ADS-B Out Signal Encryption & Anonymization

The Threat: Unsecured Skies, Vulnerable Missions

Picture a Special Operations aircraft flying into a conflict zone under radio silence. It is a crucial mission, requiring stealth to ensure the safety of its crew and the success of its objectives. However, this discretion is undermined by a basic technological vulnerability: the aircraft’s ADS-B (Automatic Dependent Surveillance–Broadcast) transponder. Initially designed to enhance aviation safety by broadcasting aircraft locations, velocities, and identities in real-time, ADS-B has a major flaw: it is completely unencrypted. With just a $50 receiver and a laptop, adversaries can track the aircraft’s movements, anticipating its landing zone and preparing a response. In today’s threat landscape, this scenario is not a hypothetical one—it's been demonstrated repeatedly in intelligence operations worldwide.

Investigative journalists and human rights groups were able to expose covert U.S. rendition flights in the 2000s by using open-source flight data and plane spotters who monitored takeoffs and landings from U.S. bases to foreign destinationsinfamous example, the CIA’s Gulfstream V aircraft, registered as N313P, was tracked flying to Kabul, where it was linked to covert prisoner transfers . This ts achieved without sophisticated surveillance technology—just plane spotter observations, open-source flight logs, and freely accessible data aggregation tools .

Fast forward ADS-B transponders, the problem has escalated. Now, instead of journalists with notepads, it’s tech-savvy adversaries with cheap receivers and global data-sharing networks. This poses serious risks to military and intelligence operations, allowing hostile actors to monitor sensitive flights, adjust their own operations, and exploit unencrypted signals to threaten national security.

How Did We Get Here? The Bureaucratic Maze of ADS-B Implementation

The ADS-B mandate was announced by the FAA in 2010, with full implementation required by 2020. The intention was clear: increase safety and efficiency through better air traffic management. It was a bold vision—one designed to bring about safer skies by making aircraft more visible and predictable to each other and to air traffic controllers. But there was a fatal oversight: Congress mandated ADS-B adoption without assigning any department the task of securing the broadcast signal. The long 10-year implementation period meant that critical encryption requirements were left adrift, with no clear ownership over the solution. By the time the mandate’s deadline loomed in 2019, the vulnerabilities of ADS-B had become glaring, with unauthorized tracking of military, private, and government aircraft now a significant concern.

Even before full mandate compliance was required, aircraft had begun installing ADS-B transponders, making them visible to anyone with a basic ADS-B receiver. As the technology matured, enthusiasts known as “plane spotters” began pooling their collected data into shared databases, further expanding global coverage. Soon, anyone could access global air traffic data, essentially turning the skies into an open-source repository—one that adversaries could easily exploit.

Strike Labs: Taking on the Encryption Challenge

The urgency of securing ADS-B broadcasts came to a head in early 2019 when the FAA’s Blocked Tail Number Program Office reached out to Strike Labs. With just one year left before the mandate would be enforced across the U.S. aviation sector, the FAA needed an innovative solution to secure ADS-B signals without compromising the technology’s safety benefits. Strike Labs, known for its agility in addressing complex problems, was tasked with developing an encryption protocol that would obscure aircraft transmissions while maintaining transparency for authorized entities.

This was a monumental task. We were collaborating with the Blocked Tail Number Program and Dr. Ronald J. Reisman from NASA Ames Research Institute—two organizations deeply embedded in airspace management. The mandate was clear: protect military and private aircraft from unauthorized tracking while preserving real-time situational awareness for air traffic controllers and authorized users. The solution had to be innovative, fast, and seamlessly integrated with existing systems.

The Solution: Rotating ICAO Codes and Signal Encryption

Strike Labs proposed two parallel strategies to tackle ADS-B’s vulnerabilities:

1. Rotating ICAO Codes: By frequently changing the International Civil Aviation Organization (ICAO) code associated with each aircraft, trackers would find it difficult to maintain a consistent identity, making unauthorized tracking harder. This approach would require constant updates but was less disruptive to existing air traffic management infrastructure.

   • Pros: This approach offered a dynamic way to disrupt tracking attempts and could be implemented relatively quickly.

   • Cons: Frequent changes could create confusion among authorized users, requiring additional coordination and updates to the infrastructure.

2. Encrypting ADS-B Signals: A more comprehensive solution, this strategy involved encrypting the data broadcast by ADS-B transponders, making it accessible only to authorized entities.

   • Pros: This approach provided robust security by obscuring sensitive data, ensuring that only authorized parties could decode the signals.

   • Cons: Implementing encryption was complex, requiring extensive updates to aircraft systems, ground receivers, and infrastructure.

The Bureaucratic Hurdle: Why Encryption Hasn’t Been Fully Adopted

Despite the success of the proposed encryption solution, adoption has been limited. The primary reason? Bureaucracy. While Strike Labs presented the technology to the White House and various sensitive defense groups, broader implementation would require coordinated efforts between the Department of Defense (DoD) and the Department of Transportation (DoT). The bureaucratic inertia of these massive organizations, coupled with competing priorities, has stymied progress. Although there are indications that special access programs may be using parts of this technology, nationwide deployment is still stalled.

The experience was an eye-opener for Strike Labs. In one instance, when we reached out directly to the Pentagon, we caught officials by surprise—not only for how we managed to contact them, but for the depth of our civilian expertise in such a niche and complex topic. It underscored both the urgency and the viability of our solution.

The Unfinished Business: Pushing for Encryption Adoption

Despite the roadblocks, Strike Labs remains committed to advancing ADS-B encryption. We believe that the solution is critical not just for military and private aviation, but for national security as a whole. The need for coordination between the DoD and DoT is more pressing than ever. We continue to advocate for its adoption, working tirelessly to build relationships, cut through red tape, and keep this issue in the spotlight.

The journey from idea to implementation in government is often long and fraught with obstacles. But we are not deterred. We see this encryption solution as a vital step toward securing the skies—an effort that aligns with Strike Labs’ mission to tackle the most complex challenges facing our nation.

The Path Forward

The ADS-B encryption saga is a testament to both the potential and the limitations of innovation in government. It’s a story of how a critical security solution was developed under intense pressure, and of the bureaucratic obstacles that have delayed its deployment. But it’s also a story of persistence, of unexpected phone calls to the Pentagon, of meetings at the White House, and of a civilian company working at the cutting edge of defense technology.

At Strike Labs, we’re ready to do more. The stakes are high, and the need is urgent. We will continue to push forward, advocating for ADS-B encryption at every opportunity, until the skies are not just safer, but truly secure.

In aviation, ADS-B (Automatic Dependent Surveillance–Broadcast) was a game changer. It was designed to improve safety by enabling aircraft to broadcast their positions, velocities, and identities to air traffic controllers and nearby aircraft. As a real-time, highly visible technology, ADS-B quickly became an essential part of airspace management. However, this advancement came with a serious problem: the data transmitted was unencrypted and easily accessible. Anyone with basic radio equipment could intercept it, compromising the security of military, commercial, and private flights.