Maria Varmazes

You're listening to the N2K space network. AI agents are now reading sensitive data, executing actions and making decisions across our environments. But are we managing their access safely? Join Dave Buettner and Barak Shalef from Oasis security on Wednesday, December 3rd at 1pm Eastern 4 for a live discussion on agentic access management and how to secure non human identities without slowing Innovation can't make it live. Register now to get on demand access after the event, visit events.thecyberwire.com that's events with an s.thecyberwire.com to save your spot.

Sponsor Announcer

From phishing to ransomware Cyber threats are constant. But with Nordlayer your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single seamless platform. It helps your team spot suspicious activity before it becomes a problem by blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale and built on zero trust principles so only the right people get access to the right resources. Get 28% off on a yearly plan at nordlayer.com cyberwire daily with code CYBERWIRE28 that's nordlayer.com CyberWire Daily Code CYBERWIRE28 that's valid through December 10, 2025.

Maria Varmazes

The Aerospace Corporation presented space governance policy and regulatory frameworks at the Caribbean Space Summit, exploring how Puerto Rico can become a leader in the commercial space industry through smart policy. Here's part of their conversation with the UK Space Agency and UK Space Regulator at the Civil Aviation Authority. I'm maria varmazas and this is t minus deep space. Lori Gordon, Systems Director at the Aerospace Corporation, is joined by Matthew Archer, Director of launch at the UK Space Agency, and Colin McLeod, head of UK Space Regulator at the UK Civil Aviation Authority.

Thank you Matt Archer and Colin McLeod for being here. This is going to be a fantastic conversation and we are so excited to have you here. Colin is Head UK Space Regulator at the UK Civil Aviation Authority and Matt is head for Launch and Sustainability at the UK Space Agen. So Matt, thinking about global needs or allied needs for spaceport development? Where do you see the collective we right now? What does it mean for shaping global engagement? What is bilateral launch as a service or geographical use of launch sites look like? Can we shape this through Aukus? What are your thoughts?

Matthew Archer

Yeah, really interesting time to be answering that question. Geopolitics is definitely kind of interesting at the moment. I think for us we are leaning in heavily through the NATO starlift conversation. So for those not familiar, this is a flagship program within NATO starting to look at how do you take allied demand and start to say, well, okay, how do we build kind of capability to support those needs? Obviously, the US has an extensive wealth of its own capability, but I think what we're doing is kind of taking a view across Europe and beyond to say, okay, what demand do we know is out there? I think we know there's a wave of demand likely to grow through defence investment, particularly across Europe, but also beyond, with a view that space is an important capability. And building out the number of satellites that we can use to bring to kind of peacekeeping or adversarial kind of threats is really important. So for us, we're focusing on that. How do we bring that together? How do we place space ports into that debate? And that's about not just geography, which I'm sure Colin will talk more about some of the benefits of kind of being in sort of remote parts of Scotland and a free access to kind of northerly and sort of polar orbits. It's really interesting to think about responsive launch and what that means. I don't think we're there yet, but it is definitely a conversation of that collective we is setting out, where do we have standards, where can we align, where can we improve our working as a regulatory community, which I know Colin does regularly, to say, how can we simplify that for our customer base? But equally think about what that might mean in terms of doing things very quickly if the military needs it. But equally, how do we make it simpler for commercial customers to do their routine launches, which we know there will be more and more demand for? So, yeah, very interesting time.

Maria Varmazes

Yeah, absolutely. So, Colin, from a regulatory perspective, and Matt's kind of teed it up here, what are your tips and tricks for how you can engage stakeholders, getting things to move faster or it seems sometimes challenging to do that.

Colin McLeod

Yeah, thanks. So we're working very closely with other regulators around the world at the moment, and iac, the UK led a forum of international regulators who were wanting to look specifically at how we can align or easily to allow joint jurisdictional missions. And I am prioritizing these activities in the UK based on actual missions that are coming forward. So we've got a number of missions which could be orbital, where they're going from the UK or from the US and coming back to a third country, possibly even a fourth country, and launchers who are looking to launch from different, different locations. So there's things that we can do. It is quite difficult when countries have got their own national legislation because you can't simply just say that you're going to copy things across that that just doesn't work. But there are pragmatic and practical things that you can do. So for example, using the expertise within my team on flight safety analysis, they can hopefully support other countries who might not have those capabilities and capacities there. The actual safety around a spaceport is much more domestic because the safety to operate a chemical factory or other hazardous industries is common around the world. But it's the space rocket launch bit which is a bit different. But actually the calculation and the physics and this flight safety analysis is. Can be done across boundaries in an easier way.

Maria Varmazes

So in terms of. And we've talked about stakeholders a bit, you know, previously and, you know, sort of knowing your audience, knowing your customer base, but also who's contributing to your output, you know, are there any thoughts you have on supply chain, Colin, that you've seen maybe challenging and, you know, recommendations on how, you know, primes or, you know, companies that are, have significant supply chains can work more effectively? Any thoughts?

Colin McLeod

I think supply chain is quite interesting from a space perspective because there are so few standards. Lots of people will push for more standards. We would prefer to. We're willing to use standards, but we don't think we should be mandating them. And the reason I would say that is if you look at the four different launch companies that we have got licensed in the UK and some of the ones that are coming, some of them use complete carbon fiber bodies, others use steel, some use methane, some use RP1, they've got different avionics, some of them build their own, some of them are buying off the shelf. So when you do go to standardization, what you do end up with is you're picking some wonders. And maybe that is one solution, that's one way you can do it. But if you want to have all these new technologies that are coming forward, you don't have standards, but they all have their own supply chains. The other thing that's interesting for most space vehicles compared to aviation is of course that they are tending to manufacture almost everything from scratch themselves. So the supply chain is basically the company, they do most of that activity themselves. But as Mark was talking earlier, the other important bit for supply chains is the supply chain for the spaceport. So having access to good logistics, plenty of places for people to stay, good facilities for the people to work in, access to things like liquid oxygen, fuels, other gases and fabrication and capabilities to do all of those things is really, really important. The worst thing you can have in Many cases also is a really remote spaceport which is great for access to orbit. It's great for safety, but it's not good for safety if you have people working there in cold environments for protection, without proper accommodation and without the ability to get backwards and forwards quite quickly. So you've always going to have a trade off there between what's safe and what is a good way to operate safely.

Maria Varmazes

We'll be right back. At Thales, they secure what matters most.

Sponsor Announcer

The most trusted companies and organizations utilize.

Maria Varmazes

Thales cybersecurity products to protect critical applications, sensitive data and identities anywhere at scale.

Sponsor Announcer

Through their innovative services and integrated platforms.

Maria Varmazes

Thales provides customers a greater visibility of risks, the ability to defend against cyber.

Sponsor Announcer

Threats, close compliance gaps and deliver trusted digital experiences for billions of consumers every day.

Maria Varmazes

That's Talas T H A L E S learn more@cpl.talasgroup.com.

Sponsor Announcer

What's your 2am Security worry? Is it, do I have the right controls in place? Maybe are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

Maria Varmazes

Right. So Colin, you know, bringing it back to Puerto Rico. So they seem to be in a fantastic geography and you know, some, some weather challenges there in terms of hurricanes, but generally, you know, predictable. Just in general, what are some best practices or lessons learned to integrate, you know, spaceport plans with other international partners. So and Matt, you may want to talk about Starlift here, you know, as an allied partnership engagement. How does that configure into all of this? Does it sort of create a strong framework for how Puerto Rico can operate in terms of its launch capabilities and things like that?

Matthew Archer

Yeah, I think for me I would, as I sort of advised other countries in terms of when they're considering launch or space ports is really think about the end to end chain. So it's about understanding how you want to accommodate your regulatory environment to suit the kind of customer path that you see. So right from spaceport right through to your potential launch vehicles and customers, what's it launching? Where is it launching it? What are some of the challenges with that? So are we talking about, I'm guessing talking largely equatorial launches? Where else might you have particular safety concerns in terms of marine environment? You've obviously mentioned the weather. Like it won't surprise you that Scotland has its own weather challenges at times and as does every spaceport in the world. Right. They all have some kind of challenge that's not unique, but it's understanding what drives the model to make it work and how you then adopt your regulatory framework to, for me, make sure that business model stacks up. But equally in working with other regulators, as Colin does, it's starting to say, well, how can we learn about the best bits that match that our intent as a nation? How do we align and create potential mutual recognition schemes? Or how do we start to make it easier on providers to reduce the barriers of coming to operate from a particular spaceport? And that's going to be particularly keen in some of the conversations we'll have around Starlift is customers of launches generally say, I just want to get to this place or I want to get it on orbit cheaply. Your then discussion is, well, who can do that well and reliably, which is part of the challenge of building a launch capability. Where it launches from is about access to certain orbits and that's where you want to have that and your regulatory framework underpins that and whether it makes it harder or not for those providers. So that's the bit you need to get right is really think through your end to end journey and yeah, build on the experience of people like Colin and others. They can absolutely support kind of allies to think through those challenges.

Maria Varmazes

And so what I think I'm hearing both of you say is that in addition to the regulatory and policy pieces, the technology pieces which people always think about, it's really critical to understand your stakeholder base, you know, who you're serving, who your customers are, et cetera. So thank you both so much. This was a terrific discussion. We are so excited about everything the UK and us are doing together because it's critically important. So thank you so much.

Matthew Archer

Thank you.

Colin McLeod

Thank you.

Maria Varmazes

That's T minus Deep Space brought to you by N2K CyberWire. We would love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing space industry. If you like this show, please share a rating and review in your podcast app, or you can send an email to space2k.com we are proud that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K helps space and cybersecurity professionals grow, learn and stay informed. As the nexus for discovery and connection, we bring you the people, the technology and the ideas shaping the future of secure innovation. Learn how@n2k.com N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I am T minus host Maria Varmazes. Thank you for listening. We'll see you next time.

Sponsor Announcer

Most environments trust far more than they should, and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With Threat Locker, allow listing, you stop unknown executables cold. With Ring Fencing, you control how trusted applications behave. And with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.