Current Affairs Topics Quiz Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

63 Moons’ cybersecurity arm pilots GPS-spoofing solution at Indian airports

April 14, 2026 4 min read Science & Technology Internal Security GS3 (Science & Technology Internal Security Cybersecurity)
On This Page

What Happened

  • The cybersecurity arm of 63 Moons Technologies has begun piloting a GPS-spoofing detection and mitigation solution at major Indian airports
  • The pilot follows GPS spoofing incidents detected at several major Indian airports — including Delhi, Mumbai, and Bengaluru — in December 2025
  • The Indian government confirmed cyberattacks involving GPS spoofing at eight major airports in late 2025, affecting aircraft using GPS-based navigation and landing procedures
  • The Airports Authority of India (AAI) and the civil aviation ministry have been implementing advanced cybersecurity solutions in line with guidelines from the National Critical Information Infrastructure Protection Centre (NCIIPC) and CERT-In
  • GPS spoofing in aviation causes aircraft navigation systems to compute incorrect position data, posing risks to safe separation, landing, and traffic management

Static Topic Bridges

GPS Spoofing — Technical Mechanism and Aviation Threat

GPS spoofing is a form of cyberattack in which a signal generator broadcasts counterfeit GPS/GNSS signals that are stronger than the authentic satellite signals, causing navigation receivers to compute incorrect position, velocity, and timing data. Unlike GPS jamming (which merely blocks the signal), spoofing actively deceives the receiver with false coordinates.

  • GNSS (Global Navigation Satellite System) is the umbrella term for satellite navigation constellations: US GPS, Russia's GLONASS, China's BeiDou, Europe's Galileo
  • Spoofed positional data can cause aircraft to see their location "jump" tens to hundreds of miles in seconds — confusing pilots, autopilot systems, and air traffic control
  • Aviation spoofing can disrupt Instrument Landing System (ILS) procedures and GNSS-based approach routes used for precision landings
  • Detection methods include: RAIM (Receiver Autonomous Integrity Monitoring), Inertial Navigation System (INS) cross-reference, multi-constellation receivers, and cryptographic signal authentication (Galileo OSNMA deployed in 2025)
  • All major public GNSS constellations are technically vulnerable to spoofing with commercially available equipment
  • Context: GPS spoofing is extensively reported near conflict zones (Middle East, Eastern Europe); India's airports detected similar attacks in late 2025

Connection to this news: The detection of GPS spoofing at Delhi, Mumbai, and Bengaluru airports — India's busiest aviation hubs — has created urgent demand for domestic countermeasure solutions, of which the 63 Moons pilot is an early response.

Critical Information Infrastructure Protection — NCIIPC and CERT-In

India designates certain sectors as Critical Information Infrastructure (CII) — systems whose disruption would seriously impact national security, governance, economy, or public safety. Aviation infrastructure, including airports and Air Traffic Management (ATM) systems, is classified as CII.

  • NCIIPC (National Critical Information Infrastructure Protection Centre): established under Section 70A of the Information Technology Act, 2000; operates under the National Technical Research Organisation (NTRO) which reports to the Prime Minister's Office
  • NCIIPC designates CII organisations and issues protection guidelines; aviation, power, banking, telecom, oil & gas, and e-governance are among the notified CII sectors
  • CERT-In (Indian Computer Emergency Response Team): established under Section 70B of the IT Act, 2000; the nodal agency for cybersecurity incident response in India; issues alerts, guidelines, and coordinates with sector-specific CERTs
  • IT (Amendment) Act, 2008 strengthened CERT-In's powers and introduced Section 66F (Cyber Terrorism) with a penalty of life imprisonment
  • NCIIPC and CERT-In both issued advisories after the 2025 airport spoofing incidents, directing airports to deploy countermeasures

Connection to this news: Aviation GPS systems are classified under CII — making the NCIIPC and CERT-In the primary regulatory bodies that mandated airports to adopt anti-spoofing solutions, creating the regulatory environment in which the 63 Moons pilot was launched.

India's Cybersecurity Policy Framework

India's cybersecurity governance is structured around two key policy documents: the National Cyber Security Policy, 2013 and the evolving National Cyber Security Strategy (the 2020 draft has not been formally released as of 2026). The government has also established the National Cyber Coordination Centre (NCCC) for threat monitoring.

  • National Cyber Security Policy, 2013: India's first comprehensive cybersecurity policy; established the framework for CII protection, NCIIPC, and a cybersecurity ecosystem
  • National Cyber Coordination Centre (NCCC): Operational under MeitY (Ministry of Electronics and Information Technology); provides real-time threat monitoring and analysis
  • Cyber Surakshit Bharat initiative: MeitY programme to build cybersecurity awareness and capacity in government departments
  • Personal Data Protection Act, 2023 (Digital Personal Data Protection Act): Governs data handling but is separate from critical infrastructure protection
  • Global context: The ICAO (International Civil Aviation Organisation) has issued guidance on GNSS threats, requiring member states including India to address spoofing vulnerabilities in aviation

Connection to this news: The airport GPS spoofing incidents exposed gaps in India's aviation cybersecurity posture — the pilot solution by 63 Moons aims to address the detection and mitigation layer that current policy frameworks require airports to implement but had not yet deployed.

Key Facts & Data

  • GPS spoofing detected at Indian airports: December 2025 (Delhi, Mumbai, Bengaluru among 8 airports affected)
  • 63 Moons Technologies: Mumbai-based technology conglomerate; its cybersecurity arm is conducting the airport pilot
  • NCIIPC: established under IT Act 2000 Section 70A; operates under NTRO/PMO
  • CERT-In: established under IT Act 2000 Section 70B; nodal cybersecurity incident response agency
  • Galileo OSNMA (Open Service Navigation Message Authentication): deployed 2025 — allows receivers to verify signals cryptographically
  • GPS spoofing range: positional jumps of 50 to several hundred miles possible
  • RAIM (Receiver Autonomous Integrity Monitoring): primary onboard GPS integrity check method in commercial aviation
  • IT (Amendment) Act, 2008: Section 66F (Cyber Terrorism) penalty — life imprisonment
  • ICAO membership: India is a founding member (Chicago Convention, 1944)