Further reading#

A curated, informative selection drawn from the XSTP.epoch Technical Paper and the FIRST Time Security SIG's reference tracking — chosen to let a practitioner check the load-bearing claims across this site. It is not a full bibliography.

Introductions for a general audience
Foundations and protocols
Recent empirical work
Documented incidents and advisories
Safety-critical and industrial standards
Framing and systems theory
Institutional context

Introductions for a general audience#

Epsiloon, n°57 (early 2026), Le bug de l'an 2038. A readable, general-audience introduction in French, with interviews from people working on the problem — good to hand to non-specialist colleagues or leadership. (https://www.epsiloon.com/tous-les-numeros/n57/le_bug_de_l_an_2038/) #

Foundations and protocols#

Lamport, L. "Time, Clocks, and the Ordering of Events in a Distributed System." Communications of the ACM, 21(7), 1978. #
Lamport, L., Shostak, R., and Pease, M. "The Byzantine Generals Problem." ACM Transactions on Programming Languages and Systems, 4(3), 1982. #
Mills, D. L., et al. RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification. IETF, 2010. (https://www.rfc-editor.org/rfc/rfc5905) #
Franke, D., et al. RFC 8915: Network Time Security for the Network Time Protocol. IETF, 2020. (https://www.rfc-editor.org/rfc/rfc8915) #
Malhotra, A., et al. "Attacking the Network Time Protocol." NDSS Symposium, 2016. #
The GNU C Library Developers. Y2038 Proofness and the time_t Transition. (https://sourceware.org/glibc/wiki/Y2038ProofnessDesign) #

Recent empirical work#

Moura, G. C. M., et al. "Deep Dive into NTP Pool's Popularity and Mapping." Proc. ACM on Measurement and Analysis of Computing Systems (SIGMETRICS), 2024. The established measurement baseline for the public time-service ecosystem. (https://doi.org/10.1145/3639041) #
Huppert, P. A., et al. Big Time: Characterizing Large Time Service Providers. SIDN Labs technical report, December 2025. Characterises the major public NTP providers and finds widespread best-practice gaps. (https://www.sidnlabs.nl/downloads/4ZYbgAM6xtydn2DCkwMctt/8e9a3d7793e620ae2096bd24ba173399/BigTime_Characterizing_Large_Time_Service_Providers_tech_report_20251201.pdf) #
Konjerla, S., et al. Are NTP Clients Always Right? Evaluating NTP Clients under Normal and Attack Scenarios. SIDN Labs / TU Delft technical report, October 2025. The client-side companion to Big Time: whether server-side correctness survives contact with real clients. (https://www.sidnlabs.nl/downloads/7M1bz1otGu0D7hqr0hRT2c/3bc09536c3bc87f63b80d66944abc1d9/ntp-clients-tech_report-20251016.pdf) #

Documented incidents and advisories#

CISA ICS Advisory ICSA-25-296-03 (CVE-2025-55067): improper handling of Unix time past the 2038 rollover in an automatic tank gauge (ATG), 2025. (https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-03) #
Tribunal administratif de Paris, decision of 13 November 2025 (RATP / Alstom dispute concerning 2038-class exposure in rail rolling stock; decision under appeal). #
GPS week-number rollover, 6 April 2019: documented disruption to GPS-derived timing and to aviation — Honeywell flight-management software caused a flight delay and cancellations where firmware was unpatched. The precedent for the 20 November 2038 GPS rollover. (https://www.gps.gov/news/gps-week-number-rollover) #
Lions, J. L. Ariane 5 Flight 501 Failure: Report by the Inquiry Board. European Space Agency, 1996. (A non-time overflow, included as the canonical case for why in-situ testing cannot be replaced by simulation.) #

Safety-critical and industrial standards#

IEC 62443 series. Industrial communication networks — Network and system security. (https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards) #
IEC 61508 / IEC 61511. Functional safety of electrical/electronic/programmable electronic safety-related systems; the process-sector application is 61511. (ISA/IEC 61511-1: https://www.isa.org/products/ansi-isa-61511-1-2018-iec-61511-1-2016-amd1-2017-c) #

These are paid standards; the links resolve to ISA's purchase and landing pages.

Framing and systems theory#

Bursell, M. Trust in Computer Systems and the Cloud. Wiley, 2021. (Grounding for how trust is defined and operationalised in computing — the foundation a temporal root of trust rests on.) (https://doi.org/10.1002/9781119695158) #
Hayes, B. Infrastructure: A Guide to the Industrial Landscape. W. W. Norton, 2014. (The taxonomy underlying the paper's cross-sector survey.) #
Perrow, C. Normal Accidents: Living with High-Risk Technologies. Princeton University Press, 1999. #
Tainter, J. A. The Collapse of Complex Societies. Cambridge University Press, 1988. #
Westrum, R. "A Typology of Organisational Cultures." Quality and Safety in Health Care, 13(Suppl 2), 2004. (The pathological / bureaucratic / generative typology of how organisations handle warning signs — the information-flow lens behind why exposure goes unreported.) (https://www.researchgate.net/publication/8150380_A_Typology_of_Organisational_Cultures) #

Institutional context#

ITU / UNDRR / Sciences Po PSIA. When digital systems fail: An expert report on the hidden risks of our digital world. May 2026. (https://www.itu.int/hub/publication/s-rep-wtisd-2026/) #