For a brief window this month, the official clocks that quietly coordinate the Internet’s heartbeat slipped out of sync. After a power outage hit key servers in Colorado, the National Institute of Standards and Technology warned that several of its Internet Time Service systems might have been serving slightly wrong timestamps, raising uncomfortable questions about how much of the digital world depends on a few rooms full of hardware in Boulder. The discrepancy was measured in microseconds, not minutes, but the incident exposed just how fragile “exact time” can be when a single campus loses power.
How a Colorado blackout knocked the U.S. timekeeper off beat
The chain of events started with a severe windstorm that cut electricity to the NIST campus in Boulder, Colorado, where the primary U.S. time scale is maintained. Backup generators were supposed to bridge the gap, but one of those generators failed, leaving some systems without a clean path back to their atomic reference and forcing operators to scramble to keep the clocks aligned. A detailed Report on the Colorado Power Outage Throws Off Official U S Time lists this power disruption among its Key Points and notes that the outage directly affected NIST in Boulder.
Even as the lights flickered, the underlying atomic clocks did not simply stop. According to coverage that explains how All of the atomic clocks continued ticking thanks to battery backup systems, the real problem was the infrastructure that distributes their time to the outside world. When power was cut to the facility on Wednesday and the NIST Internet Time Service listserv switched to a back-up generator, as described in a local account of When a power outage in the Boulder area affects the atomic clock, the system that feeds time to the Internet suddenly had less redundancy than its designers intended.
From atomic clocks to browser clocks: what NIST’s Internet Time Service does
To understand why a local blackout matters globally, it helps to look at what NIST’s Internet Time Service actually is. The National Institute of Standards and Technology runs a network of public servers that answer time requests from computers, phones, routers, and industrial systems, translating the output of its atomic clocks into timestamps that ordinary devices can use. The agency describes this infrastructure in its own overview of the Internet Time Service, which explains how NIST distributes time and frequency information over the Internet.
Most people never see these servers directly, because operating systems quietly query them in the background. NIST explicitly encourages users to Set their computer clock via the Internet using tools built into the operating system, and it notes that the Internet Time Service is widely used for authenticated NTP, the Network Time Protocol that underpins secure timekeeping. That means a glitch in Boulder does not just affect a few lab instruments, it can ripple into everything from Windows laptops to Cisco switches that rely on NIST’s signals to stay in lockstep.
How far off did official time drift?
For all the drama of a national timekeeper losing power, the actual error was tiny by human standards. After engineers restored power and reconnected systems to their reference clocks, they found that NIST’s primary time scale had drifted by roughly 4.8 to 5 microseconds relative to Coordinated Universal Time, the international standard. One detailed technical write-up notes that NIST was about 5 μs off UTC after the power cut at Their facility in Boulder Colorado, even though they have backup generators.
Another analysis of the incident quantifies the deviation even more precisely, reporting that a power outage caused NIST’s NTP server to deviate from UTC by less than 0.000005 seconds. That figure, which corresponds to 5 microseconds, is so small that it would not even register for human perception, but in the world of high frequency trading, satellite navigation, and cryptographic logging, it is a measurable blip that engineers cannot ignore.
Why NIST warned that Internet time might be wrong
Once NIST realized that some of its systems had lost their clean reference to the atomic clocks, it moved to alert users that timestamps coming from certain servers might not be trustworthy. The National Institute of Standards and Technology publicly warned that several of its Internet Time Service servers could be inaccurate after the power failure at its Boulder campus, explaining that the affected machines were used for authenticated NTP and that they no longer had an accurate time reference. That warning is detailed in a report on how The National Institute of Standards and Technology raised concerns about its Boulder time servers after the outage.
Separate coverage of the same episode notes that NIST confirmed several public time servers lost their atomic reference signal when a generator failure interrupted the distribution system that feeds the Internet Time Service. In that account, Dec is cited as the period when NIST acknowledged that some servers may have lapsed, and it emphasizes that the disruption affected the infrastructure that feeds the Internet Time Service used by countless devices. By flagging the issue quickly, NIST effectively told network administrators to treat its Boulder-based time sources with caution until they could be fully verified.
Inside the NTP failure: generators, drift, and attempted shutdowns
The technical failure that let drift creep into NIST’s time distribution chain was not the atomic clocks themselves, but the support systems around them. Reports on the outage explain that the NTP infrastructure at addresses such as ntp-b.nist.gov was supposed to ride through the blackout on backup power, but one of the generators failed, preventing the NTP system from delivering accurate time for a period. A detailed breakdown of the incident notes that However, one of the generators failed, which put the NTP primary time scale at risk and created a problem in general use.
Once engineers saw that the time scale was no longer perfectly aligned, they tried to limit the damage by pulling affected servers out of rotation. One account describes how NIST tried to pull the pin on NTP servers after the blackout caused atomic clock drift, highlighting the operational decision to stop serving potentially wrong time rather than let the error propagate. That same analysis, hosted on a financial news platform, underscores that NIST and its NTP infrastructure were responding to a power outage in Boulder that had pushed the official time scale away from zero.
What a few microseconds mean for security and infrastructure
For most people, a 5 microsecond discrepancy is academic, but for the systems that quietly depend on NTP, it can have real consequences. If NTP is not working properly, outcomes can include difficulties authenticating between systems, meaning applications can become unreliable or even fail outright when they cannot agree on the order of events. A detailed warning about these risks notes that If NTP is not working, systems that rely on synchronized time to authenticate and log events can quickly run into trouble.
That is why NIST and other time providers treat even microsecond-level drift as a serious operational issue. In the same family of reports, engineers explain that the NTP server deviation from UTC was kept under 0.000005 seconds and that the error was small enough not to be a problem in general use, but they still moved to correct it and to steer clients toward other sources of time information. A follow-up analysis of the generator failure reiterates that NTP remained broadly usable, yet the incident served as a reminder that security protocols, financial trades, and industrial controls all assume that their clocks are telling the same story.
How NIST framed the incident and reassured the public
Publicly, NIST has tried to strike a balance between transparency about the glitch and reassurance that the impact was limited. In statements to local outlets, the agency emphasized that the drift would not even register for most users and that subscribers to its mailing lists were alerted through established channels as soon as the problem was detected. One detailed account notes that When NIST spoke to local media, it highlighted that the NIST-F4 atomic clock remains a “standard of accuracy” in timekeeping and that the Boulder incident followed another disruption that had already been resolved at the campus.
At the same time, NIST has continued to promote its Internet Time Service as a reliable way to synchronize devices, pointing users to its documentation and support channels. The agency maintains a mailing list hosted on Google for updates about the Internet Time Service, and it stresses that its servers remain a cornerstone of authenticated NTP for government, industry, and the public. By acknowledging the outage, quantifying the drift, and explaining the safeguards in place, NIST is effectively arguing that a brief, microsecond-scale wobble does not undermine the broader trust in its role as the nation’s timekeeper.
What the blackout reveals about the fragility of “official” time
Stepping back from the microsecond numbers, the Colorado outage is a case study in how concentrated the infrastructure for “official” time really is. A single campus in Boulder hosts the primary U.S. time scale, and while there are redundant clocks and backup generators, the incident shows that cascading failures can still push the system out of its comfort zone. The narrative laid out in the report on how a power outage in Colorado caused U.S. official time to be 4.8 microseconds off, which credits Sherman and Jacobson at the National Institute of Standards and Technology, underscores that the U.S. government calculates official time by combining measurements from multiple atomic clocks in Boulder and other countries.
In that sense, the blackout is less a story about catastrophic failure than about the limits of resilience in a highly centralized system. The fact that all of the atomic clocks kept running on batteries, that the drift was held to under 0.000005 seconds, and that NIST moved quickly to warn users and adjust NTP servers, suggests that the safeguards largely worked as designed. Yet the need for those warnings, and the scramble to pull affected servers offline, will likely fuel calls for more geographically distributed time sources, more independent verification by large cloud providers, and perhaps a more diversified ecosystem of time authorities beyond a single campus in Boulder.
More from MorningOverview