Alvaro Alonso Ruiz (14:07)

What I saw at the space industry is amazing. Especially there's this new space movement, a lot of new companies spawning, doing amazing stuff. So on the one hand I was very inspired by all the innovation going on and on the other hand I was appalled by the state of software in the industry, especially because I had seen software in other verticals and when I saw that space missions, they were state of the art in many technologies, but in software they were stuck decades in the past. I was amazed. I couldn't believe it. So that was kind of the driver for co founding Lean Space.

Dave Buettner (14:46)

Tell me a little bit about what you've seen and maybe why are things the way they are?

Alvaro Alonso Ruiz (14:52)

Well, the space industry is inherently risky, so a lot of decisions are made to minimize risks. Which makes sense, right? Especially because in the previous decades, space missions were done by engineers for engineers, if you know what I mean. All the missions were kind of R and D in a way. Every mission was a one off. They were reinventing the wheel over and over again. Everything was a custom implementation, there was massive redundancy being put in the spacecraft and also in the ground. And so they were trying to minimize risks all across. They were extremely expensive missions. They took forever. So when finally you launched that satellite, nothing could fail. And it made sense in the past. Right now it doesn't make sense anymore. You see, for example, very successful companies like SpaceX, they operate in a completely different manner. They actually run their business as a software business. They launch a lot of satellites and some of them fail, but most of them succeed. And they have very quick turnaround. They innovate constantly. It's like in software development, you work in sprints, you work with close feedback loops. You don't do waterfall approach, you do like agile approach. This is exactly the concept. And still in the space industry, while this kind of agile development methodologies have been around for like, I don't know, over 20 years, the space industry still operates waterfall. So you have missions that are defined at the outset, every single detailed requirement is carved in stone and only then you start development and then nothing can change. But of course things change, because when you have a mission that lasts for years, requirements will change. So then things start to change and then it's chaos all across. Because introducing changes in a waterfall process is very complex. So what space companies have not realized is that they cannot keep on running hardware businesses, because every company in the world is a software business. If you use software to deliver a service to your customers, if you use software to manage your paychecks, you use software to do your planning, to manage your emails, you are a software company, you just have assets that do things. But you run your business through software and you have to think as a software business. But in space, we are hardware focused and that's a limitation.

Dave Buettner (17:39)

Yeah, that's the thing that I'm curious about. As I mentioned to you, before we started recording, I came from cybersecurity. So software is the world. That. And when I started doing this job, the differentiation I often heard was, well, that's bits, we're talking atoms, we're making physical things. We can't do that kind of thing here. Is that just a mental limitation? Is that just something. I mean, obviously they're different. I mean, I'm not saying they're not. But a lot of the pushback I've heard is, you know, we just can't do those things. It's just not possible in the physical space. Do you buy that? Is that, do you feel that that's not valid?

Alvaro Alonso Ruiz (18:13)

Yeah, of course not. Yeah, yeah, of course. No, of course not. Like all them, all the industries across the world, they are digitalizing. I mean, this concept of digital transformation is a thing. And even very aging industries like banking, for example, they are undergoing this digital transformation because they have realized the risks of staying anchored in the past are worse than the risks of actually implementing and introducing new technologies into their businesses. I think the problem in space is the mindset. Everyone says space is hard.

Maria Vermazes (18:53)

It is.

Alvaro Alonso Ruiz (18:54)

Or are we making it hard because something is? Yes, some things, no. For example, today I know of a constellation of Earth observation satellites which is operated using Windows 95. Not kidding. Not kidding. So can you imagine, I mean, you have a background in cybersecurity. Can you imagine the risks these people are taking? It's insane. And when you talk to them and you say, hey, why don't you use. You can migrate your control center into a cloud, native cyber secure infrastructure, resilient. And they say, no, no, that's risky. And you're like, really? You're operating a system that is not maintained since 20 years. It's really frustrating. A few weeks ago, I was speaking at an event, I was on stage and it was a panel on artificial intelligence of AI.

Dave Buettner (19:52)

Of course, everyone talks about AI.

Alvaro Alonso Ruiz (19:54)

And it was the third time I was on stage talking about how can we leverage AI in the space industry? And it was extremely frustrating because how can we leverage AI if we are using technologies from the 70s when we're using disconnected systems that don't talk to each other, when operators are sending commands manually, literally typing the commands and sending them manually to spacecraft, you cannot use AI. We've missed a technological step. So first you need an infrastructure that connects everything together so you have all your data harmonized, standardized, usable, so that with this data you can actually train your AI models. Then after the outset of the AI algorithms, you need actionable insights that you can actually action. So you need a place where you bring it back, you bring back this output and you can do something with it. So you need this infrastructure that enables you to connect data in and out and this doesn't exist in the space industry. Very, very few companies have something like this. They all have distinct systems, different technologies, incompatible. It doesn't work. So that was actually the trigger of me starting to be more vocal about the inherent limitations we see in the space industry. No one is doing anything about it. So I'm trying to step up and change things.

Dave Buettner (21:22)

I think for folks who are outside of the space ecosystem, there is that general assumption that, well, space is either really, really behind or really, really advanced, one or the other, or both at the same time. But I don't know if there's that pipeline of talent going to the space industry from the software side. That's a whole other conversation. But I'm so curious about, as you said, that it's a mindset issue how we go about shifting that. I think there's so much to be explored there.

Alvaro Alonso Ruiz (21:47)

Let me answer first to a comment you just made. Sure have software talent entering the space industry. Because this is a question that was asked in this last AI panel and the question is that this is part of the problem because the space industry is plagued by aerospace engineers, not by software developers. So when a software developer joins the industry and instead of working in APIs or microservices or AI, they have to maintain code written in Fortran in the 70s. I'm not kidding. This is the case.

Dave Buettner (22:26)

I know. I believe it. It's a nightmare for a developer though.

Alvaro Alonso Ruiz (22:29)

Yeah, we don't have good software talent entering the industry. All the companies we work with, the people writing the ground software, are typically aerospace engineers. They don't know how to code and they are typically reusing libraries and things from way back because they're proven, they're validated open source. There's so many open source tools in the industry that people use. There's a huge risk. You open source libraries, some of them are right, some of them they're not because they might have a bug that someone introduced during the 90s and no one is maintaining this. No one knows and no one will know.

Dave Buettner (23:07)

It's a huge technical debt. Yeah, technical debt is a huge problem. Yeah, I was going to say I'm imagining a software engineer looking for a really exciting job and the prospect of going, facing what you just mentioned, they have a lot of options. I'm not sure they'd want to take that on. I don't know how one fixes that. But anyway, I wanted to hear your thoughts. What do we do? It's not about me, it's about you.

Alvaro Alonso Ruiz (23:30)

The first thing we have to do is educate the market. And that's what I'm trying to do. Because I mean, the problem is that it's lack of knowledge. There's a lack of knowledge that actually modern software technologies reduce risk, they reduce costs, they reduce delays. There's a massive advantage that people need to understand. That's the first thing changing the minds. The second thing is that we need phased transitions because we cannot just like disconnect a control center, flying satellites and connect another one. It doesn't work. So we need a middleware layer that connects legacy systems with cloud based applications, kind of an integration platform. And that's what we're doing. At Lean Space, for example, we have an integration platform that can connect to all the hardware, all the different legacy software systems, and you can build applications with all this data that has been centralized. It also enables to break down monolithic architectures into microservices. And then the third thing I would say is most of the systems in the space industry are based on premise because the cloud is like, oh, cloud sounds dangerous or insecure or public. It's like security of my data. But actually a lot of times cloud providers have much better security than you have in your own basement. And some missions, of course they need to be air gapped because of obvious reasons, but some don't need to do, don't need to be. So I think adopting hybrid cloud approaches and gradually migrate functionality as we are comfortable with or as the mission requires makes sense. So I think that's how I would take it. And there are technologies out there that enable this transition. But the first step is actually willing to do so.

Maria Vermazes (25:27)

Be sure to check out the T minus space daily podcast wherever you get your favorite podcasts. Hey everybody, Dave here. Have you ever wondered where your personal information is located lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Deleteme. I have to say, Delete Me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to join delete me.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K and finally, our device inventory desk tells us that the Princess Alexandra hospital in the UK recently discovered that PlayStations, coffee machines and even passing electric cars were connecting to its network. Deputy Director of ICT Jeffrey Wood admitted our attack surface was bigger than we thought after finding between 5 and 10,000 unknown devices lurking in their system. This alarming revelation came during a trial of a cyber exposure platform, part of a broader tech modernization effort. With no dedicated cybersecurity team, the hospital's infrastructure staff handles security, integrating automated tools, XDR and AI driven protections. Network segmentation has even freed the marketing team to use Apple devices, which were previously banned. However, Zero Trust Security remains a distant dream. Deputy Director Wood says the hospital is embracing a one NHS partnership model rather than siloed vendor relationships, but warns this isn't just cyber risk, this is risk attacks could harm our patients. There's nothing like a cybersecurity audit to find out your MRI machine shares a network with somebody's PS5 and that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast. Appreciate Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here.

Alvaro Alonso Ruiz (29:54)

Foreign.

Maria Vermazes (29:59)

And now a message from our sponsor. Zscaler, a leader in cloud security enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security Zscaler Zero Trust AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler, Zero Trust and AI. Learn more@Zscaler.com Security.