AI Regulations, New, Unusual Cybersecurity Threats, and Intel's Foundry Challenges

[00:00:02] [SPEAKER_00]: It's Wednesday, September 18, 2024, and I'm Dave Solt, three things to note today.

[00:00:07] [SPEAKER_00]: Rogue Paging's Pixel Exploit and the CMMC rollout, Governor Newsom Science AI Regulations on

[00:00:15] [SPEAKER_00]: Deep Fakes and Political Ads, while SB 1047 awaits a final decision, and Intels Foundry Gamble,

[00:00:23] [SPEAKER_00]: balancing extra capital and contract losses to drive their growth.

[00:00:27] [SPEAKER_00]: This is the Business of Tech.

[00:00:32] [SPEAKER_00]: A series of simultaneous explosions of handheld pages in Lebanon and Syria injured at least 8 people,

[00:00:38] [SPEAKER_00]: including members of Hezbollah amid rising tensions with Israel.

[00:00:42] [SPEAKER_00]: The explosions are believed to be a sophisticated attack attributed to Israel, targeting Hezbollah

[00:00:48] [SPEAKER_00]: members who are warned against carrying electronic devices.

[00:00:52] [SPEAKER_00]: Hospitals are on alert for emergency patients, and the health ministry has advised

[00:00:56] [SPEAKER_00]: people to avoid pages.

[00:00:59] [SPEAKER_00]: And from dark reading, a new covert channel attack method, PIXL, can exploit air-gapped

[00:01:06] [SPEAKER_00]: networks by transmitting data using sound waves generated from LCD screens.

[00:01:13] [SPEAKER_00]: This attack requires control over devices on both sides of the air gap, and can transmit

[00:01:19] [SPEAKER_00]: information via inaudible high frequency sounds.

[00:01:23] [SPEAKER_00]: While physical air gaps adequately protect most organizations, sensitive sites may need

[00:01:28] [SPEAKER_00]: additional measures to counter such covert attacks, including unit directional gateways and

[00:01:34] [SPEAKER_00]: increased distances between systems to reduce the feasibility of exploitation.

[00:01:40] [SPEAKER_00]: A security researcher Benjamin Harris, exploited a rogue who is server by acquiring the expired

[00:01:47] [SPEAKER_00]: domain.movieuregistry.net, this enabled him to generate counterfeit certificates and track

[00:01:55] [SPEAKER_00]: email activity. His server received millions of queries from major entities, highlighting vulnerabilities

[00:02:01] [SPEAKER_00]: in the trust of the who is system. Harris populated the database with fake data, allowing

[00:02:07] [SPEAKER_00]: him to manipulate certificate authority processes, and potentially intercept communications.

[00:02:13] [SPEAKER_00]: Now, it's not all bad news. Sissa has released new checklist to assist state and local

[00:02:20] [SPEAKER_00]: election administrators in enhancing cybersecurity and physical security for election systems

[00:02:25] [SPEAKER_00]: ahead of the presidential election. Recommendations include activating multi-factor authentication,

[00:02:31] [SPEAKER_00]: separating election networks, ensuring encrypted backups, and utilizing cyber hygiene tools

[00:02:36] [SPEAKER_00]: to address evolving threats. And the cybersecurity maturity model certification or CMMC roll

[00:02:42] [SPEAKER_00]: out by the Pentagon includes developing training and tools for program managers to mark

[00:02:48] [SPEAKER_00]: properly controlled unclassified information or CUI. A recent Inspector General report highlighted

[00:02:55] [SPEAKER_00]: in consistency in CUI marking, which could pose risks under a CMMC requirements. The phase roll

[00:03:02] [SPEAKER_00]: out of CMMC will take three years, during which contractors must identify their CUI.

[00:03:08] [SPEAKER_00]: The DOD is focused on preventing data theft by adversaries and is working to enhance training

[00:03:13] [SPEAKER_00]: and tools for consistency in application. Why do we care? Well, today there's a lot about

[00:03:20] [SPEAKER_00]: unusual attack vectors. A reminder, most will not be victims of this kind of attack. I just wanted

[00:03:26] [SPEAKER_00]: to make sure the audience was aware of them. That said, much more of the broad industry interacts

[00:03:32] [SPEAKER_00]: with defense than you might think. Don't think about fighter jets. Consider the company that

[00:03:37] [SPEAKER_00]: makes the bolts that hold the plane together. There will be ever increasing reach of CMMC.

[00:03:44] [SPEAKER_00]: I predicted recently that this will become the broad standard beyond defense. It's time to start

[00:03:49] [SPEAKER_00]: considering it if you're not in defense. Well, there's many breaches and security concerns as I

[00:03:57] [SPEAKER_00]: report in this show. It should be obvious that cybersecurity is not just about technology,

[00:04:02] [SPEAKER_00]: but also the human expertise needed to interpret and respond to complex threats.

[00:04:08] [SPEAKER_00]: Huntress is focused on elevating SMBs and MSPs around the world. Huntress has a suite of fully

[00:04:15] [SPEAKER_00]: managed cybersecurity solutions powered by a 24x7 human-led sock dedicated to continuous monitoring,

[00:04:23] [SPEAKER_00]: expert investigation and rapid response. And the proof is the execution. Huntress is the number one

[00:04:30] [SPEAKER_00]: rated EDR for SMBs on G2. Want to know more about the platform? Visit huntress.com slash

[00:04:38] [SPEAKER_00]: MSP radio to learn more. And an update, Governor Gavin Newsom expressed concerns about California's

[00:04:47] [SPEAKER_00]: AI Bill SB 1047, which aims to prevent AI-related disasters by holding vendors accountable.

[00:04:53] [SPEAKER_00]: The bill has passed the legislature in California. He emphasized the need for regulations that

[00:04:59] [SPEAKER_00]: address current risks without hindering the AI industry. While he acknowledged the bill's potential

[00:05:04] [SPEAKER_00]: impact, he has not yet decided whether to sign or veto it, fixing pressure from supporters

[00:05:10] [SPEAKER_00]: and critics within the tech community. He signed five other bills into law around AI. He measures

[00:05:17] [SPEAKER_00]: include requiring platforms to remove or label election deep-bakes, mandatory disposers for AI

[00:05:23] [SPEAKER_00]: generated political ads, and prohibiting studios from creating AI replicas of actors without consent.

[00:05:31] [SPEAKER_00]: The Biden administration will host a global AI safety summit on November 20, 21st,

[00:05:37] [SPEAKER_00]: in San Francisco, aiming to enhance international cooperation on the safe development of

[00:05:42] [SPEAKER_00]: artificial intelligence. The summit will involve members of the international network of AI

[00:05:47] [SPEAKER_00]: safety institutes and focus on technical collaboration and knowledge sharing,

[00:05:51] [SPEAKER_00]: addressing concerns about generative AI's potential risks. The initiative follows

[00:05:56] [SPEAKER_00]: solid legislative efforts in Congress regarding AI regulation and aims to establish safety

[00:06:01] [SPEAKER_00]: and trust in AI. A survey from solar winds reveals that 88% of IT professionals

[00:06:08] [SPEAKER_00]: support stronger government regulation of AI, citing security and privacy concerns as primary

[00:06:14] [SPEAKER_00]: issues, many emphasize the need for measures to secure infrastructure and safeguard sensitive

[00:06:19] [SPEAKER_00]: information. Additionally, 55% believe government intervention is necessary to combat misinformation.

[00:06:26] [SPEAKER_00]: While 50% advocate for transparency in AI development, trust in data quality is low with only

[00:06:32] [SPEAKER_00]: 38% feeling confident and 40% attribute it. Trust in data quality is low with only 38%

[00:06:40] [SPEAKER_00]: feeling confident and 40% attribute AI issues to algorithmic errors from biased data. A significant

[00:06:47] [SPEAKER_00]: barrier to AI adoption is the lack of preparedness for data demands, with 46% believing their

[00:06:53] [SPEAKER_00]: companies are slow to implement AI due to data quality challenges. Why do we care?

[00:07:00] [SPEAKER_00]: So no answer from new set. In my perfect world, Congress would handle this at a federal level,

[00:07:06] [SPEAKER_00]: and this AI regulation is broadly popular so resistance isn't the hold up. Regardless of

[00:07:11] [SPEAKER_00]: the implementation of the law, the framework that bills are ones to leverage. It if you're

[00:07:16] [SPEAKER_00]: applying even without the law, you'll keep your customers out of trouble. Companies that align

[00:07:21] [SPEAKER_00]: with the spirit of these laws now will be better positioned to meet both customer expectations

[00:07:26] [SPEAKER_00]: and regulatory requirements as they evolve. I swear I'm not picking on Intel. I swear these are just

[00:07:34] [SPEAKER_00]: updates. First, the information reporting that Intel plans to separate its Foundry business

[00:07:40] [SPEAKER_00]: into an independent subsidiary to raise outside capital and a struck a deal with Amazon to develop

[00:07:45] [SPEAKER_00]: an AI fabric chip for server networking, part of a multi-billion dollar framework. The company

[00:07:51] [SPEAKER_00]: is also received $3 billion in funding under the CHIPS Act, prevent semiconductor manufacturing,

[00:07:57] [SPEAKER_00]: following an earlier $8.5 billion grant for U.S fabrication facilities. Intel stock rose over

[00:08:04] [SPEAKER_00]: 8% after the announcement, despite a 56% decline earlier this year. Specifically, the Biden administration

[00:08:11] [SPEAKER_00]: has directed Intel to develop a secure on-clave from microelectronics, which is crucial for

[00:08:17] [SPEAKER_00]: national security and weapon systems. Being issued of aims to enhance semiconductor manufacturing

[00:08:22] [SPEAKER_00]: and technology development in the U.S. Reflecting a commitment to secure supply chains and advance

[00:08:27] [SPEAKER_00]: manufacturing. The company has a history of collaboration with the Department of Defense

[00:08:32] [SPEAKER_00]: on semiconductor projects. And Reuters reported that Intel lost the contract to design the

[00:08:38] [SPEAKER_00]: PlayStation 6 chip to AMD in 2022 due to a dispute over profit margins. The contract could have generated

[00:08:47] [SPEAKER_00]: approximately $30 billion in revenue. The loss hamper's Intel's efforts to build its contract

[00:08:53] [SPEAKER_00]: manufacturing business, which is crucial for its turnaround strategy. The PlayStation console

[00:08:58] [SPEAKER_00]: business typically sells over 100 million units, providing steady revenue. But Intel's failure

[00:09:04] [SPEAKER_00]: to secure the deal highlights the challenges and attracting the most key customers for its operations.

[00:09:10] [SPEAKER_00]: Why do we care? Intel struggled to capture key clients like Sony PlayStation,

[00:09:15] [SPEAKER_00]: highlights potential challenges in its contract manufacturing business. For non-gamer's,

[00:09:20] [SPEAKER_00]: a key element was delivering backward compatibility for existing consoles. By separating its

[00:09:26] [SPEAKER_00]: boundary business into a subsidiary, Intel aims to bring in extra capital to fuel growth,

[00:09:32] [SPEAKER_00]: losing out to AMD here emphasizes the fragility of Intel's turnaround efforts.

[00:09:37] [SPEAKER_00]: Intel's restructuring could lead to growth, but only if it can secure large steady contracts,

[00:09:43] [SPEAKER_00]: while balancing the financial and operational challenges of running a boundary business.

[00:09:48] [SPEAKER_00]: Who can it win as customers? I don't have the answer, but I don't have to. They do.

[00:09:55] [SPEAKER_00]: One minute, EDR and MDR providers are telling you you don't need a sim. And the next,

[00:10:01] [SPEAKER_00]: they're telling you to duck tape some logs together and upsell you an add-on.

[00:10:06] [SPEAKER_00]: Blue Meryl offers a game-changing cloud sim platform designed for IT teams of any size,

[00:10:13] [SPEAKER_00]: unlimited ingestion, unlimited integrations, managed detections, guided response,

[00:10:18] [SPEAKER_00]: one year retention, and 24 by 7 sox support. And the best part, Blue Meryl is free

[00:10:24] [SPEAKER_00]: for MSPs. Don't settle for a sim-ish add-on. Get started with your NFR account at

[00:10:32] [SPEAKER_00]: BlueMeryl.com slash radio that's BLUMIRA.com slash radio.

[00:10:41] [SPEAKER_00]: Thanks for listening. Today is National Cheeseburger Day. Does it really matter about any other

[00:10:47] [SPEAKER_00]: national days when you're thinking about a cheeseburger? I'm speaking on a webinar for

[00:10:52] [SPEAKER_00]: review tomorrow entitled Differentiate Your MSP Business by governing and securing M365.

[00:10:59] [SPEAKER_00]: Join me on September 19 that 10 AM Eastern, the link is in the show notes.

[00:11:05] [SPEAKER_00]: If you like the show, make sure to share it and follow on your favorite platforms. And the

[00:11:09] [SPEAKER_00]: number one thing you can do is share it with a colleague. I'll talk to you again tomorrow.

[00:11:17] [SPEAKER_00]: The Business of Tech is written in produced by me Dave Solbel under Ethics guidelines,

[00:11:22] [SPEAKER_00]: post it at businessof.tech. If you like the content, please make sure to hit that like button,

[00:11:28] [SPEAKER_00]: follow or subscribe. It's free and easy and the best way to support the show and help us grow.

[00:11:35] [SPEAKER_00]: You can also check out our Patreon. We can join the Business of Tech Community at patreon.com slash

[00:11:42] [SPEAKER_00]: MSP radio or by our Why do we care merch at businessof.tech. Finally, if you're interested in

[00:11:49] [SPEAKER_00]: advertising on the show, visit MSPradio.com slash engage. Once again, thanks for listening to me.

[00:11:57] [SPEAKER_00]: I'll talk to you again on our next episode of the Business of Tech.