Detection of repeated execution of time adjustment commands, which could indicate a malicious process or binary attempting to continuously manipulate on-board time to affect spacecraft operations. For example, in Linux systems, time adjustments are usually performed using more commonly known commands and utilities such as:\ndate: This is used to set or display the system date and time.\nhwclock: This is used to interact with the hardware clock (RTC) on the system.\ntimedatectl: This is used to control and query the system time, timezone, and synchronize the system clock.\nntpd/chrony: These services manage time synchronization with external NTP (Network Time Protocol) servers.\nadjtimex: This command is used to fine-tune the kernel clock to improve time accuracy.
| ID | Name | Description | |
| EX-0012.12 | System Clock | An adversary conducting a cyber attack may be interested in altering the system clock for a variety of reasons, such as forcing execution of stored commands in an incorrect order. | |
| EX-0014.01 | Time Spoof | Threat actors may attempt to target the internal timers onboard the victim spacecraft and spoof their data. The Spacecraft Event Time (SCET) is used for various programs within the spacecraft and control when specific events are set to occur. Ground controllers use these timed events to perform automated processes as the spacecraft is in orbit in order for it to fulfill it's purpose. Threat actors that target this particular system and attempt to spoof it's data could cause these processes to trigger early or late. | |
| DE-0003.11 | Watchdog Timer (WDT) for Evasion | Threat actors may manipulate the WDT for several reasons including the manipulation of timeout values which could enable processes to run without interference - potentially depleting on-board resources. | |