>> Maria Varmazis: As the saying goes, if you want to go fast, go alone. Perhaps. And if you want to go far, go together. And should there be a national space emergency, and really that's a national security emergency, the Department of Defense says it's working on a way to mobilize space services quickly and effectively, which is why part of the strategy that's in the works at the DOD right now is responding to an emergency fast, together, with a commercial space reserve.
>> Maria Varmazis: Today is April 27th, 2023. I'm Maria Varmazis, and this is T-Minus. The DOD wants to create space reserves. Space Force is creating an Outernet, the Czech Republic to sign Artemis Accords. Intellian invests $100 million in satcoms. And more. Plus, today, we have our sponsored Industry Voices interview with Russ Andersson, COO and Co-founder of RapidFort, where we discuss the importance of software security in the space industry. So let's get to it. And here is your intel briefing for today. The Department of Defense Space Policy Chief, John Plumb, says space-based missions are essential to the US way of war. Plumb went further into the need for space-based military support telling the House Armed Services Committee that the DOD is looking into new ways to partner with commercial space, in an initiative called the Commercial Augmentation Space Reserves. The goal for the DOD would be to attain quick access to commercial space services in case of a national security emergency. If this sounds similar in spirit to the Civil Reserve Air Fleet or CRAF, where the DOD gets access to volunteered civilian aircraft in times of national emergencies, that is kind of the idea. According to the story in Space News, the kind of commercial space that the DOD is looking to partner with, should a national security crisis arise, includes satellite manufacturers, launch vehicle operators, and remote sensing companies. So put a pin in this one, as the details are still being worked out. But in a few months, the DoD will be back before Congress to present their ideas. The Commercial Augmentation Space Reserves, or whatever it might be named when the plans are finalized, says Plumb is very important and I think this is the right time to make sure we're doing it right. Staying with the DOD and Richard DalBello, Director of the Office of Space Commerce, said the agency's ability to build a space traffic management system will be heavily dependent on data from the defense department. Travis Langster, DOD Principal Director of Space Policy, echoed the need for the partnership to strengthen commerce's monitoring abilities. Langster added that the DOD is working with commerce to ensure that its expertise in analyzing space observation data is also being passed along. Space Force says they're further along on plans for a hybrid commercial military outernet. And what's that, you ask? Why, it's the internet in space, meaning it'll link all Space Force mission-specific networks together. Now, when you think of traditional satellite communications, usually we're talking about satellite to ground and back again. And in this case, the architecture plan here would be pier to pier, satellite to satellite. This adds in redundancy and hopefully resiliency to military satellite constellations. So even if a satellite is disabled, key data can still get to where it needs to go. And the satellites that could transport this data could run the gamut from the most highly encrypted military constellations all the way down to unclassified commercial space. Here's some further detail from Colonel Eric Felt, Director of Architectures and Integration at the Department of the Air Force's Space Acquisition Office. The basic idea being that if I'm a sensor or a satellite in space, I shouldn't have to worry about how the data gets to where it needs to go. If I'm a terrestrial sensor, I don't have to worry about where my packets get routed. They get routed very resiliently to the right place. And on to our international briefing now. And NASA has said that the Czech Republic is going to sign the Artemis Accords during a ceremony on May 3rd. The Artemis Accords are a multilateral, non-binding declaration of principles and rules to enhance governance of the responsible exploration of outer space. The Czech Republic will become the 21st country to sign the accords since they were established in 2020. The Chinese Aerospace Science and Technology Corporation has outlined plans for new formation flying telescopes under the country's Miyin Exoplanet project. The array of telescopes aims to monitor sun-like stars to search for Earth-like planets around them from deep space. The project is under development with on-orbit technology demonstrations planned for next year, and a prototype of the array is expected to launch in the next four to five years. AST Space Mobile and AT&T demonstrated the first smartphone to satellite call earlier this week. And now, Canadian wireless provider Rogers is hoping to bring a similar service north of the border. Rogers Communications has announced that it has conducted successful tests with link satellites and has struck a deal with SpaceX to use Starlink satellites to expand the service to remote areas of Canada. Rogers expects the service to start with text next year before expanding to voice and data cell services. And staying in Canada. And the Artemis 2 crew visited the country this week to engage with industry politicians and academia. The tour was orchestrated to emphasize the partnership between NASA and the Canadian Space Agency. NASA administrator Bill Nelson said it's significant that, for the first time back to the moon in over half a century, that Canada is our international partner. Canadian Jeremy Hansen will become the first non-American to leave low Earth orbit as a member of the Artemis 2 mission, which is expected to launch no earlier than November 2024. Japanese space startup Astroscale has announced two loan agreements with Mizuho and MUFG banks, totaling approximately $44 million. The Tokyo-based company is developing satellite end-of-life and active debris removal services. Astroscale's CFO, Nobuhiro Matsuyama, told Payload that there is a very stark difference in the market conditions compared to a year ago, and capital is very expensive right now. Leading satellite antenna and terminal producer Intellian announced a $100 million investment into the research and development of satellite communication technologies at the official opening of their Advanced Development Center in the city of Rockville, Maryland. The center is Intellian's first and only US-based research and development hub focused on the phased array antennas and user terminals. Intellian is expecting the team in Maryland to grow to 70 personnel by the end of the year. No technology connected to the internet is unhackable. Our friends at CyberWire can tell you all about it. And that certainly seems to be the case with ESA satellites. Hackers took control of ISSA satellite operations earlier this week. But don't panic. It was for demonstration purposes. The exercise was planned for the CYSAT conference in Paris to show vulnerabilities in satellite technologies. It certainly hit home the real threat of cybercrime and space, which seems to be a common theme at this year's conference. And that completes our intel briefing for today. To learn more about any of the stories in today's episode, check out our selected reading links on our website at space.n2k.com. We've also included a sci-fi meets science reality piece from the Atlantic, on building human habitats in space. It's a good one. Definitely check it out. Stay with us next for industry voices. And, hey, T-Minus crew. Did you know that every Thursday, we sit down with industry experts in a segment called Industry Voices, which is all about the groundbreaking new products, services, and businesses emerging around the world? Every guest on Industry Voices has paid to be here. We hope you'll find it useful to hear directly from businesses about the challenges they're solving and how they're doing it. And today, you'll hear from Russ Andersson, COO and Co-Founder of RapidFort, where we discuss the importance of software security in the space industry. Visit space.n2k.com/rapidfort to learn more. Satellite security has been in the spotlight, especially in the last year. And as this issue gets more attention paid, there are a number of professional best practices from other industries that the space industry can adapt to more quickly ramp up here. One of those is the concept of working and automating security testing into every stage of the entire software development lifecycle. It's an idea that often gets shortened to DevSecOps. Now, DevSecOps is a proactive approach to software security, where you're baking it in as you go, instead of working out the software and then finding and fixing the vulnerabilities after things have essentially shipped. As software and space systems continue to grow in complexity and maturity, DevSecOps is gaining traction as a best practice. So speaking with me now on the how and why of DevSecOps for Space Systems is Russ Andersson, COO and Co-Founder of RapidFort. Here's our conversation.
>> Russ Andersson: Well, the awareness for security needs for space systems, I'd say, is at an all-time high. It's been heightened by geopolitical tensions, both in Eastern Europe and possibly with China. And the recognition that, as we move to more complex space systems, the software is going to be more complex. And as a result, the challenges in securing it are going to be harder. If we- one looks historically at the space industry, they focused on heritage software, simple software that was well written that had a lot of flat hours and had flown before. And that was actually easy to secure because it tended to use memory-safe languages. The access and interoperability of the software was reduced, and it was essentially the small, safe kernel sitting on essentially a bus in space, which was hard to actually breach, because of the complexity of space missions, that simple software is not going to meet the performance needs. And so, there's this enormous move towards open-source software, which has a lot of significant benefits in performance and functionality and future proofing and all of these wonderful things. It enabled AI, autonomous flight, all of these things, but that comes at the risk of it being a much larger software footprint. And as a result, it's much, much harder to secure. So we're leaving the trusted safe old and we're voyaging into the exciting but unsafe new. And that's one of the recurrent themes we hear from executives in the space industry.
>> Maria Varmazis: When it comes to attack vectors on space systems, what are sort of common ways that attackers are compromising these systems?
>> Russ Andersson: Well, there's two fundamental systems as we all know. There's the ground segment and then there's essentially the on-bus or in-orbit software. And they represent two very different security challenges. So most of the ground segment software is moving to cloud-native or cloud-supported infrastructure. And the security challenges there are similar to what you'd have with securing enterprise cloud infrastructure. So the security programs for the satellite operators are starting to resemble the security programs of large financial services, companies like banks and things like that. And so, there is a clear model for that. There's nothing essentially new that's going on. The satellite industry is just essentially adopting best practices for the ground segment. Orbit or on-bus, essentially, on-device software, market or challenges are very different in the sense that this is something new. There are a lot of- a few aspects on satellite software, which are unique, which create new challenges. And there's a number of subtle things that one needs to do, but it is now possible to start borrowing best practice from the internet of things, the industrial control systems, and the energy space, and those types of things. And so, we're starting to see on satellite starting to adopt a critical energy infrastructure, IoT-type security paradigms, whereas the ground segment is moving much more to traditional enterprise cloud security paradigms.
>> Maria Varmazis: That's interesting that the two are moving in kind of different parallel paths because I think of enterprise and IoT as almost opposite. Maybe that's not true, but that's sort of how I think of them.
>> Russ Andersson: Very astute observation. So when one thinks of that these markets are actually converging, and they're converging because of a couple of fundamental trends. But the biggest trend that we're seeing in IoT, in the IoT space and, indeed, in automobile spaces is that, historically, if you would look at a car, it had sensors all around the car, and all of these had separate compute and separate software. What's happening now is all of the compute and all the software is being centralized in a single place, and the sensors are essentially becoming much more dumb terminals. And because of that centralization of compute, things like containers, Kubernetes, and those sort of cloud-native technologies are starting to appear on IoT devices. So there is going to be a convergence of security challenges as the IoT devices themselves become more powerful, become much more cloud-like, and intelligent as they move towards providing enhanced functions and performance.
>> Maria Varmazis: Okay. So it sounds like for creating a space system, there is a maturity there in building out security from, for lack of a better term, ground up, as you go, as opposed to thinking of it and tacking it on later. So one of the terms that we sometimes use is DevSecOps. Can we talk a little bit about what that means here?
>> Russ Andersson: Sure. So DevSecOps is a software release methodology, which puts security into a traditional DevOps process. And so, what do we mean by DevOps? DevOps is the process of continually releasing software. There's a lot more to it. But fundamentally, the difference between DevOps and the methodologies before it is the idea of deploying small increments to software continuously, whereas, in the past, satellite software was very waterfall in nature. There was essentially one release. You got that version out and then you never updated it for 20 years. And so, there's something of a clash of cultures between DevOps or DevSecOps, which is deploying small incremental changes continuously and the way satellites and, in fact, the aerospace industry historically has worked, which is one and done. And the reason that's needed now is a lot of the vehicles that are essentially being launched are going to be in orbit for a long period of time. And software capabilities are going to improve, and you want to take advantage of those improvements by future-proofing your platform. And so, there is essentially a drive towards DevSecOps because it allows you to harness the performance benefits of the future essentially by making investments now.
>> Maria Varmazis: So if I was creating or working on a space system right now, and this conversation has piqued my interest, but I don't know quite where to start or where to learn it more, what would you suggest?
>> Russ Andersson: Well, that's a good question. I think, architecturally, the big decision that you need to make is are you going to go essentially the DevSecOps cloud-native path, or are you going to continue essentially down a more traditional path. And that's going to essentially be a central decision that's going to take you down two very different journeys. There are pros and cons for either, but the things that you'd look at essentially is what are the capabilities that I need to support. How long do I expect the software to provide those services and things like that? The more complex, the longer life and so forth, the more the benefits for the DevSecOps path will mount. However, if it's a relatively simple mission, staying with the tried and trusted heritage software might be a better path for you.
>> Maria Varmazis: That's a great point. There is no one size fits all. Certainly. Any closing statements or anything you want to mention about RapidFort that relates to all of this? I want to make sure I give you that opportunity.
>> Russ Andersson: Yes. Thank you. So next-generation software provides enormous advantages, but it does come at a security cost, in that the software tends to be bloated. What RapidFort does is it's an automated toolset to discover which code you're actually using, and then we shrink down the software artifact and give you a perfectly customized software artifact just for your mission. So we build a customized software shoe for your own foot. And we typically reduce software and attack surface by about 80%. So that means 80% less patches to apply, 80% less vulnerabilities to defend. And that allows you to build and deliver secure software cheaper and faster and, ideally, rapidly.
>> Maria Varmazis: Excellent. Thank you, Russ. I really appreciate you coming in to speak with us today.
>> Russ Andersson: No, it's been a pleasure. Thank you very much for the opportunity, Maria.
>> Maria Varmazis: And we thank Russ for sharing his insights with us. And we will be right back. And welcome back. And now for our more fun item for today's show. I'm giving the space community on Twitter credit where it is due. There was a fun challenge set to Space Twitter this week, and folks really stepped up. So what was the challenge? Tracking down some very enthusiastic kids who were photographed during the Starship flight test on the 20th. Photojournalist Erik Kuna took what I would argue was the best photo of the day, with Starship going up in the background and a really thrilled kid with his hands pumping in the air. You can just hear him going, yeah! And he represents the kid in all of us really. And Eric put the call out on Twitter. Help him find this kid. Here's what he wrote. Alright, internet, I need some help. During the Starship super-heavy launch, I was able to capture this photo below, and I need help to find this photo to the wall of that rockstar of space flight. This kid had such enthusiasm and passion the minute that thing broke from the dust. Unfortunately, I was about 300 feet from the group taking this photo, and I couldn't get to them in time to ask for contact information before they then disappeared into the huge crowd. Maybe someone knows who was at the launch who knows someone who recognizes someone. Would be cool. Never know. Dot, dot dot. This was like the bat signal for Space Twitter. Everyone was retweeting and boosting this thing to make sure excited Starship kid saw his photo. Folks were using their OSINT skills to even identify the brand of the kid's shirt. It's kind of cool. Ars Technica Eric Berger quoted the photo and said, let's find this kid's parents and make sure he grows up with his photo. And that seems to have been the key. Nearly 2,000 retweets and 20,000 likes later, finding the kid in question only took a day. Photographer Erik Kuna soon got a response from the kid's parents confirming it was them. We drove down from our small Arkansas town to see the launch, said Dad and Matthew Herzl. What a creation and what a special atmosphere and moment. And what a cool commemoration for this kid who will have lifelong memories for sure. So great work, Space Twitter. And that's it for T-Minus for April 27th, 2023. For additional resources from today's report, check out our show notes at space.n2k.com. We're privileged that N2K and podcasts like T-Minus are part of the daily routine for many of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. This episode was produced by Alice Carruth, mixing by Elliott Peltzman and Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Brandon Karpf, and I'm Maria Varmazis. See you tomorrow.
