flight arrivals and departures. I dont think it has any role to play in actual flight separation etc

Some random AI uvacha:
Role of the Automatic Message Switching System (AMSS) in Aviation
Communication and Data Exchange
AMSS is a digital platform that facilitates the sharing of flight plans between airlines and Air Traffic Control (ATC).
It allows for real-time communication, ensuring that vital information about aircraft movements is transmitted efficiently.
Flight Safety and Coordination
The system plays a crucial role in maintaining flight safety by enabling ATC to monitor aircraft movements and issue clearances.
It helps manage airspace effectively, especially in busy airports, by coordinating the flow of information.
Technical Specifications
AMSS supports a variety of message formats, including structured data, which enhances the security and reliability of communications.
It is designed to handle a high volume of messages, which is essential for major airports that manage thousands of flights daily.
Transition from Older Systems
AMSS is gradually replacing the older Aeronautical Fixed Telecommunication Network (AFTN), which has limitations in data handling and security.
The transition to AMSS began in earnest in the early 2010s, driven by the need for improved data exchange capabilities in modern aviation.

[Tanaji]

So is it a reasonable theory that GNPS spoofing led to messages overloading the AMSS? For example GNPS gets spoofed -> aircraft thinks its location is somewhere else ie delay -> messages get sent on AMSS -> happens to large number of aircraft -> AMSS overload and crashes.

IMHO the above is only true if the aircraft sends automated messages on AMSS based on its location as reported by GNPS. Right now I have no way of verifying if this is true.

[Amber G.]

T...

The question now is IF the failures were unrelated (i.e. no cause and effect) then it is fairly certain that a state level actor is at play - no one else would have the resources to cause both at once.

The GPS spoofing is of course deliberate. Either a jehadi parked himself next to the airport and stuck out a big transmitter that put out watts of radio power and effectively drowned out valid GPS signals (or used multiple transmitters but unlikely). The other option is Starlink sats or any other LEO sats are doing the spoofing. That Starlink does PNT is obvious ..

Yes, satellites could theoretically spoof aircraft GPS by broadcasting fake signals mimicking authentic GNSS transmissions, ...confusing receivers if the counterfeit signals are stronger or timed precisely... However, practical spoofing is usually done, as you said, via ground-based or low-altitude transmitters for targeted areas ... as they can overpower real satellite signals locally without needing orbital access.

Satellite-based attacks would demand compromising GPS constellations or something much complicated, making them .. harder to execute undetected.

Anyway we would know soon..

[Amber G.]

Is there any note or report on how affected people became aware that there was a problem.

Yes — pilots and ATC staff noticed the issue through false position readings, terrain warnings, and navigation system errors (like “GPS PRIMARY LOST” alerts). Some aircraft showed impossible locations on flight displays or ADS-B trackers, prompting manual cross-checks with inertial and radio navigation. Controllers also observed data mismatches in radar plots and flight messages, confirming that something was wrong with GNSS inputs.

[Amber G.]

Latest updates: (Various reliable sources):


- DGCA is now formally compiling data on GPS/GNSS interference/spoofing incidents affecting flights in and around Delhi. They report “at least eight” such instances during the recent period (domestic + international flights).

- In response to the spoofing + runway navigation issues, the DGCA has expedited the rollout of an ILS for runway 10/28 at IGIA: ( Category I version to be operational this weekend, earlier than planned)

- Multiple outlets are now quantifying the disruption *seems* ( could be wrong) to linked to a combination of AMSS messaging system fault + GPS spoofing..

(I have pulled some specific flight/aircraft-level incident logs (publicly reported, some detail level needs subscription) in Delhi region where GPS/ADS-B anomalies were logged.. and flight tracker data.. for few flights .. will be fun to analyze that to see some pattern)

[Amber G.]

For your reading pleasure..
India increases efforts to collect GNSS spoofing data

Sep 2023 – mid-2024: Multiple GPS-spoofing episodes in the Iran/Iraq region

(Here positions errors at the distance around 60 miles were reported

[SriKumar]

thanks. Seems like it also happened in months prior as well.

[Amber G.]

Is there’s any new data linking the recent Red Fort car bomb explosion in Delhi to the GPS spoofing incident?

Short answer: Some overlapping timelines and investigative actions raise questions:

- The GPS spoofing event at IGIA, Delhi has now been taken up by the office of the Ajit Doval NSA. According to a news piece, the NSA’s office is investigating the alleged spoofing that disrupted over 350 flights in the region.

- Regulators are increasingly confident that the spoofing is not just incidental interference. For example, tracking data showed aircraft positions “fluctuating by as much as 335 km within seconds” in the IGIA incident.

- Parliamentary data shows that between November 2023 and February 2025 some 465 incidents of GNSS/GPS interference/spoofing were reported in the Amritsar/Jammu region of India.

- Technical discussion about a newly technique “C/N0 analysis” of spoofing detection based on antenna orientation — that is experts are finding measurable signal fingerprints of spoofing..(more of it later)
.. Cont..