The Time Security SIG helps the global FIRST community defend the integrity of time — both the time sources our systems depend on every day, and the 2036–2038 epoch rollovers approaching on a fixed deadline. By coordinating research, testing, and outreach, the SIG connects CSIRTs, PSIRTs, vendors, researchers, and standards bodies to strengthen resilience across critical infrastructure. Our goal is to ensure the world's clocks keep running securely, long past 2038.
Unlike Y2K (which had global mobilisation and years of preparation), the 2036–2038 rollovers lack a coordinated response, yet affect systems from IT to OT, from infrastructure to defence, at planetary scale.
Time integrity is foundational to security. This SIG exists because that foundation is about to be tested.
Founded by co-chairs Trey Darley and Pedro Umbelino to carry the 2038 problem into FIRST, the SIG launched with a kick-off BoF at the Copenhagen AGM and has since grown to more than sixty participants drawn from a wide range of industries and countries. It now helps carry the ITU-T Study Group 17 Technical Paper on 2038-class rollover events (XSTP.epoch, text agreed at the June 2026 SG17 plenary in Geneva), coordinates with the newly approved IEEE P4150 (a new standards project to develop a Recommended Practice for assessing and documenting rollover preparedness) and has stood up its first sub-working group (on supply-chain assurance), with more to follow.
XSTP.epoch is built to be revised on a rolling six-month cadence, in step with the ITU-T SG17 plenary schedule, so it remains a current account of a fast-moving landscape rather than a single snapshot. As remediation efforts pick up, much of the SIG's value lies in collecting, collating, analysing, and disseminating the most accurate, up-to-date picture each cycle (including a shared map of which groups are doing which work, and where) so that effort across the community is coordinated rather than duplicated.
The SIG focuses on three critical epoch rollovers:
Alongside these dated events, the SIG also addresses present-day threats to time integrity, via the manipulation or spoofing of the NTP and GNSS/GPS sources these same systems rely on.
Priority Sectors: Aviation; maritime; energy; healthcare; telecommunications; financial services; defence; and industrial control systems.
The Time Security SIG raises awareness of the 2036–2038 epoch rollovers (the 'Epochalypse') and promotes resilience in time synchronisation across critical systems.
Its mission is to:
The Time Security SIG coordinates with the Epochalypse Project (the plain-language public face of this work) to keep outreach and technical guidance aligned and grounded in operational reality.
The Time Security SIG aims to:
The clock is counting down. This SIG provides the coordination infrastructure FIRST teams need to be ready before 2036.
Any FIRST member may join; others are welcome as well, subject to approval by the SIG chairs.
And in 2038? We'll measure our success by how ready the community feels, and by the quality of the party we throw at that year's FIRST Annual Conference!