Kyanite Blue
Sector Guides

Air Traffic Control Cybersecurity: Protecting ATC OT Systems and Critical National Infrastructure

Air traffic control systems represent the most safety-critical cybersecurity environment in aviation — and one of the most sensitive in the entire national infrastructure. A cyberattack that disrupts ATC radar, communications, or data processing could have direct consequences for the safe separation of aircraft. NATS — the UK's en-route ATC provider — is designated as critical national infrastructure, and ATC cybersecurity operates in a regulatory environment that combines CAA, NCSC, and national security oversight. The 2023 NATS technical failure (not a cyberattack, but a system fault) that disrupted thousands of flights across UK airspace demonstrated the cascade effect of ATC system disruption — and why ATC cybersecurity receives the highest level of regulatory attention.

ATC systems are critical national infrastructure in the UK — cybersecurity failures in ATC environments can have direct aviation safety implications, triggering NCSC and national security oversight.

ATC OT Systems: The Security Challenge

Air traffic control operates some of the most complex and safety-critical operational technology systems in existence:

  • Radar processing systems: Primary surveillance radar, secondary surveillance radar, and Mode S systems processing real-time aircraft position data
  • Flight data processing: Systems managing flight plans, clearances, and separation data for aircraft under ATC control
  • Controller working positions: The workstation systems used by controllers to view radar and manage communications — safety-critical in real-time
  • Voice communication systems: VHF and UHF voice communications between controllers and pilots — any disruption affects controller-pilot coordination
  • Data link communications: CPDLC and ADS-B data links providing digital controller-pilot communication and automatic dependent surveillance
  • Navigation infrastructure: ILS, VOR, DME, and GNSS augmentation systems that aircraft rely on for precision approach and navigation

ATC Cybersecurity Threat Landscape

ATC systems face a distinct threat actor profile compared to commercial aviation IT:

  • Nation-state actors: ATC infrastructure is an attractive target for state-sponsored actors seeking to disrupt UK airspace — GRU-linked Sandworm has demonstrated capability against critical infrastructure
  • GPS/GNSS spoofing: State-sponsored GPS spoofing campaigns (documented in Middle East, Baltic, and Black Sea regions) affect aircraft navigation and ATC situational awareness
  • Insider threat: The sensitivity of ATC environments means insider threats — malicious or coerced personnel — carry exceptional risk
  • Supply chain: ATC systems rely on specialist vendors (Thales, Frequentis, Indra) whose supply chain security is critical — a compromised update to ATC software is a high-impact attack vector
  • Legacy system vulnerabilities: Many ATC systems have long operational lifetimes — 20–30 years is common — creating accumulated vulnerabilities in systems that cannot be rapidly patched or replaced

NATS and UK ATC Cybersecurity Regulation

NATS is subject to the most stringent cybersecurity oversight of any UK aviation entity:

  • Critical National Infrastructure designation: NATS is designated CNI, bringing NCSC oversight and engagement with national security frameworks beyond standard aviation regulation
  • CAA as competent NIS authority: NATS as an OES is subject to NIS Regulations with CAA oversight — binding security and incident reporting requirements
  • Government shareholding: The UK government holds a golden share in NATS — national security considerations directly inform cybersecurity requirements
  • NCSC engagement: NATS engages directly with NCSC for threat intelligence, incident response support, and security architecture review
  • Air Traffic Management Master Plan: The European ATM modernisation programme includes cybersecurity requirements for ATM system upgrades

ATC OT Security Controls and Architecture

ATC cybersecurity requires a combination of technical controls, operational procedures, and regulatory compliance:

  • Air-gapping: The most safety-critical ATC systems are air-gapped — physically isolated from networks connected to the internet or enterprise IT
  • Redundancy and resilience: ATC systems are designed with multiple redundancy levels — systems fail over to backup systems with no service interruption
  • Privileged access management: Access to ATC systems is strictly controlled, with minimum necessary access and robust authentication requirements
  • Supply chain verification: Software updates to ATC systems undergo rigorous verification processes — the supply chain attack vector via trusted vendor updates is closely managed
  • Physical security: Access to ATC facilities (en-route centres, approach control units, towers) is subject to strict physical security — the convergence of physical and cyber access control is closely managed
  • Continuous monitoring: ATC systems are subject to continuous performance monitoring that can detect anomalies indicative of cyber interference

Frequently Asked Questions

Has there ever been a successful cyberattack on UK air traffic control?

No successful cyberattack on UK ATC safety systems has been publicly confirmed. The August 2023 NATS incident that disrupted UK airspace was caused by a technical fault in flight data processing — not a cyberattack. ATC cybersecurity is taken extremely seriously and the combination of air-gapping, redundancy, and NCSC oversight provides a strong baseline. However, nation-state cyber actors with ATC capabilities are a documented threat, and the aviation security community treats ATC cyber resilience as an ongoing challenge rather than a solved problem.

How does GPS spoofing affect ATC operations?

GPS spoofing — transmitting false GPS signals to mislead aircraft navigation systems — affects ATC in several ways. Spoofed aircraft report incorrect positions to ATC radar, creating potential separation conflicts. Controllers may see aircraft in positions that do not correspond to their actual location. Navigation systems relying on GPS for approach procedures may become unreliable. ATC procedures for GPS-degraded operations include increased procedural separation, reverting to radar-based separation, and alternative approach procedures. NATS and the CAA have issued NOTAMs and guidance for GPS-degraded operations in affected regions.

What would happen to aviation safety if ATC systems were successfully attacked?

ATC systems are designed with multiple redundancy layers specifically to maintain safe operations in the event of system failures. A partial ATC system failure would trigger automatic failover to backup systems, potential flow control to reduce traffic levels, and reversion to procedural separation methods. A complete ATC system failure would trigger declared distress procedures, with military ATC potentially providing emergency coverage. The aviation safety system is designed to manage ATC failures — but the combination of cyber disruption across multiple redundant systems simultaneously is the scenario that receives the most serious attention from security planners.

Discuss ATC cybersecurity requirements

Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.

Get in touch

Featured Product

Coro

Learn more

Ready to secure your iGaming operation?

MGA-licensed operators across Malta trust Kyanite Blue.

Book a call Browse all guides