When critical infrastructure relies on GNSS as time source, the threat of GNSS spoofing is a challenge that has increased in recent time. Spoofing attacks can originate from bordering areas or even within national boundaries and pose significant threats, particularly to defence and other mission-critical networks. Unlike jamming, which disrupts signals entirely, spoofing is more insidious and can mislead systems into accepting incorrect timing data and degrade network performance or disabling services altogether. We analyze this in the context of CPNT network approach where the network provides an alternative timing source. During Jammertest in Norway, Erillisverkot and Net Insight have focused on the impact of GNSS spoofing on time synchronization and how it can be mitigated. In Jammertest 2024, there were several lessons learnt on spoofing behaviour and impact in a real-world hostile environment. Based on these findings and the implementation of new functionalities, Jammertest 2025 has in turn given new experiences on how spoofing can be detected, and what strategies can effectively mitigate its effects.  This session will share lessons learned from the field, highlighting how spoofing can be identified through synchronization anomalies and incorporated into performance monitoring. It will also explore how critical networks can build greater resilience by integrating spoofing detection capabilities and alternative time sources into the synchronization strategy.