I don't think I emphasised it enough yesterday. We're seeing records broken in space daily, and the significance seems lost on many folks both within and outside of the space industry. There are 19 people on orbit right now. We've sent humans to the highest apogee this week since the Apollo era. And while most of us were still sleeping in the US, the first private spacewalk was conducted, breaking more records in the process. Today is September 12th 2024. I'm Alice Carruth, and this is T-minus. Polaris Dawn conducts the first privately funded spacewalk. AST Space Mobile launches their first commercial satellites. China's land space holds a vertical takeoff and vertical landing jump test. And our guest today is Shane Fry, CTO of Software Security Fern Runsafe Security. Shane will be talking to the Cyberwire host Dave Bittner about cyber security regulation in the space industry, so stay with us for that chat. Happy Thursday everyone. What a time for the space industry. Yesterday broke records for the amount of people in low Earth orbit at once, and today, as planned, two members of the Polaris Dawn crew perform spacewalks marking the first ever privately funded EVA. But the record breaking did not stop there. After shift four founder Jared Isaacman spent 10 minutes outside of the crew dragon capsule to test the newly designed SpaceX EVA suits, Sarah Gillis, a SpaceX engineer, repeated the test and became the youngest person to ever perform a spacewalk. The crew dragon capsule is currently orbiting about 450 miles above the Earth. If you haven't watched the video from the EVA, then I implore you to go back and see it. What a spectacle and what a view. Isaacman shared as he emerged from the hatch, quote, "Back at home we all have a lot of work to do, but from here, Earth sure looks like a perfect world." Isaacman and Gillis tested the space suit design and procedures for the capsule, among other things, in a mission meant to test the limits of what private companies can do in orbit. Ground teams at SpaceX's California headquarters watched as the capsule's hatch door sealed shut and carried out checks as the astronauts returned to their cabin seats. NASA Administrator Bill Nelson shared on social media, quote, "Today's success represents a giant leap forward for the commercial space industry and NASA's long-term goal to build a vibrant US space economy." Day four of the mission includes plans to conduct a Starlink demonstration. This mission will mark the first crew dragon mission to utilize SpaceX's network of Starlink Internet satellite constellation. The test will use the Starlink laser link with an aim to pass communications through the Starlink network. We hope to bring you more on that on tomorrow's show. AST Space Mobile has announced the successful launch of its first five commercial satellites called Bluebirds. The spacecraft were transported to Leo by a SpaceX Falcon 9 rocket from Florida. These large arrays of antennas are designed to reach standard smartphones directly at cellular broadband speeds for voice data and video and other non-communications government applications. The Bluebird satellites are planned to offer non-continuous cellular broadband service across the US and in select markets globally. AST Space Mobile has secured additional strategic investments from AT&T, Verizon, Google and Vodafone as well as new contract awards with the US government through prime contractors. The company has agreements with more than 45 mobile network operators globally, which have over 2.8 billion existing subscribers in total. And speaking of space-based cellular networks, T-Mobile successfully sent and received for the first time ever in the US a wireless emergency alert via a Starlink direct-to-smartphone satellite. T-Mobile says the demonstration opens up the 500,000 square miles of lightly populated mountainous and/or uninhabitable land across the country to critical life-saving emergency alerts. It took emergency operators just seconds to queue up an emergency message and deliver that message via Starlink satellites to users on the ground. SpaceX launches are scheduled over the coming months to add more satellites to the current constellation, further blanketing the country with wireless coverage. As that happens, T-Mobile intends to beta-test the service before launching it commercially. Over to China now and commercial space company LandSpace have conducted a successful 10km vertical takeoff and vertical landing or VTVL jump test. The flight lasted around 200 seconds and included the first secondary ignition in Chinese VTVL tests. The engine cut off after 113 seconds of flight, reaching an altitude of just over 10,000 metres, followed by around 40 seconds of gliding descent. The vehicle achieved a soft landing in the recovery site 3.2km from the launch pad in the Gobi Desert. The company says that this paves the way for a reusable launch in the near future. It's National Space Day in Japan and IceSpace use the opportunity to provide updates on their next lunar mission. IceSpace announced that the resilience, lander assembly and integration is complete and the company announced that mission 2 development and mission planning are being determined based on feedback from the lessons learned during mission 1. The company's mission 2, featuring the resilience lunar lander and Tenacious Micro Rover, is now planned to launch no earlier than December 2024. The NATO Support and Procurement Agency has awarded a contract for Medium Earth Orbit Global Services to satellite operator SES. The service will be leveraged by government entities enabling them to carry out naval, air and ground communications missions around the globe. This is the first contract within the global commercially contracted SATCOM Support Partnership, signed in October 2022 between NSPA, Luxembourg and the US establishing a new era of space cooperation within NATO. The partnership provides a framework for NATO allies and NATO partners to participate in a multinational multi-year space-related activities acquisitions. SES will deliver satellite services for government entities in the US and Luxembourg, enabling their missions globally and across all domains. The services will also enhance allies' disaster response capabilities and bolster their overall resiliency. US Space Command's tactical C3 acquisition delta has awarded a $188 million follow-on production agreement to serve one tech for the expansion of the Mesh-1 terrestrial network known as Mesh-1T. Mesh-1T is a scalable, resilient and cyber-secure wide-area network designed for high-speed, IP-based data transport across various locations and conflict conditions. Mesh-1T enhances warfighter capabilities by securely and efficiently connecting data producers and data consumers, providing diversified communication paths built on modern technology and industry standards. The new agreement will expand Mesh-1T services to over 85 locations, enhancing its capabilities within 24/7/365 managed transport services and enterprise-wide upgrades. And Slingshot Aerospace has received $30 million in growth capital investment from Trinity Capital Inc. Slingshot says it plans to use the new funding to continue to scale operations and fund key growth initiatives. And you can read more about that announcement and more on the rest of the stories we've mentioned by following the links in our show notes. We've also included an update from the US Space System Command's Next Generation Overhead Persistent Infrared Polar Program. Hey T-minus crew, if your business is looking to grow your voice in the industry, expand the reach of your thought leadership or recruit talent, T-minus can help. We'd like to hear from you. Send us an email at space@ntuk.com or send us a note through our website so we can connect about building a program to meet your goals. Our guest today is Shane Fry, CTO of Software Security Firm Run Safe Security. Shane spoke to our sister podcast Cyberwire Host, Dave Bittner, about cybersecurity regulations in the space industry. I'll let Dave take it from here. So today we're talking about the Spacecraft Security Act. Can you give us a little bit of the history and the lay of the land that led us to the place where something like this became necessary? Yeah, it's kind of interesting. So we've been, as a country, as really a world, putting things in space for a long time. When we first went to space, the issue was let's just get to space, all the challenges that came with the Apollo program and things like that. But we've been putting a lot of satellites into space, communications, imaging satellites, and those are starting to have or have had for a long time, rather, communication back to Earth. And for the longest time, you sent something into space and that was it. We didn't really think about cyber. We just thought about how do we get images back? How do we talk to people that are in space? How do we talk to these satellites, the International Space Station? But as we've seen kind of an increase in cyber attacks over, I'll say the last probably 20 years, devices that aren't IT systems, that aren't end user laptops or desktops or servers in a data center, are starting to get attacked at kind of higher and higher frequency. And spacecraft are very interesting targets from a national security perspective. And I think we saw that maybe last week or the week before where Russia said, "Well, hey, we're going to attack the GPS system. We're going to attack US-based satellites if Ukraine doesn't stop their offensive." And I think that's kind of fascinating because we're seeing not only that these devices, these systems can be vulnerable that nation states are willing to attack them for a nation that's not directly involved in war. I think that's a fascinating development. In the early days of the space program, as we were putting more and more things into orbit and making more and more impressive journeys, was there kind of an international gentleman's agreement that we would keep our hands to ourselves? And was there a point where people stopped believing that? I think so. To be honest, that time was a little before me when I was in the industry, but absolutely. Everyone in the space field understands that our satellites are a kind of brittle infrastructure. They're not grounded to power. You can't drive someone out or fly someone in a helicopter out to fix something if it breaks. And you see that in all the redundancy that NASA puts in the systems that go into space. We've got to care about all kinds of radiation and power failures and things like that. And so understanding that it's not the same exactly as nuclear deterrence, but it's a similar thing of, well, all my satellites that I need to put up there can be interfered with and mess with, but so can all of my adversaries. So let's just keep everything kind of peaceful in space. And that's definitely starting to change. And I think it's not space related, but there was an issue probably 10 or 12 years ago where there was some random security researcher that was collecting drone footage that was being sent unencrypted from military drones. And that kind of sparked a, oh, we can attack things in the sky. Kind of mindset. And that's really extending now into space. And you see where Starlink went into space and was really beneficial to Ukraine at the beginning of the Ukraine-Russia war as a target now that Russia would, I'm sure, be happy to attack. And if it could cripple some of the other efforts that Ukraine's having. So there's definitely been that peacefulness to the point where there've been a handful of collisions in space that were they avoidable, were they on purpose? I don't know that we'll ever know, but there've been a few incidences of nation states, I think, trying to flex their muscles saying, we can do more in space if you want to take it there. Well, yeah, that was going to be my next question. Has there been any saber rattling of, hey, demonstrating our capabilities to keep each other in line? Yeah, I don't know of anything from the cyber side of things, but there's definitely been some mechanical saber rattling. I think the US has done some testing to say, we could shoot down a satellite in space if we wanted to. And I think it was China that ran the satellite into another satellite. It was one that they were going to be deorbiting, but I think the experts would say that they weren't just trying to deorbit this satellite faster, they were trying to show that they have capability in space. So it doesn't happen often, but it's definitely happening. And on the cyber side, there's more and more prip restaging of stuff happening and Putin threatening to take out the GPS systems is an effort there, right? Because cyber attacks are interesting, unlike missile strikes where you see something blow up, it's spectacular. I think about the scene in Iron Man often where they bring the generals out and they launch something into the side of the mountain and show, look at how awesome this is. In cyber, you don't really have that. And so you can be vocal about it and not have to show your capability, which is kind of interesting. So in July, we had a couple of congresspeople, congressman Frost and congressman Byer, introduced this spacecraft cybersecurity act. What does it entail? Yeah, so it's really one thing, but there's kind of a second order implication. So they're really looking at, NASA has requirements for cybersecurity, but how does NASA then push that requirement down to the contractors it works with? So you think of the Boeing, the SpaceX, the United Launch Alliances and many more where NASA has a need to push these requirements, but they've found through some inspector general audits back in 2019 that NASA's not pushing those requirements, or they're not enforcing those requirements. And so on the one hand, the bill is trying to enforce that implementation of the cybersecurity requirements on NASA spacecraft. But then it's also kind of broadening the picture to not look at just the spacecraft as it's in flight and operation, but also doing cybersecurity, what I'll call left of flight in manufacturing and development. And that's super important, right? If you're an adversary, tearing out a cyber attack on something flying very fast in space can be challenging. But if you can mess up the manufacturing process or have a cyber attack on some quality system, and so a park that shouldn't pass quality now passes quality, that can have devastating impacts. So they're really trying to push not only the contractors doing NASA work to do more cybersecurity, but also trying to get that cybersecurity to the entire ecosystem for those spacecraft, which is often ignored, not just in space, but in all of kind of critical infrastructure as well. So is this a case of the federal government using their purchasing power to try to influence the whole food chain here? I mean, a company like SpaceX, could it be that they have to meet these new requirements if sometime in the future they want their satellites to be used for government contracts? I think so. It's not explicitly laid out, I think, because it's leaning on existing regulations that have been passed for NASA cybersecurity requirements, but it is definitely trying to get an implementation plan from NASA on how they're going to implement this, which part of that is going to be technical, right? What are the actual requirements for cybersecurity? Do we have to do things like memory safety or secure boot or encrypted communications? But it's also going to have to be budgetary, right? Because as we know, contractors are going to do what they are getting paid to do, and if there's no budget to do cybersecurity, they're not going to do cybersecurity with few exceptions. And so I think part of that implementation plan will be how they plan to budget for those cybersecurity requirements, because new programs absolutely are going to have those requirements, and the contractors are going to have to bid cybersecurity services, labor, products to meet those requirements, but they're also likely going to have to do this for existing awarded contracts. And so that's going to require budget plus ups and things like that. And so while this isn't an appropriation bill, I think there will be implications to the budget when this implementation plan gets done, no later than 270 days from when it becomes law. In general, how is it being received by the various parties that are going to be affected by it? You know, that's actually something I'm not too sure of. We do some work with one of the smaller companies, and they're on the leading edge of cybersecurity. They actually have been working with us to implement cybersecurity for their satellite systems outside of NASA requirements, because they know it's the best practices. But I'm not in a lot of communication with some of the policy leaders at, say, SpaceX or Boeing to really have a great understanding there. Is there a general sense that this is a good area to be focused on, that this deserves the kind of attention that this bill brings to it? I think so. I mean, the federal government has been pushing cybersecurity since, you know, probably 2014. And we saw in 2019 some directives from the Department of Defense programs to do more cybersecurity. And we continue to see kind of an uptick in cybersecurity funding and focus across the US government. And so it's probably, I think, it's being very well received. The threat has never been more real. We're seeing a lot of critical infrastructure attacks with Volt Typhoon. And, you know, that's only going to move into space at some point. So I think, you know, nobody wants to be the space contractor that's unable to launch because of a mechanical problem. They also don't want to be on the front page of, you know, the Wall Street Journal because they had a cyber attack. And there was a, you know, loss of life or loss of mission as a result of the cyber attack on their space system. So I think it's going to be pretty well received. We'll be right back. Welcome back. In a remarkable feat of engineering, NASA has successfully resolved a longstanding issue with Voyager 1, the spacecraft that's been traveling through interstellar space for over 45 years. The problem stemmed from the spacecraft's thruster control system, oh yes, a thruster issue again, which began sending back confusing telemetry in May of 2022. Engineers discovered that Voyager 1 had switched to an outdated system that no longer works properly. After months of investigation, NASA's team were able to send a command to switch back to the correct system, bringing the probe back to full operational health. This fixes crucial because Voyager 1 is now more than 14 billion miles away from Earth, making it the furthest human-made object in space. The team's ability to communicate with and repair the spacecraft from such a distance highlights both the longevity of the Voyager missions and the expertise of NASA's engineers. Despite the spacecraft's age and incredible distance, it continues to send back valuable data from beyond our solar system, helping us learn more about interstellar space. Live long and prosper, Voyager 1. That's it for T-minus for September 12, 2024, brought to you by N2K Cyberwire. For additional resources from today's report, check out our show notes at space.n2k.com. We're privileged that N2K and podcasts like T-minus are part of the daily routine of many of the most influential leaders and operators in the private and public sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. This episode's associate producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kielby is our publisher, and I'm Alice Carruth. Thanks for listening. T-minus. [BLANK_AUDIO]
