Time SIG

The Time Security SIG exists to help the global FIRST community prepare for the 2036–2038 epoch rollovers. By coordinating research, testing, and outreach on time integrity, the SIG connects CSIRTs, vendors, and standards bodies to strengthen resilience across critical infrastructure. Our goal: ensure the world’s clocks keep running — securely — long past 2038.

Mission

The Time Security SIG will raise awareness of the 2036–2038 epoch rollovers (the ‘Epochalypse’) and promote resilience in time synchronization across critical systems.

Its mission is to:

• Identify where critical systems rely on fragile timekeeping
• Communicate the risks posed by upcoming epoch rollovers
• Equip FIRST teams with practical guidance for time integrity: authenticated sources, resilient architectures, and verifiable controls

The Time Security SIG will coordinate with the Epochalypse Project (https://epochalypse-project.org) to ensure public outreach and technical guidance remain aligned and grounded in operational reality.

Unlike Y2K—which had global mobilization and years of preparation—the 2036–2038 rollovers lack coordinated response, yet affect systems from IT to IoT, from infrastructure to defense, at planetary scale.

Time integrity is foundational to security. This SIG exists because that foundation is about to be tested.

Goals & Deliverables

Goals

The Time Security SIG aims to:

1. Enable FIRST teams to assess 2036–2038 rollover risks in their infrastructure
2. Create a knowledge base for sharing sector-specific vulnerabilities and mitigation strategies
3. Establish coordination channels among CSIRTs, vendors, and standards bodies
4. Reduce time-to-remediation through shared intelligence and validated mitigation patterns

Scope

The SIG will focus on three critical epoch rollovers:

• NTP Era 1 Rollover (07 February 2036)
• Unix time_t Rollover (19 January 2038)
• GPS Week Number Rollover (20 November 2038)

Priority Sectors: Aviation; maritime; energy; healthcare; telecommunications; financial services; defense; and industrial control systems.

Year One Deliverables

Plans are just a fiction we tell ourselves while life comes at us. The SIG aims to deliver, modulo actual volunteer capacity:

Q1-Q2 2026:

• Launch community platform (FIRST portal or dedicated workspace)
• Publish initial threat brief: "2036–2038 Epoch Rollovers for CSIRTs"
• Establish monthly coordination calls (timing to be determined based on member availability)

Q3-Q4 2026:

• Release Time Integrity Assessment Questionnaire (self-assessment tool)
• Publish 2-4 Sector Risk Briefs
• Launch collaborative knowledge base (wiki format, version-controlled)
• Create Outreach Toolkit: slide deck + FAQ + one-pager for internal briefings

Ongoing:

• Monthly call notes and recordings (published within 7 days)
• Quarterly "State of Time Security" summary (tracking progress, new disclosures)
• Coordination with Epochalypse Project, IETF, ITU-T, OASIS, and other standards bodies

Success Metric (Year One)

• 15+ organizations actively participating in monthly calls
• 100+ downloads of assessment questionnaire
• 5+ sector-specific risk briefs contributed by member organizations
• 3+ coordinated vulnerability disclosures handled through SIG channels

Longer-Term Vision (Years 2–3 Focus)

• Develop tabletop exercise scenarios for 2036–2038 rollovers
• Coordinate cross-sector testing (simulated rollover exercises)
• Publish Time Integrity Playbook
• Establish relationships with national CERTs and regulatory bodies
• Establish a coordinated vulnerability bounty program for time integrity bugs (in partnership with security research community)
• Track global remediation progress (vendor patches, standards updates)

The clock is counting down. This SIG provides the coordination infrastructure FIRST teams need to be ready before 2036.

And in 2038? We'll measure our success by how ready the community feels — and by the quality of the party we throw at that year's FIRST Annual Conference!

Meetings

• At the Annual Conference (in person)
• Monthly (virtually)

Chairs

• Trey Darley
• Pedro Umbelino

Membership

Any FIRST member may join, others are welcome as well, requests must be approved by the SIG chairs.

Request to Join

• Initiatives
  • Special Interest Groups (SIGs)
    • SIGs Framework
    • Academic Security SIG
    • AI Security SIG
    • Automation SIG
    • Cybersecurity Communications SIG
    • Common Vulnerability Scoring System (CVSS-SIG)
      • Calculator
      • Specification Document
      • User Guide
      • Examples
      • Frequently Asked Questions
      • CVSS v4.0 Documentation & Resources
        • CVSS v4.0 Calculator
        • CVSS v4.0 Specification Document
        • CVSS v4.0 User Guide
        • CVSS v4.0 Examples
        • CVSS v4.0 FAQ
      • CVSS v3.1 Archive
        • CVSS v3.1 Calculator
        • CVSS v3.1 Specification Document
        • CVSS v3.1 User Guide
        • CVSS v3.1 Examples
        • CVSS v3.1 Calculator Use & Design
      • CVSS v3.0 Archive
        • CVSS v3.0 Calculator
        • CVSS v3.0 Specification Document
        • CVSS v3.0 User Guide
        • CVSS v3.0 Examples
        • CVSS v3.0 Calculator Use & Design
      • CVSS v2 Archive
        • CVSS v2 Complete Documentation
        • CVSS v2 History
        • CVSS-SIG team
        • SIG Meetings
        • Frequently Asked Questions
        • CVSS Adopters
        • CVSS Links
      • CVSS v1 Archive
        • Introduction to CVSS
        • Frequently Asked Questions
        • Complete CVSS v1 Guide
      • JSON & XML Data Representations
      • CVSS On-Line Training Course
      • Identity & logo usage
    • CSIRT Framework Development SIG
    • Cyber Insurance SIG
      • Cyber Insurance SIG Webinars
    • Cyber Threat Intelligence SIG
      • Curriculum
        • Introduction
        • Introduction to CTI as a General topic
        • Methods and Methodology
        • Priority Intelligence Requirement (PIR)
        • Source Evaluation and Information Reliability
        • Machine and Human Analysis Techniques (and Intelligence Cycle)
        • Threat Modelling
        • Training
        • Standards
        • Glossary
        • Communicating Uncertainties in CTI Reporting
      • Webinars and Online Training
      • Building a CTI program and team
        • Program maturity stages
          • CTI Maturity model - Stage 1
          • CTI Maturity model - Stage 2
          • CTI Maturity model - Stage 3
        • Program Starter Kit
        • Resources and supporting materials
    • Detection Engineering & Threat Hunting SIG
    • Digital Safety SIG
    • DNS Abuse SIG
      • Stakeholder Advice
        • Detection
          • Cache Poisoning
          • Creation of Malicious Subdomains Under Dynamic DNS Providers
          • DGA Domains
          • DNS As a Vector for DoS
          • DNS Beacons - C2 Communication
          • DNS Rebinding
          • DNS Server Compromise
          • DNS Tunneling
          • DoS Against the DNS
          • Domain Name Compromise
          • Dynamic DNS (as obfuscation technique)
          • Fast Flux (as obfuscation technique)
          • Infiltration and exfiltration via the DNS
          • Lame Delegations
          • Local Resolver Hijacking
          • Malicious registration of (effective) second level domains
          • On-path DNS Attack
          • Stub Resolver Hijacking
          • Spoofing of a Registered Domain
          • Spoofing of Unregistered Domains
      • Code of Conduct & Other Policies
      • Examples of DNS Abuse
    • Ethics SIG
      • Ethics for Incident Response Teams
    • Exploit Prediction Scoring System (EPSS)
      • The EPSS Model
      • Data and Statistics
      • User Guide
      • EPSS Research and Presentations
      • Frequently Asked Questions
      • Who is using EPSS?
      • Open-source EPSS Tools
      • API
      • Related Exploit Research
      • Blog
        • Understanding EPSS Probabilities and Percentiles
        • Log4Shell Use Case
        • Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities
      • Data Partners
    • FIRST Multi-Stakeholder Ransomware SIG
    • Human Factors in Security SIG
    • Industrial Control Systems SIG (ICS-SIG)
    • Information Exchange Policy SIG (IEP-SIG)
    • Information Sharing SIG
      • Malware Information Sharing Platform
    • Law Enforcement SIG
    • Malware Analysis SIG
      • Malware Analysis Framework
      • Malware Analysis Tools
    • Metrics SIG
      • Metrics SIG Webinars
    • NETSEC SIG
    • Public Policy SIG
    • PSIRT SIG
    • Red Team SIG
    • Security Lounge SIG
    • Security Operations Center SIG
    • Threat Intel Coalition SIG
      • Membership Requirements and Veto Rules
    • Time SIG
    • Traffic Light Protocol (TLP-SIG)
    • Transportation and Mobility SIG
    • Vulnerability Coordination
      • Multi-Party Vulnerability Coordination and Disclosure
      • Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure
    • Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
      • Vulnerability Database Catalog
    • Women of FIRST
  • CCB Initiatives
  • FIRST CORE
    • Sponsorship Opportunities
  • Internet Governance
  • IR Database
  • Fellowship Program
    • Application Form
  • Mentorship Program
  • IR Hall of Fame
    • Hall of Fame Inductees
  • Victim Notification
  • Volunteers at FIRST
    • FIRST Volunteers
  • Previous Activities
    • Best Practices Contest