Maria Vermazes (13:55)

I'm going to do my best. It is confusing, so I'm sure a listener out there who knows this world inside and out is going to go I got half of this wrong, but I'm going to try Our view of what's going on in space is not as complete as I think most people would think it is. We know very well for the most part what geostationary satellites are in orbit because from our perspective they don't really go very fast. We see them and they're up in the sky and they're like, okay, they're there. Low Earth orbit. We have a somewhat patchwork understanding of what's on orbit and there's a lot that we miss. And essentially there's no one entity that's in charge of tracking all this. I think that's the thing that surprises a lot of people. There's no central traffic control. There are a lot of private companies that are tracking space satellites, space debris of different sizes, things like that. There are several different governments that are tracking satellites. The United States government certainly is doing its bid on that part. And then there's the US Department of Commerce. That is sort of seen as like the best that we have at a central repository for understanding what's on orbit. But again, there is no complete knowledge of everything that's up there. So when people are saying how many satellites are in orbit, it's always an estimate because we can't know at one time. Like, you know, you think of a sci fi movie, oh, we can see all the satellites up there. We know exactly where they are. No, we don't. It's just not that complete. We have a good sense of it and there are different ways to patch this information together, but it's not like a complete accurate picture of our asset management system or our network. We just don't know entirely.

Dave Bittner (15:26)

So this article talks about a system, do I have it right? Referred to as Trax.

Maria Vermazes (15:31)

Trax, yeah.

Dave Bittner (15:33)

And what is that?

Maria Vermazes (15:34)

Trax is a system that is currently in Beta, that is coming out of Beta, that is headed by the US Department of Commerce, that is supposed to be the. The best that we can get at a central understanding of what's going on in space. And this is a project that's been in the works for some years. And in the middle of 2025 there actually was the White House budget, a thing to kill it entirely, which was very alarming for people in the space industry because a lot of people had been banking on this coming out. So thankfully it sounds like that didn't happen because the industry rallied to save it. But it did start this larger conversation of we seriously do not have a great understanding of all of the assets in space. Tracks was seen as our best bet, but it's still not the best. And again, there's a lot, there's a lot of confusion about. I'm confused just trying to explain it because there really isn't a great clear picture of this. And every time I try to learn more about it, it's like there's a bazillion small companies that are trying to add to this and are they all talking to each other? No, it's not Great. It's not great.

Brandon Karpf (16:38)

Kind of like a disaggregated air traffic control system, right?

Maria Vermazes (16:43)

Yeah. And it doesn't exactly engender confidence in this whole thing. We're talking about space debris, you know, collision avoidance, that kind of thing. It's like, do we have that one single pane of glass of knowledge? And the answer is no. And that's terrifying to me, to be honest.

Dave Bittner (16:58)

So what this article gets to Brandon is we closed out last year with an executive order from President Trump which was titled Ensuring American Space Superiority, which talks about these traffic management services. And there was a subtle shift in the language used here. Can you unpack that for us?

Brandon Karpf (17:22)

Yeah, I'll start with kind of like a why this is so important right now.

Dave Bittner (17:25)

Yeah.

Brandon Karpf (17:27)

Years ago when I was an undergrad in college, I somehow got myself accepted into an internship program at the National Reconnaissance Office. So NRO in Chantilly, Virginia.

Maria Vermazes (17:39)

Yeah.

Brandon Karpf (17:39)

And so as an intern at this place, I got to tour their, their wash floor and their operations center and this, this kind of really cool dark room with all of these computer screens and these big screens on the wall with abstractions of orbits and things like that. And there, this massive floor, There was about five people there and there were mostly like 20 year old air Force enlisted airmen. And this was, you know, way before the Space Force, way before, when I was asking this one what he was doing, he was looking at all these conjunction warnings.

Maria Vermazes (18:13)

Yeah.

Brandon Karpf (18:14)

And really conjunction warning is when a piece of debris or two satellites get within, you know, 100 miles or something like that of each other, there's a, there's a warning based on what we're actually tracking. And so I was asking, cool, like, how many satellites are there? And he's like, well, probably about a thousand that we're tracking. And cool. How many pieces of debris are we tracking this? Oh, another couple thousand. Awesome. So you know, how many conjunctions are you addressing? And this explains why there was only five people on the swatch floor. He goes, eh, we get one like one a day maybe. So that was a little bit ago with a thousand satellites today.

Maria Vermazes (18:48)

This was a while ago.

Brandon Karpf (18:49)

Today we have 14,000 satellites up there.

Maria Vermazes (18:53)

Approximately.

Brandon Karpf (18:54)

Approximately.

Dave Bittner (18:54)

Right.

Brandon Karpf (18:55)

With plans of growing potentially to like 100,000 in the next four years. Satellites in different orbits. On top of that, all the space debris continues to increase. So now conjunction messages have increased from one a day, a couple a day, maybe a few dozen a day to over 600,000 every single day.

Maria Vermazes (19:21)

Yeah.

Dave Bittner (19:21)

Wow.

Maria Vermazes (19:22)

Right. And who's the central authority for, hey, there's a conjunction event happening. Who do you talk to? Who coordinates with whom on that? How do you, how does that, how does it work?

Brandon Karpf (19:31)

And, and it's definitely not NRO because they're focused on their, the few exquisite military and intelligence community satellites. It's not NASA, because that's not NASA's mission. It's not really the FAA because the FAA does some stuff with space traffic, but mostly with launch and recovery for some reason. This track system is with the Department of Commerce. So really what we're getting to is, as Maria pointed out, there is no central authority to, as the White House is released, ensure American space supremacy over the coming decade, especially when it comes to traffic management. And so what's interesting here in the change is this policy put out by the White House, I think, I mean, what was it like December 18th? It was right before the holidays, is that the US government is going to make this system available for free, make the data within the traffic management system, this track system, and I assume others, although it's still kind of unclear exactly what data and from where and to whom and how to get access to it, but supposedly making it accessible to the whole industry, which would be a.

Maria Vermazes (20:45)

Good thing because more information is good. Is there a downside to this?

Brandon Karpf (20:51)

No. I mean, it's, it's a budget item.

Maria Vermazes (20:54)

Yeah.

Brandon Karpf (20:54)

The government funding act, the one big beautiful bill act that was passed over the summer, did increase the FAA's ability to charge commercial space companies in terms of how much payload by mass they're putting into orbit. And so there are increased, you know, revenue lines for the government to potentially fund things like this. But I think it's a, to me right now, especially this being totally new, without a lot of analysis being put forward, it's a little unclear where this data is coming from, how people get access to it, whether tracks is going to be the system of record, if Department of Commerce is going to continue to manage that, which is a little bit odd. It's not like, at least I'm not aware that they do traffic management for shipping, you know, or for air traffic or things like that. So why would they do space traffic? A little bit unclear.

Dave Bittner (21:46)

So this article points out that space situational awareness is no longer just a safety function, but a strategic one. And so, Brandon, putting on your former military hat, is there a case to be made strategically to limiting the availability of this information?

Maria Vermazes (22:08)

Hmm?

Brandon Karpf (22:08)

Oh, interesting question. So good question. You know, certainly within these feeds and, you know, there will probably be information on the location that position the vectors of more Exquisite space capabilities. But then again that stuff is up there. It's not like it's a secret, right? It's what it does is potentially a secret. But it's pretty obvious to see the thing because if you have a clear unobstructed view of the night sky, you can pretty much track anything that's up there with some relatively inexpensive equipment, whether through radio frequency collection or from, you know, actually measuring and doing kind of like radar type telemetry off of, off of satellites. So I think the analogy here is probably similar to Earth observation where all these commercial providers of Earth observation assets now you can go and buy, you know, down to the 10 centimeter level Earth observation data, right. Pictures of Earth down to that level of granularity of anywhere on Earth. You can go and buy this of, of you know, views of war zones like Ukraine and see that data yourself. You know, historically that's just been nation states who have access to that information. But now private companies are providing that similarly, not just with Earth observation, but also signals intelligence. Right. There's some Companies like Hawkeye 360 were providing site surveys and signals around different areas of the world. Again typically an exquisite capability that was reserved to nation states. So this is kind of democratization of exquisite data is nothing new to this industry. I think the more we see the space industry grow and accelerate, the more we're going to see exquisite sources of data being broadly accessible to anyone who wants to write a check to these companies. What's unique here, you know, I think as you pointed out, is this is being provided by the government. And it's not just government data. It's going to, it looks like it's some commercial data as well. Again, who's paying for unknown adding as.

Maria Vermazes (24:14)

A corollary, the space industry overall, especially in the US is at this very interesting point where a lot of capabilities that have been grandfathered in are like with the doc, owning tracks doesn't, at least to my mind, make a whole, whole lot of sense why it's there. There's this element of maturity that's, that's happening very quickly right now by necessity. And it's going to be very interesting to see if we get any transparency about some of this data. As you said, we don't know where some of the commercial stuff's going to be coming from or going to. And if that's, do we even need to know that? But I mean there are some capabilities that tracks can't do that. The commercial sector is trying to fill in those gaps like for space debris, for example, there are certain sizes of space debris that are so tiny but still extremely dangerous that a lot of people in the private sector are trying to, to make their niche of detecting that space debris. Is that information going to make it into tracks? And if it is, I imagine it's going to come at a very premium price. But it's still extremely important to avoid not just collisions, but eventually even the Kessler effect. God forbid.

Dave Bittner (25:15)

Yeah. I wonder how quickly does this problem or this challenge becomes hard to manage or impossible to manage. You know, Brandon, you talked about going from one a day to 600,000 alerts, so it doesn't strike me as being linear. Right. The more objects we put up there, the more potential for interactions and debris and collisions and all that kind of stuff. So when does this become unmanageable and who's in the best position to manage it?

Brandon Karpf (25:47)

Yeah, the rules of the road here are kind of interesting. And pick your analogy. If we looked at the FAA's Air Traffic Control system, the number of flights per day are still pretty limited and regionally so, and controllable with proper staffing. That's a separate issue entirely in terms of the air traffic controllers of the faa. But it's a tractable problem at human speeds and human analysis, especially with, with, you know, airplanes all having their transponders and transcoders and, you know, sending their location information it and moving relatively slowly, whereas in low Earth orbit things moving much faster. Of course the distances are greater, but you're having a lot more and a lot more potential conjunctions. This quickly to your point, grows exponentially to a stage where I don't think human intervention is going to be the proper approach. So now a different analogy would be like the Security Operations center, who's looking at intrusion alerts and things like that, where we're now getting potentially billions of alerts per day at the largest security operations centers and no staff, no human staff can review all those alerts. So you have to implement a layer of automation and automatic analysis on top of that to elevate the most critical alerts or to respond automatically, which is what we're seeing in the security world. Right. The initial response is happening autonomously without human intervention. That's just not a human tractable problem.

Maria Vermazes (27:20)

It's amazing to me that when you mentioned the Security Operations center, when I was at one of the space conferences, I saw something about alert fatigue and cutting through the noise. And I'm going, oh my gosh, that language is now in the space world. And I was just thinking of all the things about cutting through the noise and you know, use it. How to, how to, you know, make sense of what's in your logs and I'm going this exact same problem.

Brandon Karpf (27:43)

But talk talk about an opportunity for the folks in the cybersecurity industry potentially kind of diversifying, you know, soar security, orchestration, automation and response can now mean space operations.

Maria Vermazes (27:54)

There you go.

Dave Bittner (27:55)

Nice.

Brandon Karpf (27:55)

I mean the same, the same kind of tools. Yeah that that have the cybersecurity industry has been forced to innovate around and develop over the last decade could be incredibly helpful. And the lessons learned of how to build proper operations floors and teams and manage the human element like alert, fatigue, et cetera.

Dave Bittner (28:15)

Time will tell. It strikes me that we're playing a bit of catch up when it comes to this stuff, but that's just my sense. All right. Maria Vermazes is host of the T Minus Space Daily Podcast and Brandon Karpf is the leader of International Public Private Partnerships at ntt. Thanks for joining us for thank you.

Maria Vermazes (28:33)

Thank you.

Dave Bittner (28:35)

Our thanks to Brandon Karp for joining us. Be sure to check out the T Minus Space Daily Podcast wherever you get your favorite podcasts. The world moves fast. Your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 Copilot this episode is.

Maria Vermazes (29:25)

Brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed's sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

Dave Bittner (29:57)

And finally, the Cybersecurity and Infrastructure Security Agency has decided it will not attend the RSA conference this March, a move that leaves much of the cybersecurity world blinking in confusion. This is, after all, the industry's largest annual gathering, a week long exercise in talking about threats, resilience and coordination. Exactly the sort of thing a national cyber defense agency might be expected to show up for. CISA says the decision reflects a renewed focus on core statutory duties and alignment with President Donald Trump's security priorities, along with careful use of taxpayer dollars. Fair enough, except RSAC has long been where CISA delivered its message, rallied vendors and talked directly to defenders. The absence lands days after former CISA director Jen Easterly became RSAC's CEO, her latest stop after a politically turbulent exit from government in a rescinded role at the United States Military Academy at West Point. Once CISA officials headlined rsa, now they're skipping it. For an agency tasked with national cyber coordination, opting out of the one place everyone coordinates feels less strategic and more baffling. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco. Attackers don't go through your tools, they go around them. In our interview with Jared Atkinson, CTO at Spectrops, he reveals how attackers look to exploit our identities, steal tokens, and quietly snowball their access across Active Directory, cloud apps and GitHub. We talk through attack paths, why least privilege keeps failing, and how one misconfiguration can hand over the keys to your organization. Want to see risk as attackers do? Then check out the full interview now on TheCyberWire.com Spectrops.