In 2025, a commercial flight over the Eastern Mediterranean received GPS position data placing the aircraft 50 nautical miles from its actual location. The crew identified the anomaly through cross-referencing with other navigation systems and applied the correct mitigating procedures. Not every crew does.
This is the new operational reality for pilots. Cyber threats are no longer a concern for IT departments — they are a cockpit issue, happening in real time, in European airspace, on commercial and general aviation flights alike.
What is GPS Spoofing, and Why Does It Matter to Pilots?
GPS spoofing is a cyberattack in which a malicious signal overrides or replaces legitimate GPS/GNSS satellite signals received by an aircraft’s navigation systems. Unlike GPS jamming — which simply blocks the signal — spoofing actively feeds false data. The aircraft’s Flight Management System (FMS) accepts the data as real and updates position, heading and timing accordingly.
Since 2022, spoofing and jamming incidents have increased dramatically in several European and Middle Eastern regions, particularly around the Eastern Mediterranean, the Black Sea, the Baltic States and the Finnish border with Russia. EASA has issued multiple Safety Information Bulletins (SIBs) documenting these events, including SIB 2022-02 (revised), which specifically addresses the impact on aircraft navigation systems.
For pilots, the practical consequences include: unexpected RAIM alerts, FMS position jumps, discrepancies between GPS and other navigation aids, potential loss of RNP and RNAV approaches, and in some cases, automated system responses that require immediate crew intervention.
EASA Part-IS: What It Means for Pilots Right Now
EASA Part-IS (EU Regulation 2023/203) came into force in February 2024. It establishes mandatory Information Security Management System (ISMS) requirements for aviation organisations — including airlines, air operators and approved training organisations.
The regulation requires organisations to identify information security risks, implement controls, and — critically — ensure that their personnel, including flight crew, receive appropriate information security training and awareness. This is a regulatory shift, not a trend: European airlines are now legally obligated to build cybersecurity competency into their operations.
For individual pilots, this translates into a concrete professional opportunity: those who can demonstrate cybersecurity competence — particularly as it applies to operational flight systems — are ahead of the curve on what airlines will increasingly require.
The 5 Cyber Threats Pilots Need to Understand Today
1. GNSS/GPS Spoofing and Jamming
As described above, this is the most operationally immediate threat. Pilots must know how to recognise the symptoms — cross-checking position data, identifying RAIM failures, applying published procedures — and how to report incidents through the correct channels.
2. EFB (Electronic Flight Bag) Vulnerabilities
EFBs are increasingly connected devices — receiving weather data, NOTAM updates, charts and performance calculations via Wi-Fi or cellular networks. The FAA’s Advisory Circular AC 120-76D provides guidance on EFB security, covering account management, application vetting, software updates and data integrity. A compromised EFB is a compromised decision-support tool.
3. ACARS Vulnerabilities
The Aircraft Communications Addressing and Reporting System (ACARS) transmits operational data — clearances, weather, ATIS, performance updates — between aircraft and ground stations. Security researchers have demonstrated that ACARS signals can be intercepted and potentially manipulated. Pilots who understand this vulnerability can apply appropriate scepticism to unexpected or anomalous ACARS messages.
4. SATCOM and Onboard Wi-Fi Network Risks
Modern aircraft operate multiple connected networks: passenger Wi-Fi, crew devices, and critical avionics systems. Although these networks are designed to be separated, misconfigurations or supply chain vulnerabilities have demonstrated that the separation is not always absolute. Understanding the architecture helps pilots make informed decisions about connectivity practices.
5. Social Engineering and Phishing Targeting Crew
Pilots are high-value targets for social engineering attacks — they hold valid credentials, access sensitive operational systems, and are often away from their home base, creating vulnerability windows. Awareness of phishing tactics, credential hygiene and secure communication practices is a basic professional competency in 2026.
How Cybersecurity Knowledge Advances a Pilot's Career
Beyond operational safety, there is a direct career differentiation argument for pilots who invest in cybersecurity competence now.
Fleet transitions and Captain upgrades: Airlines integrating new-generation aircraft (A320neo, B787, A350 families) are dealing with unprecedented levels of system connectivity. Pilots who understand the security implications of these systems are more attractive candidates in transition programmes.
Safety and Security management roles: EASA Part-IS creates a demand for pilots who can serve as information security focal points within flight operations departments, bridging the gap between technical IT teams and operational crews.
Instruction and training: Flight instructors (TRIs, CRIs) who incorporate cybersecurity awareness into their training are preparing their students for the regulatory environment they will enter — and demonstrating leadership within their organisation.
The First Aviation Cybersecurity Certificate for Pilots in Portugal
IITA Aviation, in partnership with APPLA (the Portuguese Airline Pilots Association), has developed the Introduction to Aviation Cybersecurity for Pilots — the first and only professional training in aviation cybersecurity designed specifically for pilots in Portugal.
The programme covers GPS/GNSS spoofing and jamming response, EFB security, ACARS and SATCOM vulnerabilities, cyber incident response protocols, and alignment with EASA Part-IS, IATA and ICAO guidelines. It was built by aviation professionals for aviation professionals — not adapted from a generic IT security curriculum.
40 hours of instructor-led online classes | 3x per week, 6:30pm–9:30pm | Roster-compatible | No IT background required
The cohort is deliberately limited to 12 places to ensure interaction quality. Applications opened 14 April 2026.
Frequently Asked Questions
Do I need an IT background to do this course?
No. The programme is designed specifically for pilots, using operational language and cockpit-centred scenarios. No programming, network engineering or prior IT knowledge is required.
Is this course recognised by airlines and aviation authorities?
The curriculum is aligned with EASA Part-IS (EU 2023/203), IATA cybersecurity guidelines and ICAO recommendations — the standards by which European airlines operate. It is endorsed by APPLA, the Portuguese Airline Pilots Association.
Can I complete this alongside an active flying roster?
Yes. Classes run three times per week in the evening (6:30pm–9:30pm), and the programme was specifically designed to be compatible with operational flying schedules.
Why is the cohort limited to 12 pilots?
The small cohort size is a deliberate quality decision. It ensures meaningful interaction between participants and instructors, allows discussion of real operational scenarios, and reflects the peer-learning model that pilots respond to best.
The Bottom Line
Cybersecurity is not coming to aviation. It is already here. The pilots who understand it — who can recognise a spoofing signature, protect their EFB, follow the right incident reporting protocol — are the pilots who are ahead of the regulation, ahead of their colleagues, and ahead of the threats that are already affecting real flights in European airspace.
