Biden Administration's Liability for Insecure Software, AWS Leadership Change, Pax8 Non-Profits

[00:00:02] It's Thursday, May 16th, 2024, and I'm Dave Sult.

[00:00:05] Four things to know today.

[00:00:07] The Biden administration pursues a liability framework for insecure software,

[00:00:12] shifting the security burden to developers.

[00:00:14] Adam Slolipski steps down as the AWS CEO, Matt Gorman to lead the cloud giant.

[00:00:20] PAX 8's new initiative aims to enhance support for nonprofits through their IT service provider, and

[00:00:27] Microsoft resolves VPN connection failures with the May 2024 Patch Tuesday updates.

[00:00:33] This is the Business of Tech.

[00:00:37] Let's do some legislation and regulation.

[00:00:41] The Biden administration plans to hold the software industry accountable for insecure

[00:00:45] software by pursuing a liability framework.

[00:00:48] The goal is to shift the security burden from technology users to the companies that build it.

[00:00:54] The administration aims to incentivize long-term investment in cybersecurity and resilience

[00:00:59] rather than open the industry to lawsuits.

[00:01:02] The Office of the National Cyber Director has engaged software developers in plans to expand

[00:01:07] outreach to include consumer advocates and critical infrastructure providers.

[00:01:12] The pursuit of software liability was included in the Cybersecurity Posture Report.

[00:01:18] A bipartisan group of senators has published a 31-page

[00:01:22] roadmap for regulating artificial intelligence, calling for increased federal spending in AI

[00:01:27] research and development and legislation to address AI harms, protect elections,

[00:01:32] and mitigate risks in sectors like health care and housing.

[00:01:35] While AI companies continue to advance their technologies, the senators aim to pursue a

[00:01:40] piecemeal approach, focusing on urgent AI issues and passing bills as they become ready.

[00:01:46] The senators are confident that some AI bills can pass the Senate by the end of the year,

[00:01:52] with ongoing work on AI regulation expected in the next Congress.

[00:01:57] A Senate study proposes allocating at least $32 billion annually for AI programs in the

[00:02:03] United States, covering areas such as infrastructure, national security risk

[00:02:08] assessments, and AI research and development.

[00:02:11] A report outlines various recommendations, including cross-government collaboration,

[00:02:16] AI hardware and software funding, AI grand challenges, and cybersecurity in elections.

[00:02:22] While the document serves as a roadmap rather than a detailed policy proposal,

[00:02:26] it highlights the importance of investing in AI to maintain competitiveness with other countries.

[00:02:32] For context, according to a Politico poll, most Americans support AI data regulations.

[00:02:37] Poll found that 60% of respondents believe AI companies should not be able to train on public

[00:02:42] data freely, and nearly three-quarters think companies should compensate the creators of that

[00:02:47] data. Additionally, 78% of respondents believe there should be regulations on using public data

[00:02:53] to train AI models.

[00:02:56] A House bill calls on the Cybersecurity and Infrastructure Security Agency

[00:03:00] to establish an internal task force that addresses safety and security concerns

[00:03:04] related to artificial intelligence. The task force, required to be formed within one year

[00:03:09] of the bill's enactment, will coordinate with federal agencies and provide recommendations for

[00:03:13] changes to agency security initiatives and programs.

[00:03:18] The National Institute of Standards and Technology has issued final guidance updates

[00:03:22] aimed at helping organizations protect and secure controlled, unclassified information.

[00:03:28] The updates clarify previous guidance and provide assessment procedures and examples.

[00:03:33] In the coming months, NIST plans to revise other publications related to

[00:03:38] controlled, unclassified information.

[00:03:41] NIST also plans to make further changes to the NICE framework, which defines cyber workforce

[00:03:47] roles to strengthen the federal cyber workforce. The changes will include updating and adding roles

[00:03:53] such as risk analysis and program management.

[00:03:56] NIST also plans to incorporate AI into the framework's skills definitions.

[00:04:01] Why do we care?

[00:04:03] Biden administration's push to hold software industry accountable for insecure software

[00:04:08] is a significant shift in cybersecurity policy. By shifting the burden from end users to

[00:04:13] software developers, the initiative aims to incentivize long-term investment.

[00:04:18] For MSPs, this could mean working with more secure and reliable software, reducing the

[00:04:23] incidence of vulnerabilities that need to be managed. However, it also means that MSPs

[00:04:28] will need to stay abreast of compliance requirements and ensure that the software they deploy meets

[00:04:33] new security standards. Now, I'm all for it. Vendors have responsibility for what they build

[00:04:39] and codifying that is required.

[00:04:42] The bipartisan Senate roadmap for regulating AI and proposed $32 billion annual investment

[00:04:48] highlights the importance of AI in national policy right now.

[00:04:52] Watch this space. Will we get all the things?

[00:04:59] Are you ready to spot opportunities by aligning IT with your clients' business strategies?

[00:05:04] GetInSync equips MSPs and IT professionals with the tools, methods, and training to deeply

[00:05:10] understand client strategies, ensuring IT investments directly support key business

[00:05:15] objectives for tangible outcomes. With GetInSync, you gain critical insights that empower decisive

[00:05:22] actions, enhancing your competitive offering. This solidifies your role as a trusted advisor

[00:05:28] and supports your clients' strategic needs, bringing greater success.

[00:05:32] Test your readiness to become a certified GetInSync-trusted business advisor with our

[00:05:37] free online assessment. Accept the challenge and discover if you have what it takes to become

[00:05:42] an indispensable strategic partner for your clients. Begin your journey with GetInSync.

[00:05:48] Visit getinsync.ca to learn more.

[00:05:54] Adam Sulepski, CEO of Amazon Web Services, has resigned to focus on family, with Matt Garman

[00:06:02] taking over as the new CEO. Despite facing declining revenues, AWS remains a leader in

[00:06:08] the cloud services industry. Sulepski's compensation in 2022 was over $41.1 million.

[00:06:15] Garman, who was speculated as a frontrunner for the CEO position and is an AWS lifer,

[00:06:21] expressed gratitude for Sulepski's leadership and hinted at upcoming organizational changes.

[00:06:26] Garman will officially assume the role on June 3rd.

[00:06:31] Why do we care? So I'll be forward. I'm not sure. A leadership change at AWS is important.

[00:06:38] My general advice at leadership changes is to wait and see. The change could bring new strategic

[00:06:44] directions, organizational adjustments, and market impacts. That said, I don't have any particular

[00:06:49] reason to believe this signals a change in strategy. Yet I feel irresponsible not to cover it.

[00:06:56] So here we are.

[00:07:00] PAX 8 has launched PAX 8 Tech for Nonprofit, a program designed for non-profit organizations

[00:07:06] and the IT service providers supporting them. The program offers tailored solutions,

[00:07:10] enablement resources, and a holistic technology stack from various vendors. It aims to increase

[00:07:16] support for non-profit organizations and help them grow their impact.

[00:07:21] Why do we care? For those who work with non-profits, this is very notable. My MSP was focused in this

[00:07:27] area so this would have been significant news for me at the time, unless I include it for those

[00:07:32] providers who do non-profit work. Microsoft has fixed VPN connection failures caused by the April

[00:07:42] Windows Security updates. The issue affected Windows 11, Windows 10, and Windows Server 2008

[00:07:48] and later. Home users can use the Windows Get Help app while business and enterprise

[00:07:52] customers can reach out via the Support for Business portal for support.

[00:07:56] The VPN failures were resolved in the May 2024 Patch Tuesday cumulative updates.

[00:08:03] Admins can temporarily address the issue by removing the problematic April cumulative updates,

[00:08:08] which will also remove all those security fixes. Microsoft has previously discussed

[00:08:13] VPN speed issues and domain controller reboots in other updates.

[00:08:18] Why do we care? Well, I mentioned the problem before and I wanted to close the loop on its repair.

[00:08:26] Today's episode is supported by Huntress. You want to focus on your clients and are always

[00:08:32] looking for ways to get more time. Use Huntress' fully managed cybersecurity platform

[00:08:38] to fight off cyber threats. Huntress is more than cybersecurity software for endpoints and identities.

[00:08:44] It's a 24 by 7 security operations center. It's security awareness training, community engagement,

[00:08:50] and dedicated partner support with an average CSAT score of 99.3%. Technology can only get you so far.

[00:08:59] Human expertise is what's needed to truly elevate and protect small businesses. And you get that

[00:09:05] with Huntress. Secure your clients and help them thrive with the number one rated EDR for S&Ps on

[00:09:11] G2. Visit huntress.com slash MSP radio to find out more. Thanks for listening. Today, National Mimosa

[00:09:22] Day, which would have been nice to know this morning. But for me, it's all about National

[00:09:26] Barbecue Day. Have a question you want answered? We take those lists of questions, send them in

[00:09:31] ideally as a voice memo or video to question at MSP radio.com. I answer them live on our

[00:09:36] Wednesday live show on YouTube and LinkedIn next week, 3pm. And thanks for listening. Got a comment

[00:09:42] or a thought? Put it in the comments if you're on YouTube. Reach out on LinkedIn if you're listening

[00:09:46] to the podcast. I'll talk to you again tomorrow. The Business of Tech is written and produced by me,

[00:09:53] Dave Sobel, under ethics guidelines. Post it at businessof.tech. If you like the content,

[00:09:59] please make sure to hit that like button, follow or subscribe. It's free and easy and the best way

[00:10:06] to support the show and help us grow. You can also check out our Patreon where you can join

[00:10:11] the Business of Tech community at patreon.com slash MSP radio or buy our Why do we care merch

[00:10:19] at businessof.tech. Finally, if you're interested in advertising on the show, visit MSP radio.com

[00:10:26] slash engage. Once again, thanks for listening to me. I will talk to you again on our next episode

[00:10:33] of the Business of Tech. Part of the MSP radio network.