Detection of an unexpected and large time delta, indicating a potential time manipulation attack. Time should be linear with minimal drift therefore detection in deviations of seconds should be detectable.
| ID | Name | Description | |
| EX-0008 | Time Synchronized Execution | Threat actors may develop payloads or insert malicious logic to be executed at a specific time. | |
| EX-0008.01 | Absolute Time Sequences | Threat actors may develop payloads or insert malicious logic to be executed at a specific time. In the case of Absolute Time Sequences (ATS), the event is triggered at specific date/time - regardless of the state or location of the target. | |
| EX-0008.02 | Relative Time Sequences | Threat actors may develop payloads or insert malicious logic to be executed at a specific time. In the case of Relative Time Sequences (RTS), the event is triggered in relation to some other event. For example, a specific amount of time after boot. | |
| EX-0012.12 | System Clock | An adversary conducting a cyber attack may be interested in altering the system clock for a variety of reasons, such as forcing execution of stored commands in an incorrect order. | |
| EX-0014.01 | Time Spoof | Threat actors may attempt to target the internal timers onboard the victim spacecraft and spoof their data. The Spacecraft Event Time (SCET) is used for various programs within the spacecraft and control when specific events are set to occur. Ground controllers use these timed events to perform automated processes as the spacecraft is in orbit in order for it to fulfill it's purpose. Threat actors that target this particular system and attempt to spoof it's data could cause these processes to trigger early or late. | |
| DE-0003.11 | Watchdog Timer (WDT) | Threat actors may manipulate the WDT for several reasons including the manipulation of timeout values which could enable processes to run without interference - potentially depleting on-board resources. | |