>> Maria Varmazis: Not to be too cheesy, but talk about going above and beyond. Many satellites put into orbit for purposes like Earth observation, literal decades ago, are still working away, and that's built to last. That's return on investment. That's way, way over time. Meanwhile, many newer satellites just a few years old are already so out of date that they're in need of swapping out. The duality of satellite tech. Today is October 18, 2023. I'm Maria Varmazis, and this is "T-Minus." Canada is putting big money on its next generation of Earth observation satellites. Two payloads aboard the Vega VV23 fail to deploy. India says there's nothing like a deadline to get a crew on the moon. And "T-Minus" is heading to ASCEND in Las Vegas next week. So all this week, we're featuring speakers from the event. And our guest today is Nicolò Boschetti, talking about his research on cybersecurity in space. You'll want to stick around for that one. Onto our intel briefing for today, the Canadian government is making satellite Earth observation a priority and putting its money where its mouth is to the tune of $1.012 billion, Canadian of course. These funds will support a program that the Canadian government is terming RADARSAT+, meant to ensure the continuous access to EO satellite data to all the federal organizations that rely on it. RADARSAT+ will help design and develop a replacement satellite for the existing RADARSAT constellation mission or RCM and design the next-generation satellite system to replace what's currently in use. This is how fast things are moving in satellite tech. The RCM was launched in 2019 with a planned seven-year mission duration. The RCM is a constellation of three identical synthetic aperture radar or SAR satellites. Starting in 2020, the government of Canada and the Canadian Space Agency started looking into the RCM successor through the Earth Observation Service Continuity initiative, with RFPs going out late last year. According to information collected by the European spaceflight website, two of the payloads transported to orbit on the October 9 Vega VV23 flight have failed to deploy. The CubeSat payloads were among 12 carry to orbit aboard the Arianespace-managed Vega VV23 flight. According to reports, it was likely that the CubeSats burned up in the atmosphere still attached to the rocket's upper stage. Arianespace told European space flight that the ESTCube-2 and ANSER liter CubeSats likely failed to separate from their respective deployers. All other payloads are said to be performing nominally. Three German space companies, Rocket Factory Augsburg, Yuri, and ATMOS Space Cargo, have announced a new partnership. The companies are planning to launch a joint end-to-end service called Eva for microgravity life science research and in-orbit product development. The companies believe that Eva will offer a flexible alternative to the International Space Station as a platform for microgravity research. Rocket Factory Augsburg will be responsible for the launch service, including the launch system, infrastructure, outbound logistics, and operational launch campaign. They will be delivering ATMOS Space Cargo's Phoenix capsule with Yuri's Science Taxi to a precise target orbit. Launch campaigns are planned to be carried out from SaxaVord Spaceport in Scotland, UK. The UK Space Agency has announced a new program to help businesses unlock the benefits of satellite data and services. UK SA says global satellite services currently support activity that contribute £370 billion to the UK economy, which is around 17.7% of the nation's GDP. Unlocking space for business is an 18-month program designed to bring untapped benefits from satellites to hundreds of new organizations across the UK. More information can be found through the link in our show notes. Portuguese space traffic management company Neuraspace has partnered with Belgium star-tracking company Arcsec to develop a novel way to detect space debris. The companies are aiming to track smaller objects in space and improve orbit calculations. As part of the partnership, Neuraspace will use data from Arcsec star-trackers to enhance its space traffic management system using AI to generate precise data for risk assessment. India continues to be buoyed by its latest space accomplishments. The country's Prime Minister Narendra Modi has directed India's space agency to aim for a crewed mission to the moon by 2040. Modi directed the Indian Space Research Organization to establish an India space station by 2035. The prime minister called for the development of a roadmap for future moon missions, the construction of a new launch pad, and the setting up of human-centric laboratories. ISRO's first test flight for India's first human spaceflight, Gaganyaan, is scheduled for later this week. The mission aims to demonstrate the country's ability to send crewed space missions. On to some US military contract announcements now, AFWERX, a Technology Directorate of the Air Force Research Laboratory and the innovation arm of the Department of the Air Force has selected Danti for a $1.2 million Direct-to-Phase II contract. The contract focuses on AI power geospatial and broader data search for the Space Force to address the most pressing challenges in the Department of the Air Force. Danti states that it is the first Earth-data search engine to enable expert and non-expert users to pose simple questions about physical places on our planet, to access information generated daily by satellites, drones, analytics firms, social media and more. And SpaceWERX, the innovation arm of the US Space Force and part of AFWERX, has selected scientific systems for a $1.5 million STTR Phase II contract. The contract is part of the SpaceWERX Orbital Prime program. Scientific Solution says its US-RIPTIDE, which stands for Unknown Satellite Realtime Inspection, Pose, Tracking, and IDEntification, focuses on enabling in-space service assembly and manufacturing capabilities. Both the Department of the Air Force and United States Space Force are exploring the technology through the Orbital Prime program. The United States Space Force enterprise has issued a request for information seeking advanced persistent cyber defenses against nation-state threats to operations. The Space Force is looking for a multi-pronged long-term strategy involving a common-ground architecture providing centralized management and control of satellite operations through enterprise ground services. And if you're interested in learning more, we've included the full RFI in our show notes. And defense technology company HawkEye 360 has closed the second and final of the company's Series D-1 funding round with an additional $10 million, bringing the total Series D-1 to $68 million. Investors for the second close included Lockheed Martin Ventures, which is the venture arm of Lockheed Martin Corporation. Hawkeye 360 and Lockheed Martin have also signed a strategic cooperative agreement to further the development of end-to-end remote sensing solutions for government and commercial customers, with a particular focus on delivering radiofrequency intelligence systems globally. That concludes our roundup of today's briefing. We've included a few extra stories on the selected reading section of our show notes on the latest Space ISAC conference and three on new space startups from the US, India, and Singapore. Links can also be found at space.n2k.com, and just click on this episode for more. Hey, "T-minus" crew, if you find this podcast useful, please do us a favor and share a five-star rating and a short review in your favorite podcast app. It'll help other space professionals like you to find the show and join the "T-minus" crew. Thank you so much for your support. We all really appreciate it. "T-minus" producers Brandon Karpf and Alice Carruth are heading to ASCEND in Las Vegas next week. So all week this week, we're featuring speakers from the event. And our guest today is Nicolò Boschetti, who will be speaking about cybersecurity in space at ASCEND. And I started off by asking him about Ground Stations as a Service, and what risks are involved in that?
>> Nicolò Boschetti: When the space activity started, like very few people were launching satellites. And when you launch a satellite, you need the space vehicle and the antennas to communicate with it. Now, in 2023, we still need to communicate with our satellites. Physics is always the same. So we need the radio waves or optics. The problem is, right now, there are a lot of satellites, and space is much more democratic. Many people can send satellites in space without having to build a ground station and then antenna. And this was made possible by the market by the creation of Ground Station as a Service, basically companies that build and run ground station networks all over the globe and sell channel room or like a bandwidth to external customers to communicate with the [inaudible] downlink the data, uplink updates or commands, and then like receive those information from the satellite. This is more or less a Ground Station as a Service in a nutshell.
>> Maria Varmazis: And so when one outsources such an important part of your operations to another, there are inherent risks there. I'm being very general on purpose. I'd rather hear from you, really. What -- in your research on Ground Station as a Service, from a security point of view, what have -- what have you seen? What have you noticed? Any trends or anything you wanted to review there?
>> Nicolò Boschetti: So like there are different typologies of Ground Station as a Service. Very briefly, there are the oldest style. We could call them like basically they are a bent pipe architecture. Satellite communicates with an antenna. The antenna then modulates and decrypts the data and sends them to the customer. That is the easiest way to have a Ground Station as a Service and has been around for several years now. Now with the cloud computing, cloud tools AI, the Ground Station as a Service sector is virtualizing. Customers can outsource to these companies more and more components of their operations with the satellite and with the data that the satellite is producing. And of course, when you start to put more and more services in a single bucket, there is -- can be [inaudible] because it become easier for an attacker to understand where the data are, where it's possible to create a denial of service. But at the same time, of course, since we are talking about cybersecurity, the more complex is the system, also, the company is putting more security measures in service -- in place. So like the point is that the Ground Station as a Service is becoming more and more crucial for the operations and is becoming a more interesting target for cyber attackers. Let's say that.
>> Maria Varmazis: Now, I know sometimes when we talk about as a service, there -- a lot of the advice about how to make the as a service part of things is usually for the provider. But if you are a customer of something like Ground Station as a Service, is there something that you can do to help make your instance, I suppose, more resilient? And maybe the advice for resiliency is more for the provider, but I'm curious what your advice is in this -- in this arena for protecting from attack.
>> Nicolò Boschetti: Well, I believe that like most of the job must be done by the provider. The user should know the basics of cybersecurity and especially if you are dealing with sensitive data. Sometimes in some networks, the user can be anyone. And so data and encryption keys are like a credential to enter into a network that could be stored in a computer that has zero security measures in place or like we see in cybersecurity, in general. But those in space that like all the social engineering attacks are not very complex. Like they play with the psychology and the mind of the victims. So like I think that from a user point of view, there should be not a lot but at least a bit of knowledge of the basics of what's going on.
>> Maria Varmazis: Yeah, I would imagine for a user, again, if you're going with maybe a big, very established player, I won't name names, you may assume a level of security competency, and that is probably a safer bet. But if you're going with maybe a smaller player, is there something that maybe you should be looking for when selecting such a provider to say, okay, I actually think that I have a better chance of this provider taking security more seriously?
>> Nicolò Boschetti: Usually, providers show you like a blueprint of their architecture like if you have a bit of knowledge of what you are purchasing, you can understand the complexity and how modern or like secure is design that architecture. On the other hand, thankfully, we don't have enough of them. But in the space sector, we have several standards. There are IEEE standards, ISO standards, ECSS, etc., etc. So if a provider is compliant with some cybersecurity or security in general standards, that could be a good first indicator of at least knowledge of what would happen and what can be done.
>> Maria Varmazis: Why don't you walk me through a little bit, maybe the really high level on your research on hybrid space architecture? Maybe introduce what that concept is and then tell me a little bit about what you found.
>> Nicolò Boschetti: The last bit of my research in ground station and Ground Station as a Service is trying to understand what could make an hybrid space architecture secure from a cyber and electronic point of view? I feel space architecture is like a new iteration of a sort of all the concept that is hybrid satellite network, basically, integrating together different nodes of network that are spread among the different segments. You have a satellite that gets information from a ground station and delivers information to end users. Basically, anytime that you see -- you watch television on TV -- on satellite television, that is a hybrid satellite network. We say that we have a lot of satellites in space right now, and a part of this phenomenon is the fact that commercial providers are the biggest players in space right now. It's not like 30 years ago, while nation-states were the bigger players. And this has led many countries and many armies to outsource intelligence services, [inaudible] services, and many other activities that are interesting for the military or the intelligence community to private companies. Right now the US Army or several NATO armies are acquiring space services from commercial providers, again, like the Ukrainian army with [inaudible] is the same thing. Right now several of the services are passing through Ground Station as a Service because not only the space segment is outsourced. Recently, the DoD Defense Innovation Unit has started working towards an hybrid space architecture. So like a way to better integrate, especially for security and time, time of delivery of the information. So age of information, all these data that are coming from different providers and different providers in space and different providers on the ground. The last bit of my research that got material from my previous steps of research has been like trying to put together all the designs of reference architectures of Ground Station as a Service, trying to imagine in a real-case scenario, the European [inaudible] and the Arctic, how different providers could integrate themselves from an architectural point of view. And we found that probably the best solution to ever secure hybrid space architecture is the heterogeneity of the architectures that are being integrated. Because, as I said before, if you put a lot of eggs in the basket, you need to make secure that basket. But also, if someone tried to steal it or to break it that you have to find a way to move the eggs in a safer place. The heterogeneity gives you this -- reduces the single points of failure. It makes possible to root the data to the end user towards a path that maybe hasn't been attacked by an adversary. That is a very important [inaudible] in our opinion, for [inaudible] space architecture.
>> Maria Varmazis: It's sort of an introducing complexity, but not in a bad way, like in a good way to make it harder for the attacker. I wanted to make sure I asked you about the IEEE Standards Association and the work that you're doing there. I understand this is sort of a recent thing. So can you tell me a little bit about that?
>> Nicolò Boschetti: In June of this year, so June 2023, we presented the working group in the IEEE Standard Association for the creation of space cybersecurity, international technical standard, and is an effort to, again, I was talking about the standards before. The community with the technical guidance on how to design and build secure by design space missions. Because right now we are living in a -- with the legacy technologies that are integrated with the new technologies, and we have still satellites that are 50 years old, still working. And from a cybersecurity point of view, this can be a problem. Putting together like experts from the industry, the academia, the also governments like space agencies, etc., etc. from all over the world, we are trying for each segment of a space mission with -- to come up with an analysis of what is in place today? Okay, it's working, but it could be better. And how to redesign in a secure way. This will be the standard, is a technical standard, so like it will provide guidance. And as I said, now we are almost 150 experts from all over the world divided in subgroups, one for space, one for link, one for ground user, and the integration layer. We go back to the integration of different nodes in a secure way, and the standard effort is open to everyone that has expertise and interest in joining and providing its expertise -- their expertise towards the writing of the standard.
>> Maria Varmazis: We'll be right back. Welcome back, and staying with today's cybersecurity theme, the Mission Control TTX Hackathon, presented by the Space Generation Advisory Council and powered by the collective expertise of the AIAA aerospace, Cybersecurity Working Group, Space ISAC, Cornell Aerospace ADVERSARY Lab, and Embry-Riddle Aeronautical University is taking place this Saturday, October 21. Participants will embark on a journey as decision-makers tasked with detecting, diagnosing, and responding to a simulated cyber attack on space infrastructure. This mission calls for a blend of skills in cybersecurity, space engineering, policy, law, and more. Participants can compete as individuals or independent teams, with each participant having the opportunity to work directly on a real-world use case provided by the organizing groups. Winners will be showcased at next week's ASCEND conference in Las Vegas. More details and registration can be found by following the link in our show notes. That's it for "T-Minus" for October 18, 2023. For additional resources from today's report, check out our show notes at space.n2k.com. We'd love to know what you think of this podcast. You can email us at space@n2k.com or submit the survey in the show notes. Your feedback ensures that we deliver the information that keeps you a step ahead in the rapidly changing space industry. N2K's strategic workforce intelligence optimizes the value of your biggest investment, your people. We make you smarter about your team while making your team smarter. This episode was produced by Alice Carruth. Mixing by Elliott Peltzman and Tre Hester with original music and sound design by Elliott Peltzman. Our executive producer is Brandon Karpf. Our chief intelligence officer is Eric Tillman, and I'm Maria Varmazis. Thanks for listening. We'll see you tomorrow.
