CyberWire Daily - Scotland’s position to lead cyber and space. [Deep Space]
Episode Date: January 1, 2025Sharon Lemac-Vincere is an academic that focuses her research on the intersection of space and cyber. She has released a report on space and cybersecurity which outlines how Scotland can lead the way ...in both industries. You can connect with Sharon on LinkedIn, and read her paper on The Cyber-Safe Gateway : Unlocking Scotland's Space Cybersecurity Potential on this website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the N2K Space Network. data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game
changer. Within days of signing up, they started removing my personal information from hundreds of
data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team
does all the work for you with detailed reports so you know exactly what's been done. Take control
of your data and keep your private life private by signing up for Delete.me. Now at a special
discount for our listeners, today get 20% off your Delete.me plan when you go to joindeleteme.com
slash n2k and use promo code n2k at checkout. The only way to get 20% off
is to go to joindelete me.com slash N2K
and enter code N2K at checkout.
That's joindelete me.com slash N2K, code N2K.
Thank you. in orbit. Well, how do you protect space assets from cyber threats? That has been a pressing question for the industry. And who is leading the way in this? Could it be Scotland?
Welcome to T-Mine is Deep Space from N2K Networks. I'm Maria Varmozes.
Sharon Lamac-Vincere is an academic that focuses her research on the intersection of space and cybersecurity.
She has released a report on space and cyber, which outlines how Scotland can lead the way in both industries.
And there's more to come.
I have produced three reports and one's already out.
So that's the Cyber Safe Gateway.
And that's looking at Scotland's space cyber potential.
So really what I wanted to do was Scotland builds more satellites than anywhere else in Europe.
And I wanted to see what opportunities there may be for cyber security.
Because it makes complete sense to me that if we're building and manufacturing
satellites then we should really be thinking about the cyber and secure by design built into that
but actually there was so much more potential that came out of that report in terms of Scotland's
ability at cyber and for cyber security in the commercial space sector and I think one of the nice things that I identified
was that kind of historical heritage to build bake that in as well so not just kind of thinking about
the innovation and the commercialization but actually how do we make sure that it is truly
Scottish and what does that really mean so that that was interesting. So that report's available.
And then there's a UK-wide one coming out,
hopefully next week.
And a final report on women leadership,
female leadership at the intersection of space cyber.
Oh my gosh.
Okay, okay, okay.
That's not a small amount of work. So congratulations,
first of all, that is a huge amount of get that done. My gosh. Okay. So let's tell me a bit more
about, well, I mean, I want to hear about more about each of these, but let's start with the
first one that you mentioned about building in security by design in satellites that are made
in Scotland specifically. So was this sort of a taking a look at what's happening now,
like what maybe processes are?
What was that report looking at specifically?
Well, the UK more broadly is predominantly an SME market for space.
And we know that we've got a real issue in terms of
how do we make sure the space sector is secure globally?
So I was really just
trying to find out what was the competitive advantage for Scotland given that they've got
that historical kind of market position in terms of building the satellites and just trying to see
is there a real opportunity for developing the software as well and we know that SMEs don't have enough funding you know for cyber security
if it's a case of putting food on your table and baking or baking and cyber security you're going
to put the food on your table aren't you because that that's that's your kind of key issue to deal
with that in that kind of day-to-day thing so it was trying to work out is there a different way of thinking that we can help smes and leaders see the value to build a more robust ecosystem for the
space sector hmm all right so tell me more about that yeah yeah that makes sense i'm like that's
i was also thinking smes in this case means not just subject matter experts but also satellite
manufacturers and engineers is that that what we're... No, small medium enterprises.
Okay. SME is an acronym. No, no, no. It's okay. I was like, which version of that are we using?
Okay. That was my brain just going, okay, there's a lot of meanings of SME. All right. So,
small medium enterprises. That also... I used to know that one in my old marketing days. That was
what we used as well.
No, no, no, that's totally okay.
I just wanted to make sure I was understanding what we meant by SMEs in this case.
All right, so security as a differentiator, but there are significant barriers because of cost, because it is usually seen as a cost center and not a, you know, a profit center, understandably.
That is a longstanding problem with, it's not cybersecurity's fault, but that is a longstanding struggle in cybersecurity. That is a long-standing problem with,
it's not cybersecurity's fault,
but that is a long-standing struggle in cybersecurity.
That is a yes.
So what recommendations, next steps, conclusions,
what's the takeaway from that paper on that front?
Yeah, well, I think there's, if you don't mind,
a couple of other points in terms of the intersection. Sure, yeah.
Language.
Language was a real issue as well, in terms of the intersection. Language. Language was a real issue as well,
you know, in terms of space and cyber.
I think we've mentioned that before
about speaking different technical languages
and how you bring that together.
I guess I mean, like we just...
Yes, exactly.
Yeah, there you go.
Just like we've done
and looking at the geopolitical landscape,
looking at what different countries are doing
and how they're approaching it
so the report also looks at different nations
and looks at the laws and regulations
and their technical kind of appetite
so to see what's going to happen
and what the movements are
and looking at the power
that commercial actors actually wield within this
kind of growing sector the intersection of space and cyber so in terms of the the report it suggests
that Scotland should be really kind of maximizing that potential at the intersection because I don't
see many nations actually capitalizing on the
space cyber intersection so there's work being done but I was surprised and even I'm not I'm
not afraid to admit it that this is my area but even I was surprised that the entrepreneurial
opportunities at the intersection you know there's for those businesses so inclined to actually put their
resources and time and effort here, I think they're going to make significant returns on
their investment because this is a global problem. Yeah, and so Scotland stands to benefit as a
leader in that, it sounds like, which it's, that's a pretty significant area to be a leader in right
now, especially. Yeah, so in addition to my reports, I've also proposed a new conceptual framework
to try and help businesses to think about cyber.
So back to that problem,
that cyber is a tick box exercise.
It happens annually.
It's not very sexy.
And we've got multiple barriers.
So when I was doing my re is that an understatement
not very sexy no yeah it's not sexy at all
you get space which people go into because it's like oh space is cool and you talk about cyber
and they go oh that's it don't they they just seem to turn off sadly and yet cyber is super exciting and
it's so important that you kind of go really this is a really sexy area but it's got a really bad
image right so it needs it needs some help some prl yeah so when i was doing my research and
writing my many reports and the same kind of issues kept on coming up.
And that made me think of a strapline that I shared this week at Global Millsat.
And basically what I'm suggesting is that for the space sector, in terms of cybersecurity, we need entrepreneurs and leaders to think like spies so that's a top
line so think like spies look at the horizon scanning look in the gaps look in the blind
side and start to think about what is the next type of threat vector that we're going to have
to face in the in the kind of space domain and what kind of approaches can we do to to develop products and services that
that help address that so we need people in cyber to think like spies and we need them to build
systems that um so we need to build resilient systems for harsh environments and that
unpredictability so we need to build like astronauts because if we think about astronauts in space they've not got all the tools and we just need to think about the Apollo 13 mission yeah
when they had to yeah so they had to recover quickly and it was mission critical so you need
to think like a spy you need to build like an astronaut and then you need to innovate like an
entrepreneur so we need products in the market
so we need to start thinking about that entrepreneurial and that kind of disruption
and innovation and really inject it so I think if we think like that it kind of makes it a
bit more sexier yeah because we're spies we're space and we're space, and we're entrepreneurs. Three of the most sexiest things that we could do, yeah?
I'm like, that's some great messaging.
I just have to say, I love that.
Great top lines.
Just my marketing brain's going, ooh, that's very nice.
So that's directed mainly at the space industry
because people were building these incredible systems and spacecraft.
I'm just curious, do you think the cybersecurity industry
is ready to support the space industry in the way that the space industry needs? Like,
do we think that they understand the space industry's challenges? Or is it still just
sort of, again, that two different languages situation? You're shaking your head no.
Yeah, I genuinely don't think cyber fully understands space, right?
However, as I've said by my reports,
the pure entrepreneurial potential, right?
So if we're talking about, you know, follow the money, right?
Or money talks.
If you're a cyber professional getting to understand space,
you're guaranteed to make quite significant sums in my opinion right
because this the space sector is only going to grow and in terms of we think about even the dual
nature in the military the the the attacks in space are so significant and so important
and that if you were to be able to develop the products and services to help protect space assets from cyber attacks,
you're on to a winner in my opinion, right?
So if you follow the money,
I think cyber professionals should be thinking about that.
And then if we make it sexier and more engaging,
so we say, well, we need people that think like spies
and build like astronauts and innovate like entrepreneurs.
And we make it that gateway that it becomes a really sexy intersection.
And it's got the kind of evidence base and the money behind it.
To me, why would you not want to be doing it?
Yeah, no, I'm with you on that.
I love this intersection of all.
I just, I love it. It's such a fascinating place to be. And it's also, just to get a little woo, I guess, the cultural meshing is just fascinating to sort of watch that happening in real very complex worlds that need to mesh more.
And it's just really, I envy you, Sharon.
You're at the core of that.
You get to just be in that.
You really are.
And to be able to think differently
because it's kind of a blank slate,
you know, at the intersection.
So that's why I think it's dead
cool for other people to join you know we've not got enough people that are working in this space
but there is a blank space there that you can really kind of put your mark there so I think
that's really exciting for a professional as well to be going well actually that's where I want to be
for a professional as well to be going well actually that's where I want to be so um yeah so so that that's my it's a new conceptual framework and it builds on I'm not going to bore you to
tears but it pulls on academic theories and a strong evidence evidence base so there's robustness
underneath that but for those that don't need to understand the theoretical frameworks in that I
think the top line is quite catchy, in my opinion.
And hopefully that will encourage people to explore more.
We'll be right back after this quick break.
And now a message from Black Cloak. We'll be right back after this quick break. executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs
that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers by hiding your attack surface,
making apps and IPs invisible, eliminating lateral movement, connecting users only to specific apps,
not the entire network, continuously verifying every request based on identity and context,
simplifying security management with AI-powered automation, and detecting threats using AI to Thank you. I'm wondering, for folks in the space industry who want to build better, build more secure by design,
I guess what's their next step?
Is it a matter of just hiring a cyber person or cyber team?
Or is this something that they have to build their own expertise internally?
Is it working with a vendor?
Like, I mean, I imagine it depends a lot on what you're doing.
But, I mean, what is the path there?
Well, it's interesting.
And I think, although I'm talking about entrepreneurs and the commercial sector,
I was at Millsat where I was speaking this week,
Global Millsat in London.
And really, we're seeing more of the military
engaging with commercial products
and obviously the commercial off-the-shelf products.
But we're seeing a real fusion here,
like never before, between the commercial actors.
So I think it's really interesting to see
how that's going to feed through the ecosystem back to your point is it that you just you're
looking for a cyber person I don't think we have the skills in fact my report suggests that we
don't there's a massive gap right and we've got a war of going on in terms of skills. And the people that understand space and cyber
and understand that intersection
are going to be really sought after.
And I would suggest that the salaries, etc.,
are going to reflect that expertise as well.
Because I don't think you can just take a cyber person
and put them in space. I don't think you can just take a cyber person and put them in space.
I don't think that's going to work.
It's just we need more of a fusion and integration rather than two silos of approaches.
Yeah, I think you're totally spot on.
And the people that I've interviewed that have a really solid or seem to from the outside,
a really solid understanding of both worlds, almost two of one have military backgrounds, which I think is really fascinating.
And a great opportunity for folks who are coming out of the military looking for
what they want to move into. I think that's an amazing advantage for our veterans. So that's
great. For those of us who are not in the military, I think it's an interesting question
on how to gain that expertise. But I mean, I'm sure there are paths. I mean, I don't know what
they are, but I'm sure there are. But gosh,, I don't know what they are, but I'm sure there are.
But gosh, if I was doing it all over again,
if I was 20 years younger and looking at a career path,
I'd be like, I don't know what I'd be looking into
because this is really cool.
But it's my interest meshed.
Well, exactly.
But it's such a niche issue just today, right?
But if we think 20 years ago,
we think about social media, right?
That was a niche issue. And look how it's transformed our world, right? But if we think 20 years ago and we think about social media, right? That was a niche issue
and look how it's transformed our world, right?
And as I said,
there's no country that's got this tied down.
So for professionals looking
for a carve out their niche,
this is a fantastic area,
but it's also mission critical as well.
Yes, indeed. Yep, yeah. Oh, I love, you know, I could talk to also mission critical as well. Yes, indeed.
Yep.
Yeah.
Oh, I love, you know, I could talk to you about this like for literal hours.
Oh my God.
All right.
So I, so, so that sort of is your first paper.
You also had a second paper, which just more broadly looks at the UK in general, sort of
similar issue.
Any, any takeaways from from that that are distinctive that
you want to highlight from that one? No, I think just really came back to the similar message,
unsurprisingly, that, you know, if the UK wants to be a leader in space, then this is one area
that it could really say, yeah, it could really lead.
So that's why I'm suggesting it focuses on the cyber safe gateway.
So the other nations want to work with us because we're prioritizing cybersecurity and resilience, not just for domestic space sector, but for the global sector as well.
We want, I think we should aim to be a preferred partner and one that looks secure by
design absolutely all right another great takeaway there so the third now the third paper that one
was women in leadership in space cyber am i am i remembering that one correctly okay is that
i don't know if anyone has anyone actually covered that before because i was like i was
gonna say i think you're the first um please tell me more about that because I am very interested in that well I'm
not giving all my secrets away before it's published oh come on yeah but it's just really
looking at this gap as I've said already there's not enough people at this intersection but when we look at women
in both space and cyber we know that there's real problems with inclusion we know that there's
leadership gaps and so my argument is is that we need to start thinking about what the the kind of
the the criminal or hostile nation posture is, right?
And what is the competitive advantage that women can bring
and what is the type of leadership that we can develop
in this intersection, right?
And there's so many opportunities for women to lead here
and it's addressing the historical lack of inclusion in both sectors so I'm basically
suggesting look the sector needs disruption right at the intersection we need disruption and we need
new ways of thinking and women are bringing a whole diverse strength to that intersection that we need to we need to include them so
sorry maybe that's a waffle but no no it's it's quite all right it's it the the the ongoing
struggles of trying to have more women in these areas including in these areas but also just in
general a lot of the very uh the the areas where historically women have not often been in as much.
I was an engineer for some years and then I left.
So I'm like, I'm part of the problem.
I dropped out of that, which I always feel kind of guilty about that.
But it is a, yeah, I know, I know.
But I just, it's just always like, oh, yeah.
It's not any, nobody has like a silver bullet answer to this.
This is such a complex mesh of so many factors that, you know.
But yes, I'm so glad.
Yeah.
And, you know, the point I'm making as well is that this is not at the detriment or anti-male neither.
It's about actually inclusion means that everyone wins because we're
challenging the norms so that everyone can help make their mark in this space so it's very much
you know looking at leadership as well because I want women to to reach the highest levels in this intersection as possible.
So, yeah.
So that's that.
I appreciate that.
Well, I really, I don't think I've read that one.
So I would like to, if you don't mind, I would love to read that.
That's so great.
Sharon, you're amazing.
Thank you just for talking to me yet again about all the amazing things you've been working on.
Now I got to ask, what are you up to next?
Well, I've not even finished with my list.
You haven't finished with your list?
Oh my God, I thought there were three.
There's more than three?
Well, there's three reports and my new framework.
But one of the also cool things is is that I've put my tartan into a spacesuit
and it's the first tartan spacesuit.
Did you see it?
Oh my, did you share that on LinkedIn?
I feel like you shared that on LinkedIn at some point.
Yeah, okay.
So I know what you're talking about,
but the listeners might not.
So yeah, tell me more.
So at the start of the year,
I registered my space tartan vinceer ad astra um and i've
been looking at this how do we curate the space heritage in scotland and and what does that mean
like uh mean for scotland as it's emerging as a as a space sector so i took my tartan and I've created a tartan spacesuit.
That's so amazing.
I love that you did that.
I just really love that you did that.
You just want the extra steps
to make that happen.
I'm just...
So I'm hoping to make,
I'm hoping to have it in production.
So I'm hoping to have the spacesuit ready in 2025.
Where will I be able to see this spacesuit once it's made?
Because I need to see it badly.
Oh, I'm hoping that it will be traveling to space conferences in 2025.
That's the plan.
I cannot wait to get my photo
with your spacesuit.
I can't even begin to tell you.
Me neither.
Oh my gosh.
Yeah, that's so great.
I love that so much.
Is there a mock-up of that?
Yeah.
Yeah, you did, yeah.
We'll have to put a link to that
in the show notes.
Am I imagining that
or did you have a mock-up of this?
Yeah.
Oh, my God.
So, spacesuit, tartan, spacesuit.
Tartan spacesuit.
Is that tartan spacesuit?
Okay.
So, because you're always busy, what are you working on next?
Yeah.
What am I working on next?
No, really, it's just academic papers
now just sharing
the theoretical work
and you know as an academic as well
my many
bows we've got
to obviously write an academic journal
so that's what I'm going to be hibernating
for the next few months and writing
my journals
oh fun times hibernating for the winter. I get it.
Bless it.
Yeah.
Well, I wish you all the best on that.
My dad was a professor many years ago,
so I remember it well.
Yeah.
It's a lot.
So I wish you all the best on that.
Thank you.
Sharon, you know I love talking to you like anytime.
So please, when you have more exciting things to share,
please, please come back
because you know I will happily chat with you anytime.
Thank you, Maria.
And can we remember people to think like spies,
build like astronauts,
and innovate like entrepreneurs.
Cheers. Feedback ensures we deliver the information that keeps you a step ahead in the rapidly changing space industry.
T-Mine is Deep Space is produced by Alice Carruth.
Our associate producer is Liz Stokes.
We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm your host, Maria Varmasis.
Thanks for listening. We Kilpie is our publisher. And I'm your host, Maria Varmasis. Thanks for listening.
We'll see you next time. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly
and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company
safe and compliant.