More layoffs for NASA’s JPL. - T-Minus: Space-Cyber Briefing

Summary6 min read

T-Minus Space Daily: "More Layoffs for NASA’s JPL" – November 13, 2024

N2K Networks' "T-Minus Space Daily" delivers the latest intelligence and analysis critical to leaders and experts within the global space industry. In this episode, host Alice Carruth dives deep into significant developments, including workforce reductions at NASA's Jet Propulsion Lab (JPL), Rocket Lab's robust financial performance, and a pivotal discussion on API security in space. Below is a comprehensive summary of the episode's key points, enriched with notable quotes and structured for clarity.

1. NASA’s Jet Propulsion Lab (JPL) Announces Workforce Reductions

The episode opens with somber news from NASA's Jet Propulsion Lab (JPL) in California. Faced with budget constraints for fiscal year 2025, JPL has made the difficult decision to reduce its workforce.

Impact Details:
- Number of Layoffs: Approximately 325 employees, constituting about 5% of JPL’s total workforce.
- Affected Areas: Technical, business, and support sectors within the lab.
Official Statement Highlights:

"While we have taken various measures to meet our current fiscal year 2025 budget allocation, we have reached the difficult decision to reduce the JPL workforce through layoffs."
(00:47)

"These are painful but necessary adjustments that will enable us to adhere to our budget while continuing our important work for NASA and our nation."
(00:47)
Operational Changes:
- All employees were required to work from home on the day of the announcement.
- A virtual lab-wide meeting was held at 9:30 AM local time to communicate the details.
Host’s Reflection: Alice Carruth expresses sympathy and support for the affected employees, emphasizing the challenging nature of the decision.

2. Rocket Lab’s Financial Upswing and Strategic Contracts

Contrasting the JPL layoffs, Rocket Lab shares positive strides in its business operations.

Financial Performance:
- Revenue Growth: 55% year-over-year increase, reaching $105 million.
- Backlog: A strong demand reflected in a backlog of $1.05 billion.
Strategic Agreements:
- Neutron Aspire Contract: A multi-launch agreement with an undisclosed commercial satellite constellation operator for Rocket Lab’s medium-lift rocket, Neutron. This includes two dedicated missions slated for mid-2026.
- Federal Defense Contract: Collaboration with the US Air Force lab to support Neutron and the development of the OS Archimedes engine.
Upcoming Missions:
- ICE ICE Baby Mission: Scheduled launch for CNES (French space agency) within a 14-day window starting November 23rd.

“The company's revenue grew 55% year on year to $105 million and they continue to see a strong demand growth with backlog at $1.05 billion.”
(01:21)

3. Spire Global’s Strategic Sale of Maritime Business

Spire Global has entered into an agreement to sell its maritime business to Kepler Corporation for approximately $241 million.

Transaction Details:
- Purpose of Sale: Use proceeds to retire all outstanding debt and invest in near-term growth opportunities.
- Retained Assets: Spire will maintain its satellite network technology and infrastructure, continuing to serve aviation, weather, and space services customers, alongside its existing US Government maritime customers.
- Closing Timeline: Expected by Q1 2025.

4. Denmark Joins the Artemis Accords

Denmark becomes the 48th nation to sign the Artemis Accords, marking a significant step in international collaboration for lunar exploration.

Ceremony Details:
- Location: Copenhagen.
- Representative: Christina Uglund, Minister of Higher Education and Science, signed on behalf of Denmark.

5. Investment and Financial Developments in the Space Sector

Several companies announce notable financial milestones and strategic initiatives:

Gitai USA:
- Funding Raised: An additional $15.5 million as part of its Series B extension, bringing the total to $60.5 million.
- Use of Funds: Advance on-orbit services and lunar infrastructure construction in the US defense market.
Ispace (Japan):
- Financial Results: Reported $99 million in contract agreements for Q2 of fiscal year ending March 31, 2025.
- Mission Plans: Preparations for the Resilience lander mission with SpaceX, scheduled no earlier than January 2025.
Rivada Space:
- Contracts Secured: For the proposed AlterNet constellation in 18 countries and ongoing pipeline deals.
- Business Outlook: Over $13.5 billion in global business lined up for its Low Earth Orbit (LEO) network and an addition of 400 MHz of spectrum.
Cydus Space:
- Partnership: Selected to design and build data storage spacecraft for Lone Star Data Holdings, focusing on advanced data storage and disaster recovery for mission-critical information.
Space Development Agency (SDA):
- Contract Awarded: Kratos Technology and Training Solutions received a contract worth up to $117 million for Advanced Fire Control ground infrastructure.
Sony Space Communications Corporation (SSCC) and Astro Digital Partnership:
- Project: Design, manufacture, and launch two microsatellites equipped with SSCC's optical communication technology, targeting high data rate lasercom links.

6. In-Depth Discussion: APIs in Space and Security Concerns

A pivotal segment of the episode features a discussion between Ivan Novikov, CEO of WALM, and Maria Valmazas on the evolving role of APIs (Application Programming Interfaces) in space technologies and the accompanying security challenges.

Understanding APIs in Space: Maria Valmazas explains that APIs are the “new wires” facilitating communication between different systems, vital for mobile apps, websites, and data transmission between Earth and satellites.

"API is basically the way how different systems communicate to each other, transfer data..."
(10:06)
Security Risks Associated with APIs: The conversation delves into the inherent security vulnerabilities of APIs, especially when misconfigured or poorly managed.
- Key Risks:
  - Unauthorized access to sensitive or private data.
  - Potential for large-scale data breaches due to the high-speed and accessibility of APIs.
  - National security implications if critical space data is compromised.
"APIs makes this even faster because it's designed specifically to get access to your data in a very fast way..."
(15:13)
Best Practices for Securing APIs: Maria emphasizes the importance of "security by design," ensuring that APIs are developed with robust authentication and authorization mechanisms from the outset.

"Secure design or security by design is the first thing."
(17:36)
- Authentication: Verifying the identity of API users to ensure only authorized entities can access the data.
- Authorization: Defining specific permissions for authenticated users to limit access to only necessary functions.
- Usage Controls: Monitoring and restricting how APIs are used to prevent abuse, fraud, and other malicious activities.
- Design Considerations:
  - Establishing ownership and responsibility for each API function.
  - Implementing comprehensive security controls before deploying APIs to production environments.
"If you release some API and never require authentication, you have many users, it's just hard for you to step back and tell, hey, no, no, no, now I'm kind of like canceling this and start over."
(13:04)
Implications for Space Companies: With many space companies leveraging APIs to disseminate satellite data, the potential for rapid and widespread access necessitates stringent security measures to protect both proprietary and sensitive information.

7. Closing Remarks and Additional Information

The episode concludes with a lighter segment explaining the Martian New Year, linking it metaphorically to the continuous advancements in space exploration.

Martian Calendar Insights:
- Martian Day (Sol): 24 hours and 39 minutes.
- Martian Year: 687 Earth days (668 sols).
- Cultural Tidbit: Future Mars settlers can calculate their age by dividing their Earth age by 1.88.

“If you're now wondering how old you are on Mars, divide your current age by 1.88 and tell your friends just how much younger you are.”
(17:19)

Conclusion

This episode of "T-Minus Space Daily" encapsulates a blend of challenging and optimistic developments within the space sector. From NASA's necessary workforce adjustments to Rocket Lab's thriving business ventures, the landscape is both dynamic and resilient. The in-depth discussion on API security underscores the critical intersection of technology and safety in space operations, highlighting the need for proactive measures to safeguard invaluable data. As the global space community continues to expand and innovate, staying informed through platforms like N2K Networks remains indispensable for industry stakeholders.

For more detailed insights and to stay updated on the rapidly evolving space industry, visit N2K Networks.

Loading summary

Transcript21 lines

[00:02]
Alice Carruth
You're listening to the N2K space network.
[00:13]
NordPass Sponsor
The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps and added risk. That's why Cloudflare created the first ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business.
[00:48]
Ivan Novikov
Space and politics are still very much intertwined. From policy to funding. It really depends who's in office and what deals can be made. Now SpaceX's founder Elon Musk has been appointed in the new US administration. We shall see how that shakes things up for NASA and the faa. As if NASA doesn't already have a lot to deal with thanks to budget allocations.
[01:12]
Maria Valmazas
T minus 20 seconds.
[01:21]
Ivan Novikov
Today is November 13, 2024. I'm Alice Carruth and this is Team NASA's JPL announces cuts to the workforce Rocket Lab announces new contracts for Neutron Aspire Global sells its maritime business and our guest today is Ivan Novikov, CEO of WALM. Ivan will be talking to Maria Valmazas about APIs in space, raising new security concerns. It's definitely worth listening to later in the show. Happy hump day everybody. We're kicking off today's intelligence briefing with some somber news. NASA's Jet Propulsion Lab in California, known as JPL, has announced that it'll be making layoffs. JPL shared the announcement on NASA's website stating, quote, while we have taken various measures to meet our current fiscal year 2025 budget allocation, we have reached the difficult decision to reduce the JPL workforce through layoffs. This reduction affects approximately 325 of our colleagues, an impact of about 5% of our workforce. These impacts are occurring across technical, business and support areas of the lab. The statement went on to say that, quote, these are painful but necessary adjustments that will enable us to adhere to our budget while continuing our important work for NASA and our nation. All employees were required to work from home today on November 13, regardless of their telework status. At 9:30am local time, a virtual lab wide meeting was held to relay the details of what to expect. Our thoughts and best wishes are with those affected by the layoffs. Moving on to some more positive news, Rocket Lab has shared their financial results from the last quarter. The company's revenue grew 55% year on year to $105 million and they continue to see a strong demand growth with backlog at $1.05 billion. Rocket Lab also used their investor Core to announce a multi launch agreement with a confidential commercial satellite constellation operator for its new medium lift rocket Neutron. Under the contract, Rocket Lab will launch two dedicated missions on Neutron starting in mid-2026. They also announced a federal defense contract that supports Neutron and the development of OS Archimedes engine with the US Air Force lab. Rocket Lab's next launch, the ICE ICE Baby mission for CNES, is scheduled to take off during a 14 day window that opens on November 23rd. Spire Global has announced an agreement to sell its maritime business to kepler for approximately $241 million. The company says it plans to use the proceeds of the sale to retire all outstanding debt and invest in near term growth opportunities. Spire will retain its satellite network technology and infrastructure and will continue to serve its aviation, weather and space services customers along with the existing US Government portion of its maritime customer portfolio. The transaction is expected to close by the first quarter of 2025. Denmark has become the 48th nation to sign the Artemis Accords. A ceremony was held in Copenhagen with Christina Uglund, Minister of Higher Education and Science, signing the Artemis Accords on behalf of Denmark. Robotics company Gitai USA has raised an additional $15.5 million as part of its Series B extension round. This follows the $45 million raised in 2023, bringing the total of the Series B extension round to $60.5 million. With this additional funding, GITEI aims to further advance on orbit services and lunar infrastructure construction in the US and defense market. Japanese company Ispace has shared its financial results for the second quarter of the fiscal year, which ends March 31, 2025. The Tokyo based company has reported contract agreements totaling $99 million. Ispace also announced that their mission to launch with SpaceX is scheduled for no earlier than January 2025. The company says that preparations for the resilience lander are progressing smoothly and that the vehicle will be shipped to Florida on time according to the planned schedule for their launch. Launch Preparations Rivada Space has announced that it secured contracts for their proposed AlterNet constellation in 18 countries and on every continent. These countries include the UK, Netherlands, Denmark, Finland, Colombia, Nambia and more are in the pipeline. Rivada also says that it's lined up more than $13.5 billion of business globally for its LEO network and has added 400 MHz of newly available spectrum to its portfolio. Cydus Space has been selected to design and build the first generation of data storage spacecraft for Lone Star Data Holdings. Sidus will be Lone Star's exclusive satellite manufacturing partner for six data storage spacecraft that will orbit the moon, offering advanced data storage and disaster recovery capabilities for mission critical information. CIDUS will manage the design, payload integration, planning and on orbit support for each of the six satellites. The Space Development Agency has awarded a contract for Advanced Fire Control ground infrastructure to support demonstrations and potential future operations under the agency's advanced fire control effort. The cost plus award fee contract, worth a maximum of $117 million, was awarded to Kratos Technology and Training Solutions. Kratos will lead a team of industry performers to provide a common, enduring ground infrastructure and resources to minimize cost and complexity for multiple advanced fire control prototype efforts. Initial funding of approximately $17 million was obligated at the time of the award. Sony Space Communications Corporation, known as sscc, and Astro Digital are partnering to design, manufacture and launch two microsatellites. These satellites will each carry an SSCC optical terminal and will showcase SSCC's optical communications technology by establishing high data rate lasercom links with each other as well as with terminals on the Earth. The satellites are expected to be launched in 2026. That concludes today's Intel Briefing. As always, you'll find links to further reading on all the stories mentioned in our show. Notes Today we've included the announcement of Elon Musk's new position in US politics, an announcement from Viasat and Altan in Mexico, and another one on NASA's studies on sustainable aircraft. 80 miners crew if you find this podcast useful, please do us a favor and share a five star rating and a short review in your favorite podcast app. It will help other space professionals like you find the show and join the T crew. Thank you. We really appreciate it.
[09:00]
NordPass Sponsor
And now a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now you can go to www.nordpass.com cyberwire for 35% off the NordPass business yearly plan. Don't miss out on that.
[09:36]
Maria Valmazas
Foreign.
[09:44]
Ivan Novikov
In D.C. this week, speaking to sci Fi legend Rondy Moore. We'll be sharing that chat with you later this month. But before her travel, she spoke to Ivan Novikov, CEO of Wal, about APIs in space raising new security concerns. What are APIs, I hear you say. Here's Ivan with that explanation.
[10:06]
Maria Valmazas
APIs kind of new wires. Whatever you think about the connectivity, 99% of the chances it's driven by API. So API is basically the way how different systems communicates to each other, transfer data and if you any time using, you know, mobile app, right. Your mobile app actually rely on API. So API is the way how your mobile app connect to the cloud to get some data and show you the data back in the ux, the same websites, the majority of the websites now using the same approach where the front end of the website communicates with an API in the back end. Similar to bank to bank wires, it's driven by API or even the data that goes from the earth to the satellites. So it's also API, it's basically new wires that connects everything.
[10:59]
Alice Carruth
Now I feel like we're all up to speed, exactly where we need to be there. Okay, so for folks who are making, I'm going to be very broad strokes here, who are making some kind of spacecraft or working with and you're facing with some sort of space application in any way. They're using APIs in a number of different ways. Either they are creating them for their application or they are using them, or sometimes both. What are the issues that people need to understand in terms of the security problems that can come up with API use in the context of space?
[11:29]
Maria Valmazas
Yeah. So the first of all, I guess that API is just an interface, right? The term defined very broadly, as I said before, like a new wire and very specific implementation of the APIs such as you mentioned in the space area. Right. It really depends on what's there, which data goes there. And I guess the main thing to put as a first thing that you have to understand while you start developing or building or use APIs is like nothing guaranteed by default. So having API doesn't mean that any security controls will be delivered by default. And that's crucial. It's very important because when we focus on something new, sometimes we assume that some kind of new security control should be also delivered in this new tech, because this tech is new, but it's not because it's very broadly defined in many cases, just like the general term. And inside the hood, under the hood all the time, you will have some more and more specific thing that you have to focus on.
[12:38]
Alice Carruth
I'm thinking through some space companies that I'm not going to name names, but I'm thinking many of them have an API that's very open to the web because they want people to use the data that they're providing from their satellites, for example. I'm trying to think of examples of what is the direction that we want to give people who are developing APIs for people to access or as you said, not to assume that things are secure. But what do people need to do beyond that? Do they need to, what do they need to do next?
[13:05]
Maria Valmazas
I guess the first thing is just to start with usual application security controls such as identify who is your customers who consume your API. How you can make sure that your consumer is actually your consumer means authentication. Right. And then if you 100% sure of that or some sort of authentication done, you have to focus on how exactly you know which functions this authenticated user can consume. Means authorization to very specific functions. And then when it started, you have to make sure that the way how this authenticated and authorized users consume your functions actually your designed way, the way how you design how you suppose them to use these functions means in many cases abuse or fraud or some other attacks like that. So it's basically main three things that we have to check then the most important part here is you have to design the things while you're designing your APIs in the way how it will be designed in the future before you actually roll out this to any production things. Otherwise it's just impossible to define it afterwards. If you release some API and never require authentication, you have many users, it's just hard for you to step back and tell, hey, no, no, no, now I'm kind of like canceling this and start over. So it's just hard. So that's why these three things should be designed before and then all the next thing could be kind of like delivered and you will see, I mean some, some real data, some real use case and some real attacks for sure.
[14:53]
Alice Carruth
Can you give me a sense of the potential risks for a misconfigure or poorly configured or not at all? Well, configured API. So what is at risk if someone, you know, if some, you know, access is wide open in a way that maybe the API provider didn't intend? It's not just that people you don't want can access your data, are other things at risk as well?
[15:13]
Maria Valmazas
Yeah. So essentially as I said before, API just like direct access to the data. And that's very important because if you have a direct access to the data, then basically you design API, right, to access your data. So it's not something designed for a different purpose. Right, Designed for this purpose. If you kind of like miss a few controls such as authentication authorization or the using kind of like limiting the usage. Right. Then you have a case when your data became accessible and then if it became accessible from different ways, not designed by use. And it caused some risks. Could be direct risks such as your private data or sensitive private data got compromised or indirect risk where just legit users can see some more. But over years or over quarters, the data became private or very sensitive to you because something changed. So that's what. But what basically makes API so unique in terms of this, why it's not like it was before this API actually took over as the speed and accessibility. So basically if we're talking about API, let's say when I started Cyber, it was not a problem to have an issue like security issue for five, 10 minutes. We all accept the risk and we thought, hey, five, 10 minutes is probably okay. I can managed to call someone and that someone can, you know, block an access. So it's kind of like acceptable risk. 5, 10 minutes is not enough nowadays even one minute. It's just enough to download, you know, like couple of gigabytes of data, which is a lot. And APIs makes this even faster because it's designed specifically to get access to your data in a very fast way without anything, you know, any barriers in the front. So basically if you have an issue with your authentication and you basically don't have any couple of seconds because in 30 seconds it's possible to download like a gigabit and it's a gigabyte of data. It's a lot. Right. And in many cases an entire user database on an entire scope of your secrets basically fits 1 gigabyte.
[17:19]
Alice Carruth
Yeah. As you're describing this, I'm thinking national security issues. That seems like a very clear use case of where this could be a really big issue. That's a little scary, but also good to know. I mean knowledge is power, so this is good to know.
[17:37]
Ivan Novikov
Yeah.
[17:37]
Alice Carruth
So now that I'm terrified, what is the advice that we want to leave our listeners who are building out these solutions? What do we need them to know in order to lock down their APIs a bit better?
[17:52]
Maria Valmazas
As I said before, secure design or security by design is the first thing. Right. And then basically this points you to the most important piece of your API landscape, or so called posture. So if you have something that you don't know about, such as APIs that you don't even know about, I mean automatically it means that you don't have security controls there, otherwise how it's possible. So I guess having some kind of baseline of in inventory or posture is probably the first thing. But you should not think about posture as something, hey, I know that it's deployed Right. You have to think about that as like, do I have secure designs there or not? Which kind of controls were designed, you know, put it into the basement when I start to build it, or my team build that or not. And if you don't have an answer who built that, how it was built, then it's almost equal to, you don't have any security there because you cannot rely on any reasonable feedback. And in many cases you don't even know an owner or who is now responsible for the particular function. Which means you in many cases will see no one responsible for the piece of the data. Right. Accessible to someone, which is a big concern and big problem. And I guess while an entire world start to consume APIs like heavily, they realize it's easy to build them, which is another risk factor. When it's something easy to build, then you know, it's hard to secure and hard to maintain. Right. Because essentially it's a trade off. Right. If it's something easy, then there is a kind of like the back side of the same problem, right. That in our case it's a security, it's easy to build, it's easy to connect data to the API, it's easy to make the data accessible, it's fast, but it's a lot of security concerns are connected to the same, you know, simplicity.
[20:03]
Ivan Novikov
We'll be right back. Welcome back and happy New Year, Mars. Yes, yesterday was a normal midweek here on our planet. But it marked the start of a new year for our neighboring Red planet. How do we know this? Because we us Earthlings say so. The convention for counting years on the Martian calendar started in 1955 with a major storm named the Great dust storm of 1956. This is the 38th Martian year since we started keeping track. You see, a Martian day is called a sol, and it lasts 24 hours and 39 minutes, just slightly longer than an Earth day. One year on Mars, however, equals 687Earth days, or 668sols, nearly twice as long as an Earth year. The Martian new year begins in the northern equinox. It's spring in the north and autumn in the south. Yes, Mars has four seasons, just like here on Earth, although they don't equal in length due to Mars elliptical orbit. And if you're now wondering how old you are on Mars, divide your current age by 1.88 and tell your friends just how much younger you are. It sure does feel good to be 21 again. That's it for T minus for November 13, 2024. Brought to you by N2K CyberWire. For additional resources from today's report, check out our show notes@spare.n2k.com we'd love to know what you think of this podcast. You can email us@spacen2k.com or submit the survey in the Show Notes. Your feedback, and we really do want it, ensures that we deliver the information that keeps you a step ahead in the rapidly changing space industry. N2K strategic workforce intelligence optimizes the value of your biggest investment your people. We make you smarter about your team while making your team smarter. This episode was mixed by Elliot Peltzman and Trey Hester, with original music by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karff, Simone Petrella is our president, Peter Kilpie is our publisher, and I'm Alice Carruth. Thanks for listening.
[22:38]
Maria Valmazas
T.