IN Brief:
- Timing synchronisation is being flagged as a weak point in IIoT security.
- Microsecond drift can disrupt robotics and safety systems without data theft.
- Defence manufacturing lines may need clock integrity monitoring as standard.
Cyber attackers do not always need to exfiltrate data or crash systems to cause physical disruption. Research led by the University of East London (UEL) argues that manipulating timing synchronisation inside industrial networks can be enough to destabilise automated environments — including the smart factories now common in defence supply chains.
The work focuses on Time-Triggered Ethernet (TTEthernet) clock synchronisation used in high-reliability environments where devices must operate in tight coordination. In smart manufacturing plants, autonomous vehicles, and industrial control systems, that coordination can be measured in microseconds. If timing drifts, machines can miss safety signals, misinterpret instructions, or behave unpredictably.
UEL’s researchers describe a class of “delay” attacks in which adversaries subtly manipulate network latency and timing control messages so devices begin to disagree about the current time. The risk is that the resulting behaviour may resemble routine jitter rather than an intrusion, making it harder for traditional security monitoring — often tuned to data integrity and access control — to recognise.
“Most security defences focus on protecting data, but in highly automated systems timing is just as important as information,” said Dr Amin Karami, Associate Professor of Computer Science and Digital Technologies at the University of East London. “If an attacker can influence the network’s perception of time, they can quietly disrupt coordination while everything appears normal.”
The research also maps broader threats including spoofing, replay, man-in-the-middle attacks, denial-of-service floods, and compromised nodes, but ranks latency manipulation as especially dangerous because gradual delays can accumulate and undermine determinism across the network.
Defence production lines are built on determinism
Modern defence manufacturing leans heavily on coordinated robotics, machine vision inspection, and safety interlocks that assume predictable timing. That is true in aircraft structures, guided-weapon assembly, and electronics manufacturing, where conveyors, pick-and-place systems, and test stations are orchestrated as a single time-aligned process.
The industrial risk is not merely downtime. Subtle timing drift can create “soft” faults: inspection results that vary run-to-run, torque tools that log the right values at the wrong moment, or robotics that remain inside nominal limits while slowly pushing assemblies out of tolerance. Those outcomes are expensive because they show up later — in rework, scrap, or field failures — rather than as a clean, stoppable incident.
Securing the clock becomes a production requirement
UEL’s proposed mitigation framework combines foundational identity controls, edge-side anomaly detection using AI and machine learning, network-level auditing approaches intended to make timing checkpoints tamper-evident, and cloud-side correlation for broader situational awareness. The underlying message for industry is that clock integrity needs to be monitored as deliberately as network traffic.
For factories, that points towards practical changes: instrumenting timing endpoints, setting acceptable drift thresholds tied to process capability, and ensuring incident response plans include “time health” checks. In deterministic environments, cyber resilience is starting to look like metrology — because time has become another measurement that attackers can poison.
