Introduction
The Traffic Collision Avoidance System (TCAS), a cornerstone of airborne collision avoidance since its inception in the 1980s, has long been regarded as one of aviation’s greatest safety nets. It has saved countless lives by preventing midair collisions, particularly in airspace with high traffic density or communication breakdowns. But as with any system, especially those reliant on legacy technology and evolving data environments, TCAS is not infallible. In fact, a growing body of research suggests TCAS may be facing new threats—ones that aren’t just operational, but digital.
Digital Interference: A New Class of Threats
Recent revelations from cybersecurity researchers at USENIX Security have raised eyebrows across the industry.1 The team demonstrated how TCAS—built to trust Mode S transponder replies—can be manipulated to produce false Resolution Advisories (RAs). In essence, by spoofing carefully crafted Mode S signals, a malicious actor could trick TCAS-equipped aircraft into believing a collision threat exists where none does.
This is no longer theoretical. According to the researchers, the attack can be executed using commercially available software-defined radios, bringing the threat within reach of relatively low-resourced actors. While there’s no public record of such an attack being carried out in the real world, the feasibility has now been publicly proven.
Real World Failure
On March 1st, 2025, several aircraft reported erroneous TCAS TA and RA alerts while on approach to Runway 19 at DCA/Washington. Despite these alerts, all aircraft adhered to the avoidance procedures and maintained a safe separation. Notably, six of these incidents occurred within a span of eleven minutes. Fast forward a few weeks and we found out that the result of these RAs was due to improper testing of counter-drone technology by the Secret Service and U.S. Navy, as alleged by Senator Ted Cruz.2 Although the Secret Service has denied these allegations, the fact remains that this technology exists, and is capable of a lot more damage if it falls in the wrong hands.
Aireon, a provider of global space-based ADS-B surveillance, recently published a deep dive into unusual TCAS RAs detected across the North Atlantic.3 In these incidents, aircraft received conflicting vertical guidance during low-risk encounters, often during opposite direction over-ocean operations. Notably, these alerts occurred with no corresponding traffic threat, leading experts to suspect potential flaws in the logic or interpretation of Mode S-derived data.
While Aireon stopped short of labeling the issue a vulnerability, their data highlights the system’s reliance on trusted, accurate transponder inputs—an assumption that may no longer be safe.
TCAS Overhaul
TCAS was never designed with cybersecurity in mind. Like many aviation technologies, it emerged in a pre-digital era, assuming good-faith, cooperative behavior. But with the aviation threat landscape shifting rapidly—driven by geopolitical tensions, digital convergence, and the proliferation of cheap RF technology— TCAS is now potentially a soft target. The absence of encryption or message authentication in Mode S replies makes TCAS inherently spoofable. Combine that with predictable aircraft trajectories and open-source avionics tools, and malicious manipulation becomes a real possibility.
Since we’re updating TCAS, another important revision should be to revisit some of the system’s inherent logic. Preliminary accident reports of PSA 5342, that collided with a military Black Hawk over the Potomac inbound to DCA, showed that the TCAS never went off to warn the regional jet about the helicopter intercepting its path. TCAS is inhibited below 1000 feet AGL to reduce distractions and erroneous alerts from traffic on the ground. Unfortunately, its this very logic that perhaps could have prevent that catastrophe from taking place.
Automation, AI, and Single-Pilot Operations: A Risk Multiplier?
As the industry pushes toward increased automation—especially in single-pilot or remotely piloted operations—TCAS remains a critical fallback. But herein lies the problem: in many emerging concepts of operation (like eVTOLs or AI-augmented cockpits), human monitoring may be minimal or delayed. If an AI-driven flight deck receives a spoofed RA, will it respond appropriately? Will it cross-check that RA with other surveillance data sources or override based on context?
Today’s human pilots intuitively evaluate TCAS RAs, especially those that contradict visual or ATC inputs. Anomalous RAs can be disregarded with sound judgment. But when human decision-making is diluted or sidelined by AI systems, the risk of blind trust in compromised alerts increases. Pilots are trained to “trust, but verify”. This human attribute will be very hard to replicate in an AI-driven machine.
So, What’s Next?
The solution isn’t to abandon TCAS, but to evolve it. Several industry initiatives are already underway:
Final Thoughts: A Legacy System in a Digital World
TCAS has undoubtedly saved lives, and it remains an indispensable layer of aviation safety. But as digital threats grow more sophisticated and the industry accelerates toward automation and reduced crew paradigms, TCAS must keep pace. Whether through system hardening, AI-aided crosschecking, or robust pilot oversight, one thing is certain:
The future of collision avoidance can no longer rely on trust alone. It must be secure, smart, and above all—vigilant.
Sky Safety Solutions provides expert-led consulting and training in regulatory compliance, air charter operations, and safety oversight. For support with advanced surveillance system assessments, safety audits, or custom training, contact us at www.skysafetysolutions.com.
Sources:
[1]https://www.usenix.org/conference/usenixsecurity24/presentation/longo
