SpaceX, ULA and Blue Origin selected for National Security Space Launch. - T-Minus: Space-Cyber Briefing

Summary5 min read

T-Minus Space Daily Summary: "SpaceX, ULA and Blue Origin Selected for National Security Space Launch"

Release Date: April 7, 2025
Host: Maria Varmazes, N2K Networks

Introduction

On April 7, 2025, T-Minus Space Daily delivered a comprehensive episode covering significant developments in the space industry. Hosted by Maria Varmazes from N2K Networks, the episode delved into major contract awards, funding successes, upcoming launches, leadership nominations, and cybersecurity regulations pertinent to the space sector.

Major National Security Space Launch Contracts

Contract Awards to SpaceX, ULA, and Blue Origin

The episode opened with breaking news from Reuters about the U.S. Space Force's Space Systems Command awarding substantial contracts to SpaceX, United Launch Alliance (ULA), and Blue Origin for national security space launches.

SpaceX was awarded $5.92 billion.
ULA received $5.37 billion.
Blue Origin secured $2.39 billion.

Maria Varmazes (00:01:31) highlighted the scope of these firm-fixed-price indefinite delivery contracts, emphasizing their role in providing critical space support services such as launch services, mission support, anomaly mitigation, and fleet monitoring. She detailed that SpaceX will act as the primary provider with 28 missions, ULA as the secondary with 19 missions, and Blue Origin as the tertiary provider handling 7 missions from fiscal years 2025 to 2029.

Notable Quote:

Maria Varmazes [01:31]: "Who said there's no money in space, huh?"

Etherflux Raises $50 Million in Series A Funding

Renewable energy company Etherflux announced a successful $50 million Series A funding round, bringing their total capital raised to $60 million. The startup focuses on making space-based solar power a reality, having recently secured government funding and demonstrated power transmission in their lab. The new funds aim to address the U.S. Department of Defense's complex energy challenges.

Upcoming Hearings and Nominations

Jared Isaacman's NASA Administrator Nomination

A significant highlight was the upcoming Senate Commerce, Science, and Transportation Committee hearing on Jared Isaacman's nomination to be NASA's 15th Administrator, scheduled for April 9th. Isaacman, a billionaire entrepreneur and SpaceX astronaut, has garnered support from 28 former NASA astronauts who praised his passion for space exploration and his potential to inject renewed energy into the agency.

Isaacman's Background: Two trips to orbit aboard Elon Musk's Crew Dragon, with more planned.

Notable Quote:

Maria Varmazes [01:31]: "If confirmed, he will be the agency's 15th administrator."

Amazon's Project Kuiper Launch

Ka01 Mission Scheduled for April 9

Amazon's Project Kuiper is set to launch its first batch of operational satellites on April 9. The mission, designated Ka01 (Kuiper Atlas 1), will deploy 27 Kuiper satellites into low Earth orbit from Cape Canaveral, aiming to rival SpaceX's Starlink with a planned constellation of over 3,200 advanced low Earth orbit satellites. Amazon has secured more than 80 launches to build this expansive network.

NASA's Gateway Module Arrival

HALO Module Arrives in Arizona

NASA's Habitation and Logistics Outpost (HALO), one of two foundational elements for the Gateway space station, successfully arrived in Arizona. The module, manufactured by Talusolenia Space in Turin, Italy, will undergo final outfitting at Northrop Grumman's facility in Gilbert before integration with Gateway's power and propulsion element at NASA's Kennedy Space Center in Florida. Both modules are slated for launch aboard a SpaceX Falcon Heavy rocket.

Notable Quote:

Maria Varmazes [01:31]: "That's a really cool idea. We hope that whatever they do, they don't destroy what was obviously made to last."

Cybersecurity Regulations in Space Contracts

Space Law 101: Tackling Cybersecurity

The episode featured an insightful segment by Aegis Space Law, focusing on cybersecurity regulations essential for U.S. federal contracts within the space industry. Partners Bailey Reichelt and Jack Shelton, alongside guest Ryan Bonner, CEO of DevCert, discussed the evolving landscape of cybersecurity obligations.

Key Topics:
- Importance of secure access and identity attack path management.
- Implementation of the Cybersecurity Maturity Model Certification (CMMC) with levels tailored to contract sensitivity.
- Impact of Federal Acquisition Regulations (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) on contractors.
- Challenges faced by small businesses, including those applying for SBIR and STTR grants, which must adhere to stringent cybersecurity requirements without exemptions.

Notable Quote:

Ryan Bonner [12:03]: "There will be a one-year interlude period, phase one of a phased rollout where you don't absolutely need to have an on paper certification yet."

Insights:

Contractors must prioritize CMMC Level 2 to meet existing Contracting obligations.
Small startups are encouraged to adopt cloud-native security solutions to comply within the 12 to 18-month implementation window.
Upcoming FAR clauses will extend cybersecurity obligations across all federal contracts, including those with NASA.

Historical Spotlight: Vanguard 1 Satellites

67 Years in Orbit

The episode concluded with a nostalgic look back to 1958, celebrating the Vanguard 1 microsatellite, which recently marked 67 years circling Earth. Although no longer transmitting, Vanguard 1 remains a testament to durable engineering. A multidisciplinary team has proposed missions for an up-close examination or possible retrieval of the satellite to study its solar cells, batteries, and the effects of long-term exposure to space conditions.

Notable Quote:

Maria Varmazes [24:08]: "We hope that whatever they do, they don't destroy what was obviously made to last."

Conclusion

T-Minus Space Daily provided a thorough overview of critical developments shaping the space industry. From significant national security contracts awarded to leading aerospace companies and groundbreaking funding for renewable energy in space, to leadership nominations and cybersecurity regulations, the episode underscored the dynamic and multifaceted nature of the space sector. The historical reflection on Vanguard 1 served as a poignant reminder of humanity's enduring commitment to space exploration.

For those looking to delve deeper into these topics, additional resources and detailed reports are available in the show notes on space.n2k.com.

Follow T-Minus Space Daily:

LinkedIn: N2K T-Minus Page
Instagram: T-Minus Daily

Feedback and Engagement: Listeners are encouraged to share ratings, reviews, and feedback via the podcast app or by emailing space@n2k.com to help shape future episodes.

Loading summary

Transcript30 lines

[00:00]
Maria Varmazes
Foreign you're listening to the N2K space network.
[00:11]
Unknown Speaker
What's the common denominator in security incidents? Escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how Attack path Management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by SpectreOps. Head to SpectreOps IO today to learn more SpectreOps. See your attack paths the way adversaries do.
[01:04]
Maria Varmazes
Foreign Today is Monday, April 7th, 2025. I'm Maria Varmazes hi from Space Symposium and this is T minus.
[01:21]
Ryan Bonner
T minus 20 seconds.
[01:24]
Bailey Reichelt
Go for deploy.
[01:32]
Maria Varmazes
The first pressurized module and one of two foundational elements for NASA's Gateway has arrived in Arizona. Amazon's Project Kuiper is due to launch the first batch of operational satellites on April 9. A U.S. senate committee will hold a hearing on Jared Isaacman's nomination to be NASA administrator on April 9. Etherflux has raised $50 million in a Series A funding round. U.S. space Systems Command has awarded three National Security Space Launch contracts to SpaceX, ULA and Blue and Aegis Space Law will be bringing you their latest segment on Space Law 101, and today they're tackling cybersecurity regulations required for US federal contracts. It's a very informative chat, so we hope you'll stick around for that after today's headlines. Happy Monday everybody from a Sunny Colorado Springs N2K is at the Space Symposium this week to cover the event and to record AWS In Orbit episodes. And if you're here, we hope you'll come by the AWS booth tomorrow morning from 9:00am local time to see us in action. We are in the north hall at booth 1036. Let's get on to today's headlines then, shall we? Late last week, Reuters broke The news that SpaceX, United Launch alliance and Blue Origin were selected to receive contracts worth billions of dollars from the US Space Force's Space Systems Command for national security space launches. SpaceX has been awarded $5.92 billion, ULA $5.37 billion and Blue Origin $2.39 billion. Whoa. The firm fixed price indefinite delivery contracts cover the procurement of critical space support aimed at meeting national security objectives. This includes launch services, specialized mission services, accelerated mission support, rapid response and anomaly mitigation, special studies, launch service support, fleet monitoring, early integration studies and mission assessment. Just about soup to nuts that. Under SpaceX's contract, the company will serve as the requirement one provider and will receive 28 missions. ULA will be the requirement two provider and is expected to secure 19 missions. Both companies will conduct phase three lane two missions from fiscal year 2025 to 2029. Blue Origin, meanwhile, is expected to get seven missions starting in order year two as the requirement three provider. Who said there's no money in space, huh? Speaking of which, renewable energy company etherflux has raised $50 million in a series A funding round. The company is working towards making space solar power a reality. In the past few months, they've been awarded government funding, grew the team and demonstrated power transmission in their lab. The company has now raised a total of $60 million. They say the new capital will be used to focus the mission supporting the United States Department of Defense's complex energy challenges. We've got lots of big events happening this week, and not just at Space Symposium. Firstly, the Senate Commerce, Science and Transportation Committee will hold a hearing on Jared Isaacman's nomination to be NASA administrator on April 9th. If confirmed, he will be the agency's 15th administrator. US President Trump announced his intention to nominate the SpaceX astronaut in December, reminder that Jared Isaacman is a billionaire entrepreneur who has made two trips to orbit on Elon Musk's Crew Dragon spacecraft, with more planned. In April, a group of 28 former NASA astronauts announced their support for Isaacman in an open letter to the Senate. The letter stated that Jared has a genuine passion for space exploration and will bring a renewed energy and sense of purpose to NASA, and we will bring you more on that story later this week. Also expected this week, Amazon's Project Kuiper is due to launch the first batch of operational satellites on Wednesday. The mission, named Ka01 for Kuiper Atlas 1, will see United Launch alliance send 27 Kuiper satellites into low Earth orbit from Cape Canaveral. Project Kuiper is expected to rival SpaceX's Starlink. The constellation will include more than 3,200 advanced low Earth orbit satellites, and Amazon has secured more than 80 launches to deploy that initial constellation, with each one adding dozens of satellites to the network. The first pressurized module and one of two foundational elements for NASA's Gateway has arrived in Arizona last week. The HALO, which stands for Habitation and Logistics Outpost, is in the United States, fresh off a transatlantic journey from Talusolenia Space in Turin, Italy. The structure will undergo final outfitting at Northrop Grumman's integration and test facility in Gilbert before being integrated with Gateway's power and propulsion element at NASA's Kennedy Space center in Florida. The pair of modules will eventually launch together on a SpaceX Falcon Heavy rocket. And that's it for today's headlines. If you'd like to read more about any of the stories that I've mentioned, be sure to check them out in your show notes or over at space.n2k.com/t/crew if you would like daily updates from us directly in your LinkedIn feed, be sure to follow the official N2K T minus page over on LinkedIn. And if you're more interested in the lighter side of what we do, here we are at T minus Daily on Instagram. Instagram and that's where we're going to be posting a lot of behind the scenes videos from our time here at Space Symposium this week, so be sure to join us there. Links are in the show. Notes for you.
[08:07]
Unknown Speaker
Foreign.
[08:12]
Secure access is crucial for US Public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero Trust and secure your workforce wherever they are. Elevate your security Strategy by visiting Cisco.com Go SSE that's Cisco.com Go SSE.
[08:57]
Our.
[08:57]
Maria Varmazes
Partners at Aegis Space Law are tackling cybersecurity and space law in today's segment.
[09:04]
Jack Shelton
We'Re back to talk about more space law. I'm Bailey Reichelt, I'm a partner and co founder at Aegis Space Law. I'm here with my co founder Jack Shelton, and we actually have a special guest, Ryan Bonner, CEO of DevCert and friend of the firm, because we often find ourselves calling him to ask cybersecurity questions. Because as it turns out, if you're going to work in a highly regulated industry, cybersecurity is going to be part of those many regulations you're talking about. Ryan, do you want to give a bit of an introduction of yourself and what defstor does?
[09:40]
Ryan Bonner
Sure. As you mentioned, we're doing a lot of work with organizations in the defense industrial base and obviously there's a big overlap there with the space industry. And so a lot of our efforts with different startups and existing defense contractors is really just applying a lot of the regulations that have to do with data safeguarding, data confidentiality that are buried somewhere down in contract clauses or in other places and sort of bringing those up to the surface and helping implement them. So that as industry moves towards more of like a certification or third party assessment style of verification for these requirements, that no one's really, you know, caught in a spot where they can't participate or can't get an award.
[10:26]
Jack Shelton
So the way that this normally comes up for us is we will get a new client in and they'll either want to be a U.S. government contractor, whether it's defense or otherwise, maybe even NASA, or they will already be working with the government, either a prime or they're a subcontractor. And this gets flowed down to them. Cybersecurity provisions get flowed down to them in Federal Acquisition Regulations or the Defense Federal Acquisition Regulation Supplement so far, or DFARs. And sometimes companies don't always read all those flow downs and they certainly don't look them all up to know what they mean when they sign up for them when they register in. Sam, I don't know if you've ever seen that, but it turns out some people don't read all of those. And so one of the questions we often ask, especially if we're setting someone up, is, hey, did you know about these cybersecurity requirements? Depending on your contract type is kind of how onerous they are and what it really takes to meet them. And we'll talk about that often alongside export controls, because that's going to be a slowdown as well. And we're going to explain to them, hey, you're a US Company, you're subject to US export controls, but now you're looking to register to work with the government or accept a government contract. You are also going to have this thing you now have to deal with called controlled unclassified information. And there can be a link between export controls and cui. Ryan, what do you normally tell people when you hit that moment? How do you explain the CUI export conundrum?
[12:03]
Ryan Bonner
Yeah, I think that it's important to help organizations understand that not all export controlled information is controlled on classified information, but there's a really significant overlap in some key areas that are going to affect most contractors moving into this particular part of the defense industrial base. And so when we think about that overlap, your contract clauses under DFARS will talk about something called controlled Technical Information. And when you visit the DoD's registry for CUI, that's kind of their compendium of all of the things that act as a CUI authority, you'll find in that category, Controlled Technical information, things like the USML and 22 CFR for the ITAR and then also ear and things of that nature, the supplements and the commerce control lists listed as authorities for controlled technical information. So it's sort of that moment in time where you're like, okay, these in the guise of a DoD contract are the same thing. So probably the easiest way to help organizations who are first learning that understand the interrelationship is, you know, I can create export controlled information all the time in a normal course of business. That doesn't mean it's necessarily cui, but when I start to generate that information as deliverables on a DoD contract, or I get that kind of information to inform contract performance, I'm handling CUI in that context.
[13:38]
Jack Shelton
Yeah, that's really good information to have. And, and I think maybe for some of our listeners who might be hearing this for the first time, there even might be some value in explaining kind of the different levels of cybersecurity and how this has evolved. It feels like it's been very much a moving target for a few years now. Can you summarize kind of how these obligations for cybersecurity have evolved for both DoD and non DoD contracts?
[14:09]
Ryan Bonner
Absolutely. I think we have to peer a little bit into the future and try to help, you know, prospective contractors understand what is culminating now and what the future might look like a year or two from now. So if you weren't already a defense contractor, you might not be aware that these requirements to apply safeguards to CUI when, you know, receiving it or generating it on a contract have been in place for quite a few years now, since 2017, sometimes even earlier than that. And so as a result, you have this established set of requirements. There's 110 security requirements you need to meet that you know, the DoD already expects, you've made significant progress on or are finished implementing. And so new contract clauses are being added. The nomenclature for the clause we're focused on is DFARS 2522047021 or the 7021 clause. That's a clause that now requires these contractors to be certified in some way in regards to how well they've implemented these requirements. So that program is called cmmc, the Cybersecurity Maturity Model Certification. It has three levels. If we're really having a focused conversation for the space industry, ignore the first level for now because that is not really the focus for the kinds of information you might be dealing with early on in a contract. You want to be focused on CMMC level two. Or three, level two perfectly matches the existing contractual obligations you've had for CUI for years. That's just making sure that you've met the 110 requirements that are already, you know, in place and that you've already agreed to implement. And then level three is sort of an upgrade. Additional requirements that are stipulated for organizations who might be handling more sensitive data or participating on a program that has high value assets. What that is remains to be seen. And that's a decision made at a program level. So really we encourage a lot of organizations to focus down on level two in the near term future because that's always going to be relevant for organizations handling export control data on these contracts. And I think that there's some really simple ways to try and understand how quickly that becomes relevant for contractors. The clause itself, which is sort of what opens the floodgates here for space contractors, is going to go into effect sometime this year. We don't know exactly when, but when that kicks in, there will be kind of like a one year interlude period, phase one of a phased rollout where you don't absolutely need to have an on paper certification yet. But I'll tell you right now, 12 months is not a lot of time to get all of these requirements in place. If you're moving into this industry for the first time, it'll be a concerted effort to get that knocked out before the second phase hits, which is a requirement to have a formal paper certification to even be eligible for awards. So we've got this window of opportunity we have to squeeze ourselves inside of. If you're trying to move into this area or simply maintain your status as a space contractor within defense contracts.
[17:43]
Bailey Reichelt
Many people listening to this might be thinking, okay, Bailey mentioned the FAR and the DFARs, and they're maybe thinking this only applies to, like traditional federal government contracting. I work with a lot of companies that are applying for SBIR and STTR contracts, which are these set asides for small businesses to do research and development. And most of the application process associated with sbirs and sttrs is streamlined. It's relatively simple process compared to traditional FAR contracting. Do Companies applying for SBIRS and STTRs also have to abide by all of these regulations because they seem kind of onerous?
[18:23]
Ryan Bonner
Yeah, the DoD has been very clear that there's no step down or reduction in difficulty. If you are a small business, there's no real breaks. They're going to cut you for that. And so there's no way to easily reduce these requirements to make them easier or less onerous for small organizations. There just isn't. And so in light of that, organizations who are pursuing SBIRs or even participating on OTAs, other transactional authorities, they, they need to be aware of the fact that in some way these requirements will apply to you. And so whether, you know, you can navigate this early on and not necessarily have the DFARS clauses that, that govern CUI safeguarding applied directly to something like an SBIR is going to be a case by case determination. But I'll tell you right now, we've seen the DFAR 7012 clause for CUI safeguarding written in or added onto agreements and contracts that wouldn't normally have it. And we also see just the same requirements just being written in as special instructions in an award as well. So there's really not any easy outs. And I would say that over time you're not going to see any carve outs or exemptions unless you have very specific waivers signed off on for particular contracts. And I just, I don't see a lot of that happening in the, in the SIDR space.
[19:54]
Bailey Reichelt
Well, let me give you a fact pattern. So imagine you've got, let's say three young people who've just graduated university, they're starting up a company, they're all engineers. You know, it's just them and their laptops and their cell phones.
[20:09]
Ryan Bonner
Right.
[20:09]
Bailey Reichelt
Now let's say that they rent a little office space and they're going to get going and they see an opportunity for a CIBBER or STTR grant or contract and they want to go ahead and apply for it, but they don't have any cybersecurity in place right now other than maybe VPNs and some antivirus on their computers. What do they need to do and what is the timeline before they can actually start going after these kinds of contracts or grants?
[20:40]
Ryan Bonner
Sure. So for a startup like that, I would advise them to mostly look into what we would call cloud native technologies that can be sold to you for like individual seat licenses that don't have big minimums so that you can get some of the security tools you might not normally be buying as a brand new startup. So you know, things like logging capabilities and like you said, endpoint protection, vulnerability management tools. These are things that you can, you can acquire for not as much money. If you can look at something that's more cloud native as far as the overall timelines and things like that, most organizations will need 12 to 18 months in order to implement all these requirements. And so we're actually encouraged by the fact that very, very small startups might be able to do this faster than existing more structured organizations because they have, you know, fewer computers to secure, fewer services to manage and maintain, and a much smaller data footprint that they can hopefully shape early.
[21:46]
Jack Shelton
Really helpful, Ryan. I kind of want to bring us full circle a little bit. We've been talking about sbirs, specifically sbirs coming out under dod, but there are also CIBR programs that could come out like under NASA. I think NASA tipping point is a, that was a CIBBER program as well. My understanding is the cybersecurity requirements. They're there under the far, but they're not as complicated or onerous as the ones under the dfars. Is that accurate?
[22:14]
Ryan Bonner
It was. If we're continuing to peer into our crystal ball in the future, what we're seeing is a new proposed federal acquisition clause, a FAR clause that will be in all contracts, all federal contracts, including things like NASA or, you know, other major agencies. And it's going to require these same security requirements implemented across the board. So I think that the days of more lax requirements on the NASA side are starting to shrink and compress and we're going to start to see third party verification kick in there as well.
[22:49]
Jack Shelton
Thank you for coming on and I just want to let everyone listening know cybersecurity is part of the space industry and we hope that you just go ahead and embrace it because the stuff you're making is really cool and we have to protect it.
[23:19]
Maria Varmazes
We'll be right back.
[23:28]
Unknown Speaker
Are you frustrated with cyber risk scores backed by mysterious data, zero context and cloudy reasoning? Typical cyber ratings are ineffective and the true risk story is begging to be told. It's time to cut the bs. Black Kite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third party cyber risk using reliable quantitative data. Make better decisions, reduce your uncertainty. Trust Black Kite.
[24:09]
Maria Varmazes
Welcome back. They say old is gold. It's certainly true of music and fashion, so why not in space? Let's go back to 1958, shall we? And the often forgotten second satellites that the United States sent to space. Vanguard 1. Where is it now? And would you be surprised Maybe not. Maybe to find out that the Vanguard 1 microsatellite is indeed still up there. Actually, it just celebrated 67 years of circuiting our planet. Now it's no longer transmitting, of course, but it is still there, like a time capsule in orbit. And a team that includes aerospace engineers, historians and writers have proposed some how to options for an up close look and possible retrieval of Vanguard 1. It was the first satellite to generate power using solar cells and now there is some interest in studying them. A flyby or even a possible retrieval could allow researchers to review the condition of the solar cells, batteries and metals, along with the record of micrometeorite or debris strikes over such a long time. The team have proposed the option of Vanguard 1 being placed into a lower orbit for retrieval or taken to the International Space Station to be repackaged for a ride to Earth. That's a really cool idea. We hope that whatever they do, they don't destroy what was obviously made to last. That is it for T minus for April 7, 2025 brought to you by N2K CyberWire for additional resources from today's report, check out our show notes@spare.n2k.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in this rapidly changing space industry. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to space2k.com we're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com N2K Senior Producer is Alice Carruth. Our producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our Executive producer is Jennifer Ibin. Peter Kilby is our publisher and I am your host, Maria Varmazes. Thanks for listening. Let's see you tomorrow.
[26:55]
Ryan Bonner
T minus.
[27:08]
Unknown Speaker
Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com.