A

You're listening to the N2K space network.

B

Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. At talas, they know cybersecurity can be tough and you can't protect everything. But with talas, you can secure what matter most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales th A L e s. Learn more@thalesgroup.com Cyber.

A

Today is October 28, 2025. I'm Maria Varmazis and this is T -T -20 seconds. Space Robotics Workers has selected Space Doc's Intelligent Interface for integr integration with its robotic smart truss system. Chinese commercial space company Space Pioneer says it has completed a satellite separation test. The Philippines and Malaysia have signed the Artemis Accords. The University of Florida, in collaboration with NASA, mit, Vanguard Automation, AIM Photonics and Germany's Fraunhauer Heinrich Hertz Institute, have a suite of photonic AI chips route to the International Space Station. UKSA has selected Slingshot Aerospace for a provision of optical Delivery Partner contract. And today we have our monthly chat with Brandon Karp about space cybersecurity. And if you've been following his advice over the last few months about looking to space for your data storage, will probably want to listen to his latest cautionary tale. Hmm. Stay with us for more on that after today's headlines. Happy Tuesday everybody. Thank you for joining me. The UK Space Agency has selected Slingshot Aerospace for a provision of optical Delivery partner contract to expand the UK's satellite tracking capabilities. The contract value was not disclosed with the press release. SlingShot currently operates 204 sensors in 21 locations across five continents. Under the contract's terms, the Space Domain Awareness company will deploy 13 new optical sensor systems across five global sites to enable tracking and monitoring for satellites, space debris and other near Earth objects like asteroids and comets. Slingshot will partner with Badr Planetarium to equip each site with all sky domes to provide environmental prot protection and enable resilient autonomous 247 operations across diverse conditions. Angus Stewart, who is the head of the National Space Operations center, said this we are delighted to welcome Slingshot on Board as our delivery partner for a global network of optical space sensors. This sensor network is critical to our mission of protecting UK and allied interests in space and on Earth and ensuring that space remains safe and sustainable. Hear, hear. The University of Florida, in collaboration with NASA, mit, Vanguard Automation, AIM Photonics and Germany's Fraunhauer Heinrich Hertz Institute, have a suite of photonic AI chips en route to the International Space Station right now. The experiment launched aboard JAXA's HTB X1 spacecraft this weekend and it is expected to dock with the ISS on Thursday. And the mission is part of NASA's MISSI, or Materials International Space Station Experiment, which tests how materials and devices perform when they are exposed to the harsh environment of low Earth orbit. The University of Florida's contribution focuses on testing the resilience and performance of next generation photonic semiconductor technologies in space, a step forward toward developing faster, more efficient computing systems that are capable of withstanding extreme conditions. While the government shutdown does unfortunately continue here in the United States, with sadly no end in sight, US President Donald Trump is visiting Asia. He's there to participate in the 13th annual USACN summit meeting. But on the sidelines he secured new trade deals, brokered a new peace accord, and secured new signatories for the Artemis Accords. The Philippines and Malaysia have now committed to the principles of safe and transparent space exploration by signing the Artemis Accords, now bringing the total number of signatory countries to 59. Adding to that, President Trump secured Malaysian purchases of US semiconductors aerospace components and data center equipment with an estimated value of $150 billion. Chinese commercial space company Space Pioneer says it has completed a satellite separation test. Reusable carrier rocket Tianlong 3 completed a 36 satellite separation test at its Intelligent manufact in Zhangjiagang City in east China's Jiangsu Province. The test further validated the liquid propellant model's capacity to launch multiple satellites simultaneously. Space Pioneer is aiming to conduct the maiden flight of the Tianlong 3 launch vehicle by the end of 2025, and it expects to progressively support over 60 launch missions annually. And Space Robotics Workers has selected Spacedock's intelligence interface for integration with its robotic smart truss system. The system is a modular structural element designed for orbital assembly and maintenance of space infrastructure. The company's plan to conduct a ground demonstration in early 2026 to validate autonomous capture and structural connection between Smart Trust units using Space Dock's interface for autonomous berthing, docking and power fluid and data transfer. The test will be conducted in a ground based analog environment and it will be a big milestone towards Space Robotics workers ambition to conduct robotic construction, commercial LEO destination platforms, solar power stations and other persistent orbital structures. And that rounds up our top five stories for today. And before I catch up with Friend of the Show Brandon Karp about what is going on in the space of cybersecurity and the cybersecurity of space and and 2K senior producer Al Scruth joins us now with a look at the other news making the headlines.

C

Thanks Maria. Iridium has unveiled a new chip that.

A

Will provide pole to pole positioning, navigation and timing data. And frontgrade Technologies has launched a next generation computing solution designed to meet the.

C

Demanding requirements of the most advanced space missions. You can read up more about those product announcements and about all the other stories mentioned throughout the show by following.

A

The links in the selected reading section of our show. Notes.

B

And now a word from our sponsor, ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.

A

Today's guest is Friend of the Show Brandon Karpf, founder of T minus Space Daily and cybersecurity expert.

C

To all the listeners, my friends out there, the space and cyber community. Here's my mea culpa. For months now I've been encouraging you to start thinking about how you can transfer as much of your backbone traffic to a satellite architecture, GEO or LEO satellite satellites as possible. And just two weeks ago, University of Maryland and UC San Diego released a fantastically terrifying and disappointing research report about the fact that almost all of the, I mean more than 50% of the traffic they were able to measure from geosatellites was being sent in the clear like cleartext, no encryption whatsoever. And we'll get into more details but boy, I mean this is like first grade stuff. Basic stuff that we are not doing with critical telco infrastructure in space. And so clearly the community has a lot to do to actually get ready for you all to transfer your traffic to the space architect.

A

Yeah, this story, when that came out, I remember in our editorial meeting, I think there was some stunned silence and a lot of reading going. Wait a second, that's not supposed to be happening. And also this wasn't very hard for these folks to do. And wasn't this research running for like three years? And they found just a lot of stuff in the clear.

C

A lot, A lot, yeah. I mean they collected literal terabytes and terabytes of data using $600 of commercial, you know, off the shelf equipment that anyone could buy. It was literally a standard satellite dish, a really simple motor just for pointing and then a USB tuner card which like anyone can buy that stuff. They were just listening passively. They, they, it was, you know, leaving no trace. There was no active connections made between their devices and these satellites. In GEO, they scanned 39 different satellites, 411 different transponders on those 39 satellites from one location in Southern California. And what they found was more than 50% of the links were broadcasting in the clear, like sensitive data in total clear text.

A

Yeah, there was like law enforcement information going in the clear. Right? Just like a lot of stuff you don't want in the clear.

C

And law enforcement. Yep, law enforcement, telecom information from like T mobile, AT&T and others, corporate and financial secrets. I mean AT ATM infrastructure information, inflate, WI FI was part of this, including, including servers, private RSA keys being sent over in the clear. And then to your point, law enforcement, electric utilities, critical infrastructure, backhaul, all being sent in the clear.

A

Okay. All right. So I think part of the reason this was stunning for me is I had assumed all of that kind of information would clearly be encrypted. Why was this not encrypted?

C

Yeah, I also assumed, like I imagine many of our listeners and like you, that all of this was being encrypted, that the service providers here were doing the bare minimum in terms of securing, at least at the transport layer, you know, you can encrypt at the application layer, you can encrypt at the transport, at the network layer, you know, I would have at least assumed that the transport, you know, was being encrypted. Maybe not every application here has an encryption module in it, but it's relatively trivial and quite common to implement, like, especially for Internet traffic, TLS or ssl. It, it is, you know, that being at the transport layer, it's relatively trivial nowadays to implement ipsec or another, you know, network layer protocol that, that has security inherent to it. But they weren't, I mean it's not just one offs, right? It's not just one of these users or one of these sectors. It is actually, it seems like every sector I mean, Walmart, right, was caught up in the Santander bank was caught up in this. Panasonic was caught up in this along with, you know, the Mexican law enforcement and government. Again, they were in Southern California doing this. As well as telcos like T mobile and AT&T. Everything from SMS messages, voice content, browsing history, you know, browsing traffic, all being sent in the clear. You know, in total they collected 3.7 terabytes of data and more than 50% of it was sent in the clear.

A

Okay, that is a lot of data. Who's to blame? Who's at fault for this? Who should have been encrypting stuff that didn't Everyone.

C

Yeah. And I mean the challenge here is like people will want to blame the satellite service providers, right? And part of the blame is theirs. I would say these were all geo satellites service providers. Now some of them have offset the blame saying, we're just a service provider, we're providing access and bandwidth. We're not actually looking at the traffic. However, they do have controls in terms of implementing the ground station services, etc. Which by the way, is where the encryption actually happens. There's a lot of misconception, I've even read reporting of people saying, well, these satellites are really old and so they don't have the cryptographic hardware modules on them. None of that matters in the space segment. The space segment is a bent pipe, right? It's a reflection.

A

Data goes up, data goes down. I mean.

C

Right, exactly. The encryption regardless is going to happen on the ground by the users. So I would say part of it is the standards of the service providers, the satellite service providers themselves. And then even more of it though is all of these organizations who are relying on, on satellite communications for their, for their infrastructure, for their, whether it's data backhaul for these telecommunications companies, whether it's control traffic for, you know, these distributed ATM infrastructures or the law enforcement or electric utilities, this kind of distributed power grid control signals. It really comes down to those organizations not implementing the standard of basic, I mean basic, basic, basic level encryption.

A

Oh man, my mind boggles a little bit thinking about the geopolitical implications of this, of what may have been able to, you know, be leaked or sniffed up or, you know, it just. My mind really boggles just thinking about this.

C

Yeah, it actually, it reminds me of the heartbleed incident back in like 2014 where there was a critical vulnerability in open SSL. Open SSL actually being a cryptographic module used, you know, open source, used throughout pretty much every digital Piece of infrastructure that allowed kind of passive memory reading that essentially broke open SSL. That was 2014 and you know, a huge issue industry wide, required everyone to respond to it. Now heartbleed was more universal because everyone was using open ssl. Not everyone is using satellite for comms and for backhaul. However, anyone who is, which is as I, as you know, we went through the list already. A significant number of industries, a significant number of organizations, they need to check what is being sent in the clear, what is being sent cryptographically secure. And based on this research, it seems like the majority is not being sent secure, which is a huge issue because this was just research done in one little region of, you know, one view of the night sky. Think about all the areas of the world that data could easily be scooped up again passively collected, including there again, there were server keys, there were RSA keys being sent over the CLEAR as well. And just collected and used this data is valuable. This provides potential intelligence on critical infrastructure control systems. Even if, like even think of an offensive attack against some of these networks, if that data is sent in the clear, there's nothing keeping an adversary from collecting that, doing a replay attack, a spoofing attack against those systems, preparing that type of weaponization against our critical infrastructure.

A

I'm actually amazed this story wasn't bigger than it, it was when it dropped.

C

That's what I'm saying.

A

Yeah. Honestly, the more you've been talking about it, I'm just.

C

This is.

A

Yeah, right, yeah.

C

Like what is going on? Why are more people not talking about this? I mean in the US alone, I mean you talk about the incidents with Volt and Salt Typhoon getting into our critical infrastructure and weaponizing that for a potential future military conflict. I mean this type of vulnerability in core critical communications technologies. And not because it's a zero day vulnerability, not because it's a misconfiguration, because we just aren't implementing the most basic forms of security is absolutely unbelievable at this point.

A

Yeah. All the discussions about security, hygiene and all that kind of stuff, we gotta take 20 steps back with encryption, blocking.

C

And tackling people like the basics.

A

Ooh, okay.

C

And actually one of the responses is even scarier, right? Because when they notified T Mobile of this, Right, T Mobile US, that they were able to in just nine hours capture over 2,700 unique phone numbers and their SMS messages, voice call data, browsing data from those phone numbers. I think it was within like 30 days t mobile had implemented encryption on those links, which means that they could have been Doing it the whole time.

A

Is it super difficult to encrypt this stuff or why is this not happening?

C

But I really think it's incentives, it's market incentives. There is a cryptographic overhead and some have quoted numbers and like the 20% performance hit that's a little bit much over what it really is. Especially these days with hardware accelerated cryptography with even application layer encryption which doesn't even happen on the chip. Like think TLS application layer encryption. That all totally bypasses limitations on old ground hardware because the data just gets encrypted by the applications before it even touches any satellite equipment. So there are arguments that there's some performance hit, that it costs more resources to implement this stuff. But at the end of the day there are so many good technologies out there for implementing modern encryption that that's not really an excuse. So I think it's a market issue. It's just the users here are not demanding it, the providers are not making it a core part of their security infrastructure. And then finally the governments, right, whether it's the fcc, the eu, you know, state laws, they're not demanding it very clearly. And so I mean hedge should roll for this. People need to take this seriously and demand clarity more than just a security checklist from these providers actually demand seeing what type of security, what type of cryptography is being used for their applications and their services, if any, if any. Right? This is unacceptable. I mean I was heartened by the EU Space act from over the summer or at least the proposed where they were going to hold executives personally liable for lapses of compliance. I think that that type of control is really the, I mean collective action against these organizations who aren't taking this seriously enough to implement the most basic forms of encryption that there are dozens of tools to use that you know, a large organization like T Mobile could implement within 30 days once they were notified about it. I mean there's nothing but just holding these organizations to account.

A

We will be right back.

B

What's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

A

Welcome back. Did you know that the Webb Space Telescope had a bit of a gunk in its eye, so to speak? Yeah, I didn't either. And Australia just helped Webb clear its vision and all it took was a bit of code. Thankfully not a spacewalk. Good thing too, because humanity hasn't yet figured out how to get astronauts to L2, 1.5 million km away. Recently, two PhD students at the University of Sydney, Louis de Doit and Max Charles, developed a software fix that restored crisp focus to one of JWST's key scientific instruments, the Aperture Masking Interferometer, or AMI. And the tool they built, called Amigo, corrects a subtle electronic distortion that had been blurring some of Webb's high resolution images and a little swoosh of the metaphorical lens cleaner from a great distance and fixed. And by the way, the AMI instrument was itself an Australian innovation, and it was designed to give Webb a superpowered view of stars and exoplanets. But when the blurring appeared, it did remind quite a few folks of Hubble's early blurry vision days. Not exactly fun memories, but instead of much argued about shuttle missions and astronaut spacewalks, these researchers solved the problem cleanly with algorithms and neural networks. And thanks to the software correction, Webb can now capture sharper images of distant galaxies, black hole jets, and even the volcanic surface of Jupiter's moon IO. And a little detail about the story that I really love to mark their accomplishment, both dedout and Charles got tattoos of the very instrument that they helped fix. Some permanent ink feels like a fitting testament to the hard work that they put in to tune up one of humanity's most incredible observatories of the heavens.

B

Foreign.

A

And that's T minus. Brought to you by N2K CyberWire we'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing space industry. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to space2k.com we're proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K helps space and cybersecurity professionals grow, learn, and stay informed. As the nexus for discovery and connection, we bring you the people, the technology and the ideas shaping the future of secure innovation. Learn how@n2k.com N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I am your host, Maria Varmazes. Thank you for listening. We'll see you tomorrow.

C

T.