A cyber-attack does not always need to steal data or shut systems down to cause damage. Sometimes it only needs to shift the clock.
Researchers at the University of East London (UEL), in collaboration with industry, have identified a critical weakness in the timing systems that keep modern automated industries running - and warn attackers could exploit it to quietly destabilise factories, robotics and other safety‑critical infrastructure. The work is published as a comprehensive analysis of threats to Time‑Triggered Ethernet (TTEthernet) clock synchronisation in the Industrial Internet of Things (IIoT).
The study focuses on Time-Triggered Ethernet, a specialised networking technology used in high-reliability environments where machines must act in perfect synchrony. In smart manufacturing plants, autonomous vehicles and industrial control systems, devices rely on a shared sense of time to coordinate actions within microseconds. If that timing drifts, machines can misinterpret instructions, miss safety signals or behave unpredictably.
According to the research, attackers may not need to break into systems directly. Instead, they can subtly manipulate network latency and timing control messages (for example by delaying Protocol Control Frames) so devices disagree about what time it is - a technique that can degrade determinism and safety while appearing like “normal” jitter.
The research maps a broader threat landscape too - including spoofing, replay and man‑in‑the‑middle attacks, denial‑of‑service floods and compromised nodes - and ranks latency manipulation as the most critical risk because gradual, incremental delays can be hardest to detect and can affect the whole network time base.
Lead author Dr Amin Karami, Associate Professor of Computer Science and Digital Technologies at UEL, said the risk challenges assumptions about industrial cybersecurity.
“Most security defences focus on protecting data, but in highly automated systems timing is just as important as information,” he explained. “If an attacker can influence the network’s perception of time, they can quietly disrupt coordination while everything appears normal.”
The researchers found that while TTEthernet was originally designed to tolerate accidental technical faults, it was not built to withstand intelligent cyber-attacks in today’s interconnected IIoT environments. Subtle ‘delay attacks’ were identified as particularly dangerous because they accumulate gradually and may evade standard detection methods.
To address this, the authors propose an adaptive, four‑layer defence framework. It combines:
The goal is to strengthen security without breaking the microsecond‑level performance requirements of time‑triggered systems.
Dr Karami said protecting synchronisation is essential for safety as automation expands.
“In future factories machines don’t just communicate - they choreograph actions to precise timing,” he said. “Securing that shared clock is fundamental to preventing faults, protecting workers and ensuring industry can trust autonomous systems.”
The research highlights that cyber resilience in advanced industry may depend not only on protecting networks from intrusion, but on safeguarding the invisible timing signals underpinning automated decision-making.
The article, Securing TTEthernet clock synchronisation in the IIoT: A multilayered defence against intelligent cyber‑attacks (Amin Karami and Mogos Anday Gebremedhin) , was published in the peer‑reviewed journal Cluster Computing (Springer Nature).
Cluster Computing
Not applicable
Securing TTEthernet clock synchronization in the IIoT: A multilayered defense against intelligent cyber-attacks
16-Feb-2026