Aerospace Cyber Defenders Unlock New Challenges at Embry-Riddle Capture-the-Flag Contest

Students sit in front of computers participating in a capture-the-flag competition at Embry-Riddle
More than 80 students participated in a capture-the-flag competition at the fourth Aviation Cyber Initiative Cyber Rodeo at Embry-Riddle’s Daytona Beach Campus. (Photo: Embry-Riddle/David Massey)

Seth Robbins /

Feb 20, 2026, 10:02 AM

For today’s cybersecurity students, focused on digital tools, physical locks are something seldom encountered. But at Embry-Riddle Aeronautical University’s recent capture-the-flag competition, they had to pick them open.

The challenge was organized by Randall Brooks, chief engineer for product security at RTX, one of the world’s largest aerospace and defense companies. “We want students to understand how a simple lock works and how one would go about looking for a deficiency in a lock,” he said.  

The capture-the-flag competition was the highlight of the fourth Aviation Cyber Initiative (ACI) Cyber Rodeo at Embry‑Riddle’s Daytona Beach Campus. Held under the auspices of the Center for Aerospace Resilient Systems (CARS), the two-day event took place this month and included technical demonstrations, poster presentations and recruiting sessions. The top student performers and teams in the competition earned $10,000 in prizes sponsored by RTX.

“We really want to reinforce what’s being done at Embry-Riddle,” Brooks said. “We do our own (capture the flags) for our own training exercises because we think it’s a great way to help reinforce and learn.”

A row of students in front of computers for a aviation-focused capture-the-flag competition.
Students in the Department of Cyber Intelligence and Security at the Prescott Campus developed the challenges for the hypothetical airport attack scenario.(Photo: Embry-Riddle/David Massey)

Much of the capture-the-flag competition requires teams to earn points by defending against a worst-case scenario in which hackers have attacked a major airport. The challenges begin with securing compromised digital door locks, ticket systems and airline kiosks, as well as bringing baggage handling ramps and autonomous vehicles back online.

The students then need to regain control of in-cabin entertainment systems. Finally, they take on the roles of pilots and air traffic controllers who must contend with fake signals that confuse navigation systems, causing aircraft to display incorrect positions and altitudes.

Participants in the capture-the-flag competition learn the “application of computer science and cybersecurity within specific systems in the aviation ecosystem, and, just as importantly, the application of aviation domain knowledge to shape and strengthen cybersecurity solutions,” said Dr. Krishna Sampigethaya, professor and chair of the Department of Cyber Intelligence and Security. “They can’t get that anywhere else.”

Sampigethaya, Jesse Chiu, an assistant professor in the same department, and their students at the Prescott Campus developed the challenges for the hypothetical airport cyberattack.

While such a wide-ranging attack has fortunately never occurred, elements of the scenarios presented in the challenges have played out. Last year, a ransomware attack disrupted major European airports for several days. The jamming and spoofing of GPS signals have flummoxed cockpit systems.

“These are not hypothetical risks,” Sampigethaya said. “They are real-world threats that we can model, study and prepare for in this environment.”

Industry partners — including RTX, Boeing, Airbus and Riverside Research — expanded the scope of the competition with their own challenges.

Student interacts with an avionics test bed.
Students take on the roles of pilots and air traffic controllers who must contend with fake signals that confuse navigation systems, causing aircraft to display incorrect positions and altitudes. (Photo: Embry-Riddle/David Massey)

Sean Crouse, assistant professor of Graduate Studies in the College of Aviation at the Daytona Beach Campus and associate director of the Center for Aerospace Resilient Systems, said these challenges help students understand the immediate objectives of the aerospace community, “so that they can become the next generation of professionals who move into industry and protect our critical infrastructure.”

Stanley Seid, a private security engineer for Boeing, stood behind models of plane cabins with LED lights flashing in various colors. The challenge introduced students to a simplified version of a protocol, Seid said, that is becoming widely adopted by industry.  

“We aim to grow the understanding of avionics protocols to build resilient systems,” he added.

Anthony Wirsing, a senior pursuing his bachelor’s degree in Computer Science with a concentration in cybersecurity engineering, participated in the competition for the third year in a row.

“It’s exciting because every year there are new attack vectors that these professionals have to defend against,” he said.

Thirty-three teams made up of 82 students competed in the competition, including four teams from the University of Central Florida. UCF’s “Knightsec” team placed first for the second year in a row. Tom Nederost, a senior instructor in the computer science department at UCF, said that even though his students are not versed in aviation, “this shows them that they have a potential for a job in aerospace-related cybersecurity.”

A team from the national security nonprofit Riverside Research had students try to get a drone’s propellers to spin. The challenge explored the Heartbleed bug — an infamous internet security flaw exposed in 2014 — and packet injection attacks. Thomas Bailey, a research manager with the Secure and Resilient Systems group at Riverside Research, said that students rarely get to interact with operational hardware to learn how to actively defend against this style of attack.

“It’s a realistic scenario that is very reminiscent of some of these attacks that we are actually seeing out in the theater today,” he said.