CyberWire Daily - Preparing space for Q-day. [T-Minus: Space-Cyber Briefing]

Episode Date: July 12, 2026

As the world prepares itself for quantum computing, governments and private space enterprises alike are looking to get ahead of the technology and manage the rapidly-accelerating risks. In this week�...��s episode, host Maria Varmazis sits down with ⁠⁠⁠Eddy Zervigon, CEO of Quantum XChange to discuss the impacts that the post-quantum world will have impact on the space sector. During the conversation, they explore what stakeholders are doing to prepare themselves for Q-day and what a post-quantum world could look like.⁠ Key sources: USHERING IN THE NEXT FRONTIER OF QUANTUM INNOVATION Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of cybersecurity and space. Subscribe at: https://thecyberwire.com/newsletters/signals-and-space Is there a topic or person you’d like to hear on our show? You can send your questions and feedback to space@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. You can also fill our our audience survey: https://www.surveymonkey.com/r/NJYCN2P T-Minus: Space-Cyber Briefing is a production of N2K CyberWire. N2K is your nexus for discovery and connection for people, technology, and ideas shaping the future of secure innovation. Learn how at n2k.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. If you are heading to Blackhead USA this year, make plans to visit the SpectorOps Kennel Club. As the creators of Bloodhound, the SpectorOps team will host talks, workshops, and hands-on sessions aimed at helping you understand AI accelerated attack paths, the latest identity tradecraft, and how to build your own OpenGraph collector. Visit specterops.io to pre-register and learn more. While you're at the SpectorOps Kennel Club, visit the N2K Cyberwire podcast studio, where we'll be capturing expert perspectives and conversations from across Black Hat. We'll see you there. This episode is brought to you by Accenture.
Starting point is 00:00:58 When your advertising operations fall out of sync, everything else follows. Spotify and Accenture are working together to reinvent the rhythm of ad sales, using automation, analytics, and smarter workflows to simplify campaign delivery and access better data across the business. The result? Less time spent on operations, more time connecting brands with the moments and fandoms that matter most. Learn more at Accenture.com slash Spotify. Well, I got to tell you, I'm a little concerned because I don't see the attention from a security standpoint on some of these big, big space projects that we're seeing. I'm not seeing the level of attention that I'm seeing in other, call it on the Fed side, Fed civilian and DOW.
Starting point is 00:01:47 It's really beholden on us that kind of really stress this and make sure that, especially as satellites are considered critical infrastructure, that they fall under some of the governing bodies, if you will, in regulatory environment, regarding critical infrastructure that are really pushing this kind of post-quantam mandate. Welcome. I'm Maria Vermazas. and you're listening to T-minus space cyber briefing. In this show, we examine the evolution of cybersecurity in the global and orbital infrastructure
Starting point is 00:02:21 that powers, protects, and connects our lives. On June 22nd, 2026, the Trump administration issued an executive order titled, Ushering in the Next Frontier of Quantum Innovation. Its goal is to strengthen quantum technology development in key U.S. agencies and industries. Space technology got a specific callout in the Quantum E.
Starting point is 00:03:01 as one might shorthand it. And in my chat today with Eddie Zervigone, CEO of Quantum Exchange, we focus on space-specific cyber considerations for when we officially enter a post-quantum world. And that day is coming fast. So how can an industry that historically has not exactly been known for its agility
Starting point is 00:03:22 keep ahead of fast-accelerating risk? That Q-Day in the mirror is indeed closer than it may appear. Eddie Zervigant, CEO of Quantum Exchange. I've been in the role for about six years. Prior to that, I was a recovering banker slash investor at Morgan Stanley, where I spent the better part of 15 years investing in what I would call transformational technologies, companies like Digital Globe, which became Maxar, which was the first high-resolution commercially available satellite imaging company. Another company that's been in the news a lot lately, Bloom Energy.
Starting point is 00:03:59 So it was an original investor back in 2007 when I was with Morgan Stanley investing in the need for distributed power generation, which is now really coming full circle as AI data centers take the front page in terms of the need for distributed power. And then when the opportunity about six years ago came about to take over a CEO of a company that I had been previously an investor in, I really jumped at the opportunity, not knowing exactly, exactly when the market would materialize, but knowing that it would be the most consequential transformation in the digital economy that certainly we've seen in many, many years and excited to be a part of it with what we think is superior technology. Oh, fantastic. Well, Eddie, I'm so excited to be speaking with you because the timing is just perfect, given your area of expertise
Starting point is 00:04:51 and what's been going on in current events. The executive order that recently came out about quantum was huge, not just on the cybersecurity side, but also on the space side. And I'm wondering if you could maybe give me a bit of, given your area of expertise, some context around this EO. And, you know, why now? Why is quantum suddenly getting all of this emphasis? I mean, it's not a brand new thing.
Starting point is 00:05:13 But, you know, why in this moment is this happening? Well, I think obviously 2016 NIST was kind of in charge or charged with the task of kind of figuring out the next algorithms that will take us into the post-Quantum age. And you have to take a step back and realize that it's an incredible technological run that for 50 years, basically everything that we do in the digital world has been secured by essentially three algorithms. And they have changed a little bit over time, but essentially there are three algorithms that have kind of underpinned our security in that period of time. It's an extraordinary technological run. But unfortunately for us, the kind of compute capabilities that quantum brings into the equation now are exactly the compute
Starting point is 00:05:58 capabilities that will eviscerate asymmetric encryption, which is what we've relied on. And so NIST 2016 was in charge with looking at, okay, what are going to be the algorithms that are going to take us into the next generation, if you will, of encryption? And the first one was approved in 2024, which was ML10, ML Chem 1024. And then HQC was added last year. And so now you're starting to see the actionable algorithms coming. into play, right? Prior to that, you couldn't really do anything because there wasn't a NIST-approved algorithm. So as it relates to the federal government, which would be probably closest to understanding
Starting point is 00:06:37 the severity of the problem, right? They are now actionable. And I think it really took us into overdrive last summer with the deep seek and the release of deep seek and the, I guess, the new understanding that maybe the the other side of the ledger was much more advanced, if you will, then maybe we had previously given them credit for. Yeah, yeah. I know I'm jumping around a little bit, but I'd love for you to speak a little bit about that too before we get into sort of what it, what this all means for space and such. Broadly, the landscape of quantum right now, where are, the United States compared to maybe our adversaries, where are we? Are we about on even playing field? Or does it seem like we're following?
Starting point is 00:07:22 behind. Well, unfortunately, like many problems that have some specific date, this one does not. We don't know where our adversaries are. We just know they're probably a little further advanced than we gave them credit for, and they're also spending a lot of money towards it, right? Much more so in the recent past to what we have spent here in the U.S. So that combination is not a good combination for us. And, you know, I was listening to Nikesh Aurora's earnings call a couple of weeks ago where he talked about mythos and using mythos.
Starting point is 00:07:59 And the realization that 30% of the mythos false positives, right, from a cyber perspective, still require attention. And when you think about adversaries, they only have to be right once. On the defense, you've got to be overwhelming in terms of your response. So that's created a rather long poll in the 10 in terms of what we need to solve for. But suffice to say, when the adversary has the capability, they will not be broadcasting it to the world. That absolutely makes sense. Yeah. I appreciate that. So let's bring it to the space domain and drill in a little bit there. I imagine for some of my listeners who are maybe less aware of what's going on within the space domain regarding quantum and quantum communications, they might be thinking of space as sort of just a transport layer. Can you give me a sense of the very broad implications of quantum for space?
Starting point is 00:08:59 And let's just start there and then drill into where we're going with this. So as it relates to the security aspects to it, there are a couple of threat vectors that. that kind of surface. One is the ability to authenticate the space assets, meaning there are going to be a lot of interspatial communications right between satellites, right? Inter-satellite communications that need to be authenticated. Are you really talking to who you think you're talking to and not being spoofed? Right. So that's not even getting to the ground. And then obviously the comms between the satellites and the ground station are ripe for an attack. Why? Because we know exactly when the satellite is going to
Starting point is 00:09:38 actually do the handshake, if you will, from a cryptographic perspective, because it's when the ground station and the satellite can communicate. And then you have from the ground station in, which is also another vulnerability. The biggest issue with space is that, unfortunately, like a lot of terrestrial networks, you can't send the MATag repairman up to fix the encryption. The encryption that's on the satellite when it's launched is what it's going to have. And many of these satellites are long-lived assets that need to be up there for a while. and others are rather short-lived, so it's less of an issue. But any meaningful consolation up there has to consider post-quantum crypto
Starting point is 00:10:19 and the agility that you're going to need to meet these threats as they come due. Truly, so, yeah, how do you essentially future-proof something like that that, you know, has a lifespan in terms of not just years, but potentially decades? Yeah, that's, you know, it's a really good question because many people throw around the term crypto agility and crypto agility means you know the ability to handle new not only threats but new algorithms as they come do there's nist has another something like 44 algorithms that are still in review that could be approved so it's clear to me that they don't think this is a one and done set it and forget it whatever you want to call it this again unlike the last 50 years this is
Starting point is 00:11:04 going to be an evolving threat that we're going to have to meet head on and so So therefore, as I like to articulate not only internally but with our team, but also as it relates to customers and thought leaders on the subject, this is an architectural problem. It's not a math problem or a physics problem. And if you treat it as a math problem, then you're beholden to the algorithm that maybe today works but might not work tomorrow. And even then, you might have to change. ML Chem 1024 might become ML Chem 2048. and what do you do in order to be able to change, but more importantly, be able to do this at scale
Starting point is 00:11:42 without bringing down the network. And so much of what we talk about is what is and what is not crypto agility. To us, what crypto agility is the ability to manage your cryptography without affecting your network. In other words, I like to simplify it by saying, what we do is in-air refueling of the jet. The jet doesn't have to land
Starting point is 00:12:02 in order for it to be refueled and then take off. we can accommodate changes in algorithm, auditability, automation, anything that needs to happen that when you have a management plane that is now taking over your encryption, and that's what we do. We create a management plane by separating key generation and delivery from the data plane and putting in its own control plane, much like we did with identity and access management years ago. Now that we have a sense of perhaps what needs to be done in a post-quantum world for space cybersecurity, Let's take a quick break now. And when we get back, we'll pick up on policy-wise what needs to happen next.
Starting point is 00:12:46 Stay tuned. This episode is supported by Black Hat USA. If you follow the research, you know a lot of it breaks on Black Hat stages. Hundreds of peer-reviewed briefings, more than 100 hands-on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow. August 1st to the 6th. Use code Cyberwire for $200 off your briefings pass at blackhat.com.
Starting point is 00:13:27 We'll see you in Vegas. AI is making fishing attacks faster, more convincing, and harder for people to spot, and traditional security awareness and fishing training weren't designed for this level of attack. Hawkshunt helped security teams prepare employees for the attacks they face every day, with personalized fishing training that adapts to each employee and reduces risky behavior over time. For IT and security leaders looking to strengthen their human layer of defense without adding more manual work, visit hoxhunt.com slash cyberwire to learn more. That's h-o-x-hunt-com slash cyberwire. And we're back. Let's continue on with my conversation with Eddie Zervigon,
Starting point is 00:14:26 CEO of Quantum Exchange. I'm thinking agility is not often a word that we hear in the context of anything space related which is a shame and I know people are really working hard to change that but it's the reality of the years it takes to get a mission into orbit and it's a fascinating challenge of when
Starting point is 00:14:47 the on the ground reality is changing so fast how can these systems that take so long to make and stay so long on orbit how can they possibly keep up so it's certainly not a hopeless situation I just it's a fascinating adaptation
Starting point is 00:15:02 that systems that we're all interacting with have to have to make. And I'm wondering also about what other unique challenges our space systems are dealing with in the context of quantum that maybe we haven't mentioned. Is there anything else that our listeners should know? Well, I think also, I think what I spend a lot of time in D.C. advocating for is to align budget with the problem.
Starting point is 00:15:26 I think this problem has come much faster than anyone previously thought. And what I mean by that is I think people are starting to realize that yeah, sure, the quantum, I mean, five, six years ago when I started, I would have a conversation with a CISO. And we'd spend the first half hour of the conversation talking about quantum, you know, computers, and why the threat, the ability to, the ability to be able to back into the private key from the public, all that stuff. Now it's not at all. Now it's basically, how do you fit into my network? Exactly.
Starting point is 00:15:57 Right. And I think that's a much better conversation to have. And as you get to federal agencies, whether it be civilian, Department of War, it's clear that there's a recognition of the threat that's there. And now we need to align federal budget to it. And given the dysfunctionality in our federal government right now, my worry is, my biggest worry is not that people understand the problem and are willing to do something about it, but the lack of funding in order to move this forward. I can't see of a bigger issue, certainly with regards to the federal government, and soon to be the critical industries such as health care, financial services, critical infrastructure. But first, the government, right? They're the closest to the problem. They understand the threat. And so we need to get money behind the understanding in order to really make this work. I'm wondering, did you find the executive order to be a heartening sign, or is it just not enough of a concrete move?
Starting point is 00:16:59 Well, I mean, obviously, executive orders on the executive side of things, right? So they don't control the purse strings. That's up to Congress. But I think it stresses the severity of the problem. We moved the timeline in from 2035 to 2030. I think that's a pretty good indicator of where they think directionally this is going. So now we just need Congress to match that from a budget perspective. And it doesn't take a whole heck of a lot of money, especially if you want to do it right
Starting point is 00:17:29 and you want to do it in a way that gives you, as you mentioned, maximum flexibility in the future, which is everything. The last thing you want is to have to put in place a whole system that needs to be ripped and replace at some point in the future. Yeah, absolutely. And I'm wondering also the takeaway for folks in the space industry about essentially futureproofing if one can really do such a thing. but building in that agility, what do you think that folks in the industry should also know?
Starting point is 00:17:55 Well, I got to tell you, I'm a little concerned because I don't see the attention from a security standpoint on some of these big, big space projects that we're seeing. I'm not seeing the level of attention that I'm seeing in other, call it on the Fed side, Fed civilian and DOW. And so the first thing is we've got to now convince them that, hey, this is something that needs to be done now. and then start thinking about our architectural. As I mentioned, once you launch a satellite, it's really tough to correct things because obviously you can't get out the satellite, the physical changes that need to be made.
Starting point is 00:18:32 So I think it's really beholden on us to kind of really stress this and make sure that, especially as satellites are considered critical infrastructure, that they fall under some of the governing bodies, if you will, in regulatory environment regarding critical infrastructure, that are really pushing this kind of post-quantam mandate.
Starting point is 00:18:53 That's a fascinating, fascinating point there. Eddie, I want to be mindful of your time. If there's anything else you want to leave our audience with before we close out, the floor is yours. Yeah, no, I think it's been a great conversation. I really appreciate you're taking leadership and ownership on this very, very important issue, especially as it relates to space because of exactly the points that I make, which is you can't send the Maytag repairman up there to fix it once it done. So it's really, really important that we get it right and we get it done soon because it's not going to be too long before we have this deadly combination of AI and quantum getting together.
Starting point is 00:19:30 And as I like to call AI, the brains and quantum the brawn and really create wreaking havoc on our digital world. And so anything that we can do to further the case that architecture is what ultimately will guide us, I think is time well spent and money well spent. Well, Eddie, thank you so much for speaking to me and our whole audience about this. This is an extremely important topic. And I greatly appreciate your time and expertise on this. So thank you so much for joining me today. Thank you so much, Maria. Really appreciate the time. And that's T-minus space cyber briefing. Brought to you by N2K CyberWire. If you like what you heard today, you will also enjoy our newsletter, signals and space. You'll get research and notes pulled together by our producer, Ethan Cook, and me, along with this week's top space cyber. new stories. Subscribe by visiting thecyberwire.com slash newsletters. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
Starting point is 00:20:36 changing cybersecurity landscape. If you like our show, please share a reading and review in your podcast app. Please also fill out the survey in the show notes or send an email to space at n2K.com. We are proud that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K helps cybersecurity professionals grow, learn, and stay informed. As the nexus for discovery and connection, we bring new the people, the technology, and the ideas, shaping the future of secure innovation. Learn how at N2K.com. Thanks for listening to T-minus. I am your
Starting point is 00:21:18 host, Maria Vermazes. This show is produced by Ethan Cook and Liz Sto. jokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Iben, with content strategy by Mayon Plout. Peter Kilpy is our publisher. See you next week. Hey y'all. It's Kelly Clarkson with Wayfair. Ever order furniture online and wonder what if? Like, what if it doesn't hold up? That sofa was four days old. You should have ordered from Wayfair. With Wayfair, there's no what if. Just style you can trust. Visit Wayfair.ca.cair, every style, every home.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.