Host Dave Sobel discusses significant cybersecurity developments involving the U.S. Treasury Department and its recent breach linked to Chinese hackers. The breach, which was discovered on December 8, 2024, involved unauthorized access to unclassified documents within the Office of Foreign Assets Control, raising alarms about the potential exposure of sensitive information related to economic sanctions. The episode highlights the ongoing investigations and the U.S. government's response, including sanctions imposed on a Chinese cybersecurity firm involved in the Flax Typhoon cyber attacks that compromised numerous internet-connected devices globally.
Sobel also addresses the national security concerns surrounding TP-Link internet routers, which hold a dominant market share in the U.S. The Commerce, Defense, and Justice Departments are investigating the company due to its alleged ties to Chinese cyber threats and its failure to rectify security vulnerabilities. The episode emphasizes the importance of securing cloud systems, as CISA has mandated federal agencies to conduct security assessments in light of recent breaches attributed to foreign hackers. This directive aims to enhance the security posture of federal cloud environments and protect sensitive information.
The discussion shifts to the leadership transition at PIA, where CEO Jerwai Todd has stepped down after a year, passing the reins to an executive group. Sobel reflects on the challenges of dual CEO roles and the importance of operational stability during this transition. He notes Todd's contributions to the company, including the launch of an AI-driven help desk ticketing system, and emphasizes the need for a capable leader to navigate the competitive landscape of help desk automation.
Finally, the episode covers OpenAI's recent announcements regarding its new reasoning models, O1 and O3, which aim to enhance AI capabilities and approach artificial general intelligence. Sobel discusses the implications of OpenAI's shift towards a for-profit model and the potential impact on the development of AI technologies. He highlights the need for practical applications of these advancements and the importance of addressing concerns about the ethical implications of AI development. The episode concludes with a reminder of the significance of these developments in the broader context of technology and national security.
Three things to know today
00:00 From Treasury Hacks to Router Risks: The U.S. Grapples with China’s Cyber Onslaught
06:31 Dual CEO Role Dilemmas: Gerwai Todd Passes the Torch at Pia
08:51 AI Gets a Power Boost: OpenAI’s Big Plans, Bigger Models, and a Push for Profits
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:00] Richtig spannend, richtig vielfältig. Das ist deine Karriere bei Kaufland. Ob Trainee-Programm, Direkteinstieg, Studentenjob oder Praktikum. Finde bei uns den Einstieg, der zu dir passt. Profitiere von einer attraktiven Vergütung, spannenden Aufgaben und individuellen Entwicklungsmöglichkeiten. Werde jetzt Teil unseres Teams. Bewirb dich jetzt unter www.kaufland.de.
[00:00:23] slash Studenten. Kaufland. Hier bin ich richtig.
[00:00:55] Die US Treasury Department hat confirmed that hackers linked to the Chinese government breached its Office of Foreign Assets Control, which oversees economic sanctions.
[00:01:06] Officials noted that the hackers accessed unclassified documents, raising concerns about the potential disclosure of sensitive information regarding sanctions deliberations.
[00:01:16] The breach, which the Treasury became aware of on December 8th, 2024, leveraged a private key from the technology vendor BeyondTrust, which is utilized for remote support that the hackers had acquired.
[00:01:29] The Treasury's Assistant Secretary for Management described the incident as major and investigations are ongoing to assess the full impact of the breach.
[00:01:38] The Treasury Department imposed sanctions on a cyber security firm based in China, Beijing Integrity Technology Group, in response to its involvement in the Flax Typhoon cyberattacks, which compromised approximately 260,000 internet-connected devices globally, with half located in the United States.
[00:01:57] These attacks, linked to Chinese state actors, targeted government and industrial networks in multiple regions, including the US, Taiwan, and Europe.
[00:02:05] The firm plays a significant role in servicing China's police and intelligence services and is believed to have facilitated the infiltration by obscuring the identity of the original hackers.
[00:02:16] The Cybersecurity and Infrastructure Security Agency, known as CISA, announced no evidence of a broader government hack beyond the US Treasury Department.
[00:02:26] CISA is actively monitoring the situation and working with federal authorities to ensure a thorough response to the incident.
[00:02:32] The United States is considering banning TP-Link internet routers due to national security concerns linked to Chinese cyberattacks.
[00:02:41] Investigations by the Commerce, Defense, and Justice Departments are underway, with reports indicating that TP-Link has been subpoenaed.
[00:02:49] The company holds a dominant 65 percent share of the US router market, primarily because of the low cost of its product, which government agencies, including the Defense Department, widely use.
[00:03:01] Additionally, concerns have been raised about TP-Link's failure to address security flaws in its devices, with Microsoft revealing that compromised devices manufactured by TP-Link have been targeted by a hacking campaign linked to the Chinese government.
[00:03:17] And CISA has ordered federal agencies to secure their Microsoft cloud systems.
[00:03:21] The directive requires agencies to identify their cloud systems and implement necessary security assessments, with compliance deadlines set for February 21st of this year, and continuous reporting on requirements expected by April 25th.
[00:03:35] Between 2023 and 2024, at least two significant breaches attributed to Russian and Chinese hackers raised alarms about vulnerabilities in cloud configurations.
[00:03:46] This new mandate builds on previous guidance from the Secure Cloud Business Applications Initiative, which aims to protect federal information in cloud environments.
[00:03:57] CISA emphasizes that all organizations should adopt these security practices to safeguard against evolving cyber threats.
[00:04:04] And CISA has released an updated National Cyber Incident Response Plan, the first update since 2016.
[00:04:10] The draft plan, developed with input from over 150 experts from 66 organizations, aims to provide a practical roadmap for government and industry collaboration during major cyber events.
[00:04:22] Comments on the plan are due by January 15th.
[00:04:25] Significant changes include a defined path for non-federal entities to engage with the government and preparation for new reporting requirements for critical infrastructure organizations.
[00:04:35] CISA has reported significant progress in addressing vulnerabilities exposed by the SolarWinds cyber attack four years ago.
[00:04:43] Jeff Green, CISA's Executive Assistant Director for Cybersecurity, stated that the agency can now monitor over 5 million devices across 94 federal agencies, enhancing visibility into potential cyber incidents.
[00:04:56] Following a cybersecurity executive order signed by President Biden in May of 2021, CISA has improved data tracking and logging capabilities, allowing for faster incident responses.
[00:05:08] Green emphasized that CISA can now analyze threats in real time, which has enabled the agencies to detect nation-state activities effectively.
[00:05:17] Why do we care?
[00:05:19] If this was physical, it'd be the headline news.
[00:05:31] While I'm no way advocating for doing nothing regarding cybersecurity, I have a customer-centric view of cybersecurity.
[00:05:39] Cyber attacks are essentially treated as the cost of doing business, with no meaningful escalation to impose real costs on the perpetrators.
[00:05:48] Calls for enhanced cybersecurity tools and compliance requirements for federal agencies often lead to significant expenditures without addressing the root problem.
[00:05:58] State sponsors' attackers are playing a different game.
[00:06:02] Throwing money at tools and systems is futile if breaches continue to occur due to human error or exploitable vendor weaknesses.
[00:06:10] If you're in charge of the business of defending customers, you want change.
[00:06:15] Incentivizing companies to adopt secure supply chain practices, perhaps through tax breaks or procurement preferences, could reduce vulnerabilities.
[00:06:24] And that could also eventually lead to penalties.
[00:06:27] For China, cyber attacks are a low-cost, high-reward strategy.
[00:06:32] Without a more assertive response, the U.S. risks normalizing these attacks, signaling that even breaches of critical systems like the Treasury can occur without serious consequences.
[00:06:43] The industry must advocate for comprehensive strategies that blend defense, offense, deterrence, and diplomacy.
[00:06:51] Recognizing that cybersecurity isn't just a technical problem.
[00:06:54] It's a cornerstone of national security.
[00:06:59] PIA CEO Gerway Todd has resigned after approximately a year at the helm of the help desk automation platform, transferring leadership to an executive group.
[00:07:07] Todd, who co-founded TimeZest, a scheduling automation tool provider, will continue his role there as CEO.
[00:07:14] In a statement, Todd emphasized the importance of having a dedicated leader for PIA, stating that leading two companies was more challenging than anticipated.
[00:07:23] PIA acknowledged Todd's contributions, including the launch of the AI Triage Help Desk ticket offering and expanding its customer base, particularly in the United States.
[00:07:32] As part of its transition, PIA will form a growth advisory committee to guide the company's future direction while searching for a new CEO globally.
[00:07:42] Christian Pachenko founded PIA in March of 2022, an offshoot from his virtual IT group, an MSP, founded in April 2015.
[00:07:51] Christian is listed as managing director for PIA.
[00:07:54] I had some questions, so I asked, and the PIA team replied.
[00:07:58] First, in regard to Christian, quote,
[00:08:01] It should also be highlighted that whilst continuing in his capacity as a major investor, Christian is not involved in the day-to-day operations of PIA,
[00:08:09] with the founding executive team and shareholders continuing to be solely involved in driving the business, all of whom had been part of VITG.
[00:08:17] This includes Aaron Hardy-Bradsley, chief technology officer, Nick Ferraro, chief strategy officer, and Terry Irons, chief information officer slash CISO, in addition to David Apollo, chief financial officer, end quote.
[00:08:32] Why do we care?
[00:08:33] I want to highlight something.
[00:08:35] Dual CEO positions rarely work.
[00:08:38] First, assume you are not Elon Musk, nor is anyone else handling dual CEO roles, and it's debatable even for Elon.
[00:08:46] Based on statements, it seems Gerwai was intending to transition out at TimeZest, but that didn't work.
[00:08:52] Now, I have a bias of light for Gerwai, as I've known him for a very long time.
[00:08:56] The team there highlights the, quote,
[00:08:58] Highly competent and seasoned leadership team in place managing the daily operations of the business, end quote.
[00:09:05] Success will depend on maintaining operational stability, reassuring customers, and selecting a leader capable of scaling the company in a competitive and evolving market.
[00:09:16] I'm watching for that execution.
[00:09:20] I also wanted to catch up on some product announcements from the holiday break.
[00:09:24] OpenAI has announced the rollout of its reasoning model, O1, to its application programming interface, but initially only for select developers who meet specific criteria, including a minimum spend of $1,000 and having an account older than 30 days.
[00:09:39] O1 is designed to fact-check itself and provides more customizable features, although it comes at a higher cost of $15 for every 750,000 words analyzed and $60 for generated words, making it six times more expensive than OpenAI's latest non-reasoning model.
[00:09:57] And OpenAI unveiled its new reasoning model, O3, which it claims represents a significant breakthrough in artificial intelligence.
[00:10:04] The company states that O3, alongside its smaller version, O3 Mini, approaches artificial general intelligence under certain conditions, although it comes with important caveats.
[00:10:14] CEO Sam Altman indicated that while O3 has demonstrated a notable improvement over its predecessor, O1, achieving an 87.5% score on the ARK AGI benchmark,
[00:10:26] the model still struggles with simple tasks.
[00:10:29] Notably, O3 outperforms O1 by 22.8 percentage points on programming benchmarks and achieves nearly 97% accuracy on a prestigious mathematics exam.
[00:10:41] OpenAI plans to launch O3 Mini by the end of January with a preview of O3 to follow.
[00:10:47] OpenAI has expanded its desktop app integrations, enhancing its capabilities with several new applications,
[00:10:53] including coding environments and productivity tools.
[00:10:56] Users can now utilize ChatGPT with popular applications like BB Edit, Visual Studio Code, Apple Notes, and Notion,
[00:11:04] allowing for a more seamless experience as the AI assistants in coding and project management.
[00:11:09] Kevin Weil, OpenAI's Chief Product Officer, emphasized that these improvements aim to create a more agentic experience,
[00:11:15] where ChatGPT not only answers questions, but also performs tasks on users' behalf.
[00:11:21] OpenAI announced significant updates to ChatGPT search, making the feature available globally to all users, including those with 30 accounts.
[00:11:30] Users can now activate live web search by clicking the globe icon in the compose bar.
[00:11:36] Notably, the updated search results will prioritize links to websites before text-based responses from the chatbot.
[00:11:43] Additionally, users can now conduct voice searches, allowing them to request real-time information on travel and weather using one of 10 preset voice styles.
[00:11:53] The mobile apps for ChatGPT have also been integrated with Apple Maps and Google Maps for location-based searches.
[00:12:01] And OpenAI also plans to transition to a for-profit entity aiming to become a public-benefit corporation by early 2025.
[00:12:08] This new structure will allow it to raise necessary capital for developing artificial general intelligence,
[00:12:14] while maintaining a non-profit arm dedicated to charitable initiatives in fields like healthcare and education.
[00:12:21] Why do we care?
[00:12:23] OpenAI is moving to be about profit, and I'll note they also recently defined artificial general intelligence as the amount of profit they make,
[00:12:31] not any technical criteria.
[00:12:33] Financial motivations are generally the clearest explanation for any company move.
[00:12:37] What we're looking for is practical uses for the products being released that are cost-effective.
[00:12:44] I believe there are practical use cases to be identified, particularly around summarization,
[00:12:49] and additionally will highlight that there are also concerns about how the models were created.
[00:12:54] Companies like OpenAI will need to prove that there are viable models for their own operations too.
[00:12:59] May live in interesting times.
[00:13:01] Those that can figure out the equation here stand to be winners.
[00:13:07] Thanks for listening.
[00:13:08] Today is National Bobblehead Day.
[00:13:11] Really, that was the best of the bunch.
[00:13:13] The Business of Tech is written and produced by me, Dave Sobel,
[00:13:18] under ethics guidelines posted at businessof.tech.
[00:13:21] If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform.
[00:13:26] It's free and helps directly.
[00:13:29] Give us a review too.
[00:13:30] If you want to support the show, visit patreon.com slash MSP radio and you'll get access to content
[00:13:37] early or buy our Why Do We Care merch at businessof.tech.
[00:13:42] Have a question you want answered?
[00:13:44] We take listener questions, send them in, ideally as a voice memo or video to question at
[00:13:50] MSP radio.com.
[00:13:51] I answer listener questions live on our Wednesday live show on YouTube and LinkedIn.
[00:13:57] If you've got a comment or a thought on a story, put it in the comments if you're on YouTube
[00:14:01] or reach out on LinkedIn if you're listening to the podcast.
[00:14:04] And if you want to advertise on the show, visit MSP radio.com slash engage.
[00:14:10] Once again, thanks for listening and I will talk to you again on our next episode.
[00:14:17] Part of the MSP radio network.