Insights Into Technology: Episode 16 “AI, Lies and Cyber Spies”

00:00:02:16 – 00:00:07:06
Narrator
Insightful podcast.

00:00:07:08 – 00:00:15:24
Narrator
By informative hosts for all.

00:00:15:27 – 00:00:24:00
Narrator
Insights into things through a podcast network.

00:00:24:02 – 00:00:51:24
Narrator
Welcome to insights into technology. A podcast exploring the latest in computers, networking, home automation, mobile computing. And all things technology related. Our hosts will take a deeper dive into the latest and greatest in tech trends, and give you the information you need to enable your tech centric world.

00:00:51:27 – 00:01:29:05
Joseph
This is insights into technology. Episode 16 AI Lies and Cyber Spies. I’m your host, Joseph Whalen, and this is your tech news for the week. Noam vows to keep DHS out of disinformation efforts. This comes to us from Cyber Scoop. At her confirmation hearing, Christine Noam, President-Elect Trump’s pick for President Trump and at this case, President Trump’s pick for Homeland Security secretary pledged to remove the agency from efforts to combat disinformation and misinformation.

00:01:29:07 – 00:02:08:09
Joseph
The. She criticized the Cybersecurity and Infrastructure Security Agency as having gone too far off mission, and promised to make it smaller and more nimble. Noam stance aligns with her conservative concerns that federal agencies have curtailed free speech by influencing social media platforms, particularly on election security and Covid 19 narratives. Republican senators, including Rand Paul and Josh Hawley backed Noem’s position, with Paul even suggesting limiting or dismantling CSA.

00:02:08:12 – 00:02:48:12
Joseph
The agency has already rolled back its disinformation initiatives. And the Supreme Court recently rejected conservative attempts to curb government involvement in content moderation. Noom also cited meta CEO Mark Zuckerberg’s claim that the Biden administration pressured platforms to remove certain Covid 19 posts, some of which were later deemed accurate. Her comments signal a major shift in DHS policy under the incoming administration, potentially reshaping how a government engages with online information security.

00:02:48:15 – 00:03:29:02
Joseph
So yeah, this is one of the flurry of signed orders that came down from Trump on his first couple of days in office. And this also has the potential for weakening both election security and supply chain security. She says, played a crucial role in securing elections and protecting critical infrastructure, including the private sector. Rolling back of disinformation tracking could make it easier for threat actors to manipulate public perception, influencing markets and business operations.

00:03:29:04 – 00:04:08:06
Joseph
Yeah, the increased risks for businesses with CSA, no longer playing the vital role that it’s been playing between disinformation campaigns, which serve as a precursor, typically for cyber attacks, phishing schemes and financial fraud. If CSIs scales back its focus, will enterprises need to fill the gap in identifying and mitigating disinformation driven cyber security threats? The government and private sector obviously are at risk with their coordination efforts at this point in time.

00:04:08:09 – 00:04:37:00
Joseph
She says partnerships with businesses, particularly in sectors like finance, healthcare and energy, have included an intelligence sharing of about cybersecurity threats linked to misinformation campaigns. There’s a wealth of knowledge that was transferred from the government to the private sector as part of this effort here, and that seems to be going away at this point. Will companies lose access to crucial federal threat intelligence?

00:04:37:02 – 00:05:04:01
Joseph
Or will they have to rely on private sector alternatives? And who’s going to rush in to fill those holes, those gaps that need to be filled now with she said. Out of the picture. There’s going to be an impact on social media and content moderation. We’ve already started to see that with ECS or Twitter changing to, community notes and meta now announcing that they’re following that.

00:05:04:04 – 00:05:39:29
Joseph
Gnome’s criticisms of CCS involvement in content moderation aligned with platforms like meta shifting away from their external fact checking for this, create an environment where misinformation about cyber threats or fraud or business risks spread more easily, complicating enterprise security efforts probably. Then we have the regulatory uncertainty with CCS, questionable future Senator Rand Paul suggests reducing or eliminating CSA entirely.

00:05:40:01 – 00:06:17:09
Joseph
There’s uncertainty over federal government cybersecurity mandates. There’s a number of initiatives that were started under the Biden administration, and justifiably so, to deal with the clear and present danger to our infrastructure that countries like Russia and, China and North Korea have proven to be with their hacking efforts against our infrastructure. Should enterprises expect more state level or private cybersecurity initiatives, a federal agency scaled back their oversight.

00:06:17:11 – 00:06:55:10
Joseph
I think the problem that you’re going to run into is this is another one of those things where it’s just not a priority for the Trump administration, and you can speculate on why it’s not a priority, but the fact that it’s not is putting the nation and all of our interests, commercial and government wise, at risk. So this is one of many stories we’re going to talk about today that are a slap in the face to cybersecurity and really just a reckless demonstration of power for the sake of power.

00:06:55:13 – 00:07:25:18
Joseph
There’s no legitimate reason. There’s no evidence to suggest that there’s a widespread problem. I can understand if if you think that there’s an issue with impartiality or censorship or anything along those lines, but fix it. You don’t do away with the organization that’s defending you against these very serious and very persistent threats, just because you disagree with how they go about things, you fix them.

00:07:25:18 – 00:07:48:10
Joseph
That’s what you do when you’re in power. You don’t take your bongo home like a five year old. This is going to be an interesting one. We’ll we’ll see how this goes. There’s like I said, there’s a couple of others, similar or related items that we’re going to talk about today to kind of really paint, a picture of where we’re going from a cybersecurity standpoint.

00:07:48:10 – 00:08:16:17
Joseph
And it’s not a pretty picture. So if you have comments on this, if, you disagree with my point of view or you just want to give us your point of view, and if you agree with me, I find that entertaining that many people do. But let’s talk about it. Let’s let’s address the issues. Our next story comes to us from Bleeping Computer.

00:08:16:19 – 00:08:57:24
Joseph
HP Enterprise investigates alleged data breach by Intel broker Hewlett Packard Enterprise, or HP as they’re known, is investigating claims by the threat actor Intel broker that it stole sensitive data, including source code credentials and API access. HP stated it has found no evidence of a breach, but has activated its cyber response protocols. The hacker claims to have accessed HP systems for two days, stealing information related to repay GitHub repositories and Docker builds.

00:08:57:27 – 00:09:33:03
Joseph
Intel Broker has a history of high profile cyber incidents, including breaches of Nokia, Cisco in the US House of Representatives, health care system. This latest claim follows previous alleged attacks on HP, including a 2023 breach of its Microsoft Office 365 email environment by Russian linked Apt29. As HP investigates, the incident highlights ongoing cybersecurity challenges for major tech firms.

00:09:33:05 – 00:10:04:10
Joseph
There is a growing risk of source code theft. Intel broker claims to have stolen, HP Xr2 an ILO source code which could lead to security vulnerabilities being exploited by attackers. These are low level applications, low level programs that allow for remote administration, if legitimate. How does this impact companies using HP’s enterprise backup and server management solutions?

00:10:04:11 – 00:10:32:27
Joseph
It’s kind of scary thinking someone can can hack into my ILO interface and basically do whatever they want to my hardware, API and credential security in enterprise systems is also a problem in this case. Here. This alleged theft of API access credentials and tokens underscores the critical need for robust API security. Everyone is working with APIs these days.

00:10:32:27 – 00:11:01:03
Joseph
It’s pretty much all the internet talks. It’s how your applications talk. It’s how the a lot of your smartphone applications communicate. How can enterprises better protect API endpoints to prevent unauthorized access? Are you in a hosted server or are you in the cloud? Are you running your own server? Where are these protections that need to go in? Are your developers thinking of security first?

00:11:01:09 – 00:11:25:21
Joseph
That’s always seems to be a real challenge. There’s also a challenge in detecting and mitigating these breaches. We talked a week or two ago about the number of telecom companies that were known to be breached. They were aware of the infiltration. They tried to mitigate it. And even weeks afterwards they didn’t know if they got rid of it.

00:11:25:21 – 00:11:54:16
Joseph
So so detecting and mitigation is very difficult in these cases. HPE denied finding evidence of a breach. But that’s not the first time Intel workers claimed access either. How can organizations improve breach detection and response when attackers operate covertly? One of the biggest problems you’re running into is that these are some state actors that have a tremendous amount of resources behind them.

00:11:54:18 – 00:12:06:12
Joseph
They’re very, determined. They’re very talented. And you have a lot of people that.

00:12:06:15 – 00:12:29:16
Joseph
There’s a lot of target environments out there for them to attack. They’re not just trying to do this for money. They’re trying to do this to exfiltrate information, to gain privileged access. So the intent that they have tends to be a lot more nefarious than somebody coming in with crypto malware just to make a few bucks.

00:12:29:19 – 00:13:01:22
Joseph
This is also a sign of the supply chain security domino effect. HPE serves a vast number of enterprises and government clients. If source code and credentials were leaked, how might third party organizations be impacted? What lessons can be learned from the last, past breaches like Apt29 attack on HP’s office environment? If you sit down and you take a look at these things, you’re probably going to find a pattern of intent here.

00:13:01:24 – 00:13:31:20
Joseph
There. They’re attacking the soft targets. Now. They’re trying to get access to trying to put in remote access Trojans. You’re going to see, a lot of deep, persistent threats that can be targeted at some point in time later and activated. We just have to be careful about these things. Unfortunately, the federal government now under the new administration seems to be turning away from the cautious approach that we were taking before.

00:13:31:23 – 00:13:56:02
Joseph
So all these things are kind of adding up to that, cyber siege mentality that I talked about a few weeks ago, where the enemies at the gates at this point in time, and they keep bringing reinforcements at this point and all of a sudden we want to just open the gates and let them in. At this point, they don’t even need the Trojan horse.

00:13:56:04 – 00:14:36:07
Joseph
We’ll see where this goes. Again, I can’t imagine is going any place. Could. Our next article comes to us from Info Security magazine. They talked about Zendesk subdomains being exploited for phishing attacks. Security researchers at cloud seq have uncovered a vulnerability in Zendesk s platform that allows attackers to register legitimate looking subdomains, enabling phishing and investment scams. In 2023, nearly 2000 Zendesk subdomains have been flagged as potential phishing risks.

00:14:36:09 – 00:15:18:19
Joseph
These fraudulent subdomains can bypass spam filters, making phishing emails appear more authentic, while fake customer support pages add another layer of deception. 50 of them isn’t it? Zendesk s lack of email verification for added users increases the risk of impersonation and data theft. While no large scale campaigns have been detected, organizations are urged to act proactively using phishing detection tools, blocking suspicious subdomains, and training employees on social engineering threats.

00:15:18:21 – 00:15:51:22
Joseph
As phishing tactics evolve, businesses may stay up and may stay ahead to protect their customers and operations. So this is a great example of the risks of software as a service based phishing attacks. Attackers are leveraging trusted SaaS platforms like Zendesk to bypass traditional email security filters. African enterprises protect themselves when phishing attacks originate from legitimate corporate tools.

00:15:51:25 – 00:16:20:12
Joseph
Training is probably the first one that I would lean on. There’s there’s a number of technical solutions out there. DMarc and DKIM and so forth that are built into email systems. Now that will help. Impersonation threats to customer trust are also an issue. Fraudulent Zendesk subdomains allow scammers to impersonate real brands, leading to customer data breaches and reputational damage.

00:16:20:13 – 00:16:54:08
Joseph
One of the things that Zendesk does, we use it as well, is you brand your Zendesk experience with a subdomain dot Zendesk, dot com Zendesk, then itself is a trusted domain by most of these companies. You’re sticking your my domain.com dot zendesk.com on there. That’s a sub domain. So when they impersonate you they’re sending an email from that subdomain which one looks like it’s coming from your company.

00:16:54:08 – 00:17:27:28
Joseph
And two looks like it’s coming from Zendesk. And most people whitelist Zendesk emails because so many companies out there right now use Zendesk and several other alternatives, obviously. But it it lends a certain level of, legitimacy to these phishing emails. And that’s becoming a problem. The importance of email and domain verification in SAS security is another thing that discuss Zendesk.

00:17:27:28 – 00:17:54:17
Joseph
The lack of email verification for added users increases the risk of unauthorized access and phishing campaigns, and this is actually a problem that we’ve run into ourselves with my company using Zendesk. When we had a, domain change and we ran into some problems with it, should enterprises push SAS providers to adopt stricter verification protocols? Why wouldn’t you?

00:17:54:19 – 00:18:19:27
Joseph
The more security you have, the better off you are. And yes, there is a trade off between security and convenience. But at this point in time, you need to have some level of inconvenience just to slow some of these attacks down. The biggest thing, and I harp on this all the time, and I can’t speak enough to it, is employee training and phishing awareness.

00:18:19:29 – 00:18:51:07
Joseph
Phishing tactics are evolving, as we’ve seen in this case here. For sure, and even well-trained employees may struggle to detect phishing emails from legitimate platforms. You inject AI into the formation of these phishing emails now, and it gets even more difficult. We’ve had a talked about an incident in which an entire conference call with the board of directors or C-suite was a deep fake and done on the fly.

00:18:51:08 – 00:19:18:00
Joseph
If you can convince somebody in a conversation face to face over a zoom like that, that they’re legitimate, using AI to pass an email off is not not difficult. At that point. Should enterprises increase investment in AI driven phishing detection tools? Well, I think there’s a lot of options that you could do before you get to their there’s, no before there’s fish line.

00:19:18:00 – 00:19:56:15
Joseph
There’s a number of services out there that are, training. Their purpose is to train. So they’ll send you false flag emails and anyone who opens them or clicks on them, they can be tracked statistically. They can get additional training right on the fly from that. And you can create your own training campaigns through this. So, having access to a service like that for your company to keep people trained and run campaigns and on a regular basis is probably the best way to go.

00:19:56:18 – 00:20:28:17
Joseph
The other aspect is the regulatory compliance risks for businesses. Companies affected by phishing scams using Zendesk subdomains could face compliance violations under GDPR, CcpA, or other data protection laws. Nowadays, it’s very hard for any business to operate without being under some type of, regulatory requirement. What role should cyber insurance play in mitigating financial risks from SaaS based cyber threats?

00:20:28:19 – 00:20:58:04
Joseph
Should that be covered under insurance? Or is insurance for when you’ve been compromised from that type of thing and you’ve got a breach, some kind of a, slippery slope to go down on that one there with cyber insurance. So all these and more are scary signs of attackers being much more innovative in recent weeks and months. We’re going to take a quick break here before we do.

00:20:58:05 – 00:21:33:21
Joseph
I do want to pester my listening and viewing audience to subscribe to the podcast. You can find all of the networks podcast listed as insights in the Things Anywhere You Go podcast. These days. It also invite you to give us your feedback. We’re we’re hitting more political topics this week than I normally do, so I have to imagine that I’m probably going to get somebody who’s either up at me with my opinions here.

00:21:33:24 – 00:22:01:00
Joseph
So feel free to give me give me an email. Send me an email. Let me know what you think. Let me know if I’m wrong, but argue with me. Feel free to give us a voicemail. You can call in to eight, five, 64038788. That’s (856) 403-8788. Leave a message for us and we’ll get you on the podcast. Starting a welcome debate on these topics.

00:22:01:02 – 00:22:22:09
Joseph
You can also find, links to all these and more on our official website at w w w w w w I had too many in there. Insights into things.com. We’ll be right back.

00:22:22:11 – 00:22:42:20
Narrator
Are you tired of your favorite gaming podcast? Finishing with a play? Oh, no. Well, check out no credits rolled or we play the games, but rarely finish them. How’s it going, folks? I’m Sam Whalen, your friendly host at No Credits rolled The Ultimate gaming podcast, where we dish out the latest scoops and reviews on all your beloved video games.

00:22:42:23 – 00:23:04:28
Narrator
Hey, listen. Not only that, but we spice things up with some guest interviews and even give you, yes, you, a chance to have your say. Tune in every other week for a fresh dose of no credits. Roll available on all major podcast platforms, and hit us up on social media at no credits rolled. So why wait? Let’s dive into the gaming world together.

00:23:04:29 – 00:23:19:06
Narrator
We’re finishing games is optional, but the fun is guaranteed.

00:23:19:08 – 00:23:56:11
Joseph
Welcome back to insights into Technology. Now for tech news. That’s maybe a little less doom and gloom. Now the FTC warns of surveillance pricing raising consumer costs. This comes to us from the record. A preliminary report from the Federal Trade Commission suggests businesses may be using consumer data ranging from demographics and shopping habits to even mouse movements to adjust pricing dynamically, potentially leading to higher costs from for certain consumers.

00:23:56:13 – 00:24:41:19
Joseph
The report, based on data from companies like Mastercard, Accenture and McKinsey, highlights concerns that businesses are leveraging AI pricing tools to target individuals with different prices for the same products. While some firms denied offering surveillance pricing services, the FTC remains concerned about its potential impact on fairness and transparency in consumer pricing. Outgoing FTC Chair Lina Khan called for continued investigation while the agency is seeking public input on how these practices affect consumers.

00:24:41:21 – 00:25:26:27
Joseph
The report’s findings could shape the future regulatory actions on algorithmic pricing and data privacy. So the one thing that this does is it puts AI powered pricing under some scrutiny here. Businesses increasingly rely on AI driven dynamic pricing to optimize revenue. But the FTC’s report suggests it’s may lead to unfair pricing discrimination. The closest thing I can equate this to is, insurance companies, auto insurance companies that have you put an OBD device in to monitor whether or not you exceed the speed limit and you’re braking and things like that, and then they adjust your your rates based on that.

00:25:27:00 – 00:25:50:28
Joseph
Ostensibly, they say they do it to give you a discount. But let’s be honest, the insurance companies aren’t in the business of giving discounts, are they? And you’re going to find the same thing here. They’re going to track geographically where you’re at. Are you in an affluent neighborhood? Do you drive a certain car or do you have certain spending habits?

00:25:50:28 – 00:26:16:11
Joseph
All things that they can get, you know, from your browser? If you’re looking for to buy cars online, they can tell what kind of income that you’re in, all these types of things and it’s almost a, a racket that they have at this point in time where they’re not getting enough money out of you. So they’re always trying to find a way to get more out of you.

00:26:16:14 – 00:26:45:00
Joseph
Fortunately or unfortunately, the FTC did notice this. The unfortunate part of that is that’s not the FTC that we’re going to have moving forward. There is risks for enterprises when you get into the whole data privacy and compliance stuff. The FTC signaling increased oversight on how companies collecting used consumer data for pricing strategies. I doubt that’s going to happen, at least for the next four years.

00:26:45:00 – 00:27:14:27
Joseph
So they’re probably going to get away with it at this point in time. But the United States isn’t the only place that you have to worry about with agreeable, global privacy laws coming into play, like GDPR and CcpA. Will businesses need to, reassess their data practices to avoid some regulatory backlash? Maybe. You know, I mean, everyone was hoping the FTC would take care of that, but there’s other agencies out there.

00:27:14:27 – 00:27:53:28
Joseph
There can impose fines as well. And, you know, there’s some questions about the ethics and transparency of algorithmic pricing. Everyone’s always complaining about the algorithms. If it’s a search engine one or it’s, social media or, the algorithms for your, Twitter or your. TikTok, you know, it’s always the algorithm is a problem. And now they’re applying that algorithm to, spying on us and taking that information that they get from that and basically charging us what they think they can get away with.

00:27:54:00 – 00:28:28:07
Joseph
Consumers may not realize that price changes based on personal data is good cause, raising concerns, rising concerns over, privacy and transparency. And these are topics that are already at the forefront of people’s considerations. Should businesses disclose how prices are determined? Will there be, future mandates for pricing transparency in e-commerce? These are questions that we’re going to have to answer in the coming months and years.

00:28:28:09 – 00:28:56:24
Joseph
What’s the role of third party AI pricing vendors? We’re adding more people to the mix here. The report highlights key firms like Accenture and McKinsey, which provide AI driven pricing solutions. Could enterprises face legal risks if regulators hold them accountable for the pricing tools that they adopt from third party vendors? Where does the buck stop there? Who has the responsibility?

00:28:56:27 – 00:29:32:23
Joseph
There’s a lot of gray area going on with this stuff, and this also could signal a potential shift in enterprise pricing strategies. If stricter regulations emerge, businesses may need to shift from individualized pricing models to more standardized market level pricing. Will companies opt for subscription based models or other alternatives to mitigate regulatory risks? I don’t know, but you can guarantee that their businesses are going to do what’s in the businesses best interest, and ultimately, the consumer is the one that’s going to get burned on it.

00:29:32:25 – 00:30:10:21
Joseph
I think history has kind of proven that theory through. We’ll see. Next up, Trump announces a $500 billion private sector AI investment. Elon Musk expresses his, his doubt. This comes to us from CBS news. President Trump announced a massive $500 billion private sector investment in the US, in our AI infrastructure. And this is led by OpenAI, SoftBank and Oracle under a new venture called Stargate.

00:30:10:24 – 00:30:33:21
Joseph
The initiative, unveiled at a white House briefing with executives Sam Altman, Masayoshi Son and Larry Ellison. It aims to accelerate AI development while keeping critical infrastructure within the US. Trump’s America First policy.

00:30:33:24 – 00:31:11:11
Joseph
Ellison confirmed ten data centers are already under construction in Texas, with more planned nationwide. Trump pledged to fast track regulatory approvals, citing AI as an economic and national security priority. However, Elon Musk has cast doubt on the investment scale, claiming SoftBank has secured, quote, well under 10 billion, prompting a sharp rebuttal from Altman. The Stargate project is expected to create 100,000 jobs and advance AI driven health care innovations.

00:31:11:13 – 00:31:39:24
Joseph
But details on funding sources do remain unclear, with major AI players involved and political support secured, the initiative could mark a turning point in US AI competitiveness if the promised capital materializes. There’s a We Have a story, another AI related story. After this. I don’t want to dwell on this one too much. Until we get to that, we can talk about them together.

00:31:39:27 – 00:32:12:19
Joseph
But, this does signal a bit of a game changer here for us. I compact compute capacity. With ten data centers already under construction in Texas. The initiative could bolster AI processing capabilities. Could this reduce dependency on Nvidia dominated AI cloud services, most of which are based in Asia? Right now? Rather than carriage competition in enterprise AI infrastructure?

00:32:12:21 – 00:32:37:25
Joseph
It might, but again, this is one of those things that it’s going to benefit these companies. First, they’re going to invest $500 billion. They’re going to want to get that money back, plus a lot more. So don’t expect any of this to come cheap. Expected to come for a certain amount of this to come from your tax dollars or certainly using government land for this.

00:32:37:27 – 00:33:14:08
Joseph
Is fast tracking AI development a good thing without any regulation attached to it? Trump plans to use emergency declarations to bypass regulatory hurdles, making AI infrastructure easier to build. Will it streamline enterprise AI deployment? Would it lead to long term security and environmental concerns? We talked last week about the, allocation of federal lands without environmental or water plan considerations.

00:33:14:11 – 00:33:42:23
Joseph
You’ve got a president in the office now who is a climate denier, so you’re not going to have any climate consideration with this? Probably not. I you know, I certainly don’t I don’t know what he’s thinking, but you can kind of guess, is AI driven health care going to be a major business opportunity? Sam Altman and others highlighted AI potential to revolution and AIS disease treatment.

00:33:42:26 – 00:34:18:07
Joseph
Well, if if it if it can treat diseases, could it also be used to help in germ warfare or chemical warfare? Being the paranoid individual that I am, I always look at what the other side of the coin could bring. In situations like this, I can’t help but reflect on the moral of stories like The Terminator and other apocalyptic movies where the technology has taken over.

00:34:18:09 – 00:34:46:06
Joseph
I think we’re we’re going down a slippery slope. Then there’s the funding. Even Elon Musk, the richest man in the world, is skeptical. Is 500 billion realistic? Musk claims SoftBank hasn’t secured anywhere near that much, which cast doubt on the scale of the projects. But funding falls short. Will enterprises still benefit from expanded AI infrastructure and will projects all?

00:34:46:08 – 00:35:08:29
Joseph
And what is that benefit? What is the aside from the enterprises that are involved in this investment, what is the benefit that we expect to see for, enterprises, for consumers, for companies? That’s not immediately clear here because we’re certainly not getting the services for free. It’s not going to be a federal government run program. The taxpayers pay for.

00:35:09:01 – 00:35:43:27
Joseph
It’s going to be a for profit endeavor with these companies being partners. So how does that benefit us? It certainly benefits them. Then you have competitive and geopolitical implications, which I think probably is the biggest takeaway from this. Trump emphasized keeping AI infrastructure and innovation within the US, framing it as a national security issue. Well, at the same time, we’re signing bills that would compromise that security if that’s the case.

00:35:43:27 – 00:36:07:00
Joseph
So you have you have a lot of contradictions going on right now. Will this push the US enterprises towards domestic AI solutions, or could it spark tension in global AI providers? It’s a it’s a good question. I don’t think anybody has the answer to that. And frankly, I don’t think anybody, anybody has even asked that question at this point in time to even start looking for the answers.

00:36:07:00 – 00:36:44:00
Joseph
And that’s that’s really the scary thing. I don’t know, I mean, this is this is scary stuff. And our next story here tells us that, Trump revokes Biden’s AI safety order, prioritizing innovation over regulation. This is an article from Reuters. President Trump has revoked a 2023 executive order from Joe Biden that required AI developers to report safety test results for high risk AI systems before public release.

00:36:44:03 – 00:37:18:10
Joseph
Biden’s order aimed to mitigate national security, economic and cybersecurity risks from AI, but Trump’s administration argues it hindered innovation, which, you know, we talk about security and convenience being mutually exclusive, security and innovation, not so much. You can still have innovation while having security. And I think you have to, because the more you innovate, the more security you need to protect that innovation.

00:37:18:12 – 00:37:53:21
Joseph
The repeal aligns with the Republican platform stance that I should be free from restrictive government oversight. I don’t know if I’d agree with that. I think, given the already significant influence and power that AI is demonstrated, I think anything that’s that powerful held in private hands needs some level of regulation to avoid abuse. While Trump rolled back safety measures, he did not repeal Biden’s recent order supporting AI data centers energy needs.

00:37:53:23 – 00:38:36:16
Joseph
Signaling a continued focus on expanding AI infrastructure. With export restrictions on AI chips tightening and lawmakers struggling to pass AI legislation, the repeal shifts AI governance away from federal oversight, leaving regulatory questions unanswered for enterprises and developers. So the question of AI innovation versus regulation, what does this mean for businesses? Without mandatory AI safety testing and reporting, companies may face fewer regulatory roadblocks, speeding up AI product releases.

00:38:36:18 – 00:39:06:23
Joseph
This deregulation drive US AI leadership. Or could it lead to increased security risks and ethical concerns? And as we’ve seen in the past. Chances are it’s the latter. We’re going to see significant security risks. We already do. And ethical concerns. Well, you can argue how much ethical concerns are at the forefront of Trump’s mindset at this point in time.

00:39:06:26 – 00:39:13:02
Joseph
But I don’t think that’s going to be a real consideration for him.

00:39:13:05 – 00:39:50:16
Joseph
Enterprise liability. Who takes responsibility? I think that’s a really good question to ask. With federal safety standards rolled back, companies developing AI models may face higher legal risks for their systems. Harms should enterprises self-regulate? Will they wait for state level or industry driven guidelines? I think you need some level of control. I think if you take all the safeties off of the, the AI genie here, and you let the genie out of the bottle.

00:39:50:19 – 00:40:26:00
Joseph
This is potentially as powerful, if not more powerful than nuclear weapons. Yes, it’s not destructive power, but it’s certainly a level of technology that potentially could unlock that kind of destructive power. But it can work with more nefarious intent. It can influence elections. It can undermine government agencies. It can compromise infrastructure. It can literally bring the country to its knees and let the aggressor nation walk in here and take over whatever they want.

00:40:26:03 – 00:40:52:24
Joseph
Now, it doesn’t necessarily mean they have to walk in here with guns blazing. They could very easily come in here and acquire property. They could acquire industries, they could acquire utilities, and eventually they’ll control the country that way. Through osmosis, practically. So there’s definite cybersecurity, national security implications here.

00:40:52:26 – 00:41:27:22
Joseph
What is the impact on global AI competition and the US market impact? With China ramping up its own AI development under heavy government oversight. The US is taking the opposite approach. Will this help U.S. enterprises compete globally? Or could it lead to fragmented AI regulations across international markets? These are the things that that probably needed to be answered before we made a decision like this.

00:41:27:25 – 00:41:58:01
Joseph
And I’m not even convinced that these questions weren’t asked. And that’s that’s saying something. So again, we’ll keep an eye on this, but I don’t have a particularly good feeling about the direction where this stuff is going for the next few years. And we’ll get into that a little bit more after our next break. We’ll be right back.

00:41:58:04 – 00:42:16:07
Narrator
Insights into entertainment a podcast series taking a deeper look into entertainment and media. Our husband and wife team of pop culture fanatics are exploring all things, from music and movies to television and fandom.

00:42:16:09 – 00:43:01:18
Narrator
We’ll look at the interesting and obscure entertainment news of the week. We’ll talk about theme park and pop culture news. We’ll give you the latest and greatest on pop culture conventions. We’ll give you a deep dive into Disney, Star Wars and much more. Check out our video episodes at youtube.com. Backslash. Insights into things. Our audio episodes at Podcast Insights into entertainment.com, or check us out on the web at Insights into things.com.

00:43:01:21 – 00:43:28:22
Joseph
Welcome back to insights into Technology. So we were scheduled to continue our deep dive into Zero Trust this week. But we had so many articles coming up that I think we have to take time to go over some of the more impactful ones, most of which we’ve hit so far. But there is one very significant one. I think that does not bode well for the industry.

00:43:28:22 – 00:44:07:01
Joseph
It does not bode well for the country. And I kind of wanted to spend this last segment talking about that. This is an article that comes to us from TechCrunch, and it tells us that the Trump administration fires the Cybersecurity review board members. The Trump administration has fired all members of the Cyber Safety Review Board. The CSB and other DHS or Department of Homeland Security advisory committees, a move critics call, quote, horribly shortsighted.

00:44:07:01 – 00:44:45:19
Joseph
And I would tend to agree with that. The CSB, which included private sector and government cybersecurity experts, was responsible for investigating major cyber threats, including Chinese linked breaches of U.S. telecom networks and government email systems. A DHS statement justified the decision by citing a committee, a commitment to national security, which I think is laughable, and preventing agenda driving misuse of resources, which is exactly what this was in terminating it.

00:44:45:21 – 00:45:17:20
Joseph
However, cybersecurity experts argue that dismantling the board weakens America’s ability to understand and respond to cyber threats, especially with ongoing Chinese cyber attacks. With AI, telecom and emergency preparedness committees also impacted. The decision raises concerns about the future of U.S. cybersecurity policy. So we’re in a cyber war right now. It’s an undeclared war, but it is not a Cold war.

00:45:17:21 – 00:45:53:21
Joseph
This is a war where instead of shooting bullets at each other, we’re we’re hacking each other and we’re causing financial issues. We’re calling it causing infrastructure issues. We’re not, at least by all accounts. But other countries are doing it to us. They’re attacking us and dismantling this advisory board is kind of akin to basically dismissing the army in the middle of a war.

00:45:53:28 – 00:46:46:23
Joseph
It’s disastrous. It’s it’s idiotic. It’s dangerous. It’s shortsighted. It’s reckless. And there’s no productive end to come out of this because any alleged affronts that this cyber advisory board is accused of has zero evidence presented against it. And, you know, you can get into the argument that evidence isn’t really something that concerns Donald Trump all that much. But the fact of the matter is, is that what he’s doing here is dangerous to the country now, whether that’s because he’s trying to cozy up to China or because this is more convenient for Elon Musk and his tech buddies, it’s hard to tell.

00:46:47:00 – 00:47:17:04
Joseph
But the problem is, is that these things are in place from a defensive standpoint and whatever issues you might have with them, you don’t do away with your frontline defenders until you have a replacement for it. It’s stupid. I mean, there’s no other way to describe it. You know, the enterprise security impact of Trump’s administration firing the cybersecurity board members is significant.

00:47:17:06 – 00:47:47:05
Joseph
The Trump administration’s decision to fire all members of the CSB and other DHS s advisory committees is a major shake up in federal cybersecurity strategy, raising concerns about enterprise risk exposure, national security, and industry best practices. The only reason he did this is just a blatant show, in this case, an abuse of power. There was absolutely no justifiable reason for this.

00:47:47:07 – 00:48:12:01
Joseph
And there’s nothing positive that can come out of this for the nation. If anything, it may be something positive for him as a political win or for his tech buddies that don’t want the regulation that that may have been proposed around some of these things. You know, there’s going to be a significant increase, the cyber attack attack exposure for U.S. businesses.

00:48:12:03 – 00:48:39:02
Joseph
The CSB was actively investigating major cybersecurity breaches, including attacks linked to China on U.S. telecoms and government email systems. Why would you want to stop that? What is it you’re trying? Are you hiding something? Do you not want those investigations to reveal information that may be incriminating to you, or that may embarrass a foreign dignitary that you’re trying to cozy up to?

00:48:39:04 – 00:49:17:16
Joseph
Why do you not want to do these things? I think, you know, normally my cry is to follow the money, and usually that that leads you pretty much to the root of all evil. But in this case here, I think there’s a lot of motivational evil out there to to result in this kind of decision. Katie Messer is a cybersecurity expert, criticized the decision, saying, quote, the people who serve as government advisors should be judged by skills and merit, not by political affiliation.

00:49:17:19 – 00:49:41:07
Joseph
Amen to that. You know, Trump and the Republicans are calling for our doing everything they can to disrupt the government that they seem to hate with a passion, and yet they want to stand up in front of everyone and call themselves patriots when everything that they seem to be doing is damaging the the, the safety and security of our country.

00:49:41:10 – 00:50:17:13
Joseph
Without top cybersecurity experts advising the DHS, U.S. businesses could be left more vulnerable to sophisticated state run threats and ransomware attacks. Large companies relying on federal threat intelligence, like banks, health care and critical infrastructure may now need to invest in private cybersecurity intelligence services like CrowdStrike or Mandiant. Both of which are very good at what they do when they’re doing what they do.

00:50:17:15 – 00:50:48:17
Joseph
But they’re also very expensive. Where do you think that expense is going to go? President Trump campaigned on the promise of bringing prices down. This is going to drive prices up, prices to security providers, prices to businesses that enterprises. Where do you think those costs are going to go? You think they’re going to eat the cost now? They’re going to pass it all down to the consumer, which is going to cause everything to go up again.

00:50:48:19 – 00:51:25:18
Joseph
So how critical was the Cosby’s work? A former member warned that, quote, you can’t stop what you don’t understand. Referencing the typhoon attacks that targeted critical infrastructure in the US. Altruism. They also investigated the Microsoft email breach linked to Chinese hackers in 2023. That report was widely praised for helping enterprises understand the vulnerabilities involved. With the board gone, who’s going to conduct the high profile investigations now?

00:51:25:21 – 00:51:55:15
Joseph
Nobody is qualified from Trump’s cabinet, that’s for sure. There are other countries, like the UK and EU, that have dedicated cyber security agencies with long term advisory boards, ensuring continuity of security oversight. This shouldn’t be a political thing. Cyber security is not political. Hackers aren’t political. They’re not going to stop attacking us because Trump’s in office. To think that’s just idiotic.

00:51:55:17 – 00:52:22:00
Joseph
Trump’s going to get up, you know, at a press conference every five minutes and threaten everybody. You think it’s going to make these hackers back then. You think China’s going to back down from it? No, they’re not. Cloud providers like Amazon, Google and Microsoft may face increased pressure to self-regulate security breaches without federal oversight. We’ve talked numerous times about breaches that happen here.

00:52:22:00 – 00:52:48:06
Joseph
The companies have nefariously tried to cover up or play down or mislead the people because they don’t want the bad press with the advisory board gone. They’ve got nobody that’s going to keep an eye on them at this point in time. So you’re going to get a lot more cloudy information, I think, from your providers at this point.

00:52:48:09 – 00:53:09:25
Joseph
The DHS statement suggested that the advisory boards were pushing an agenda, implying that Trump’s administration prefers a different approach to cybersecurity. If anyone’s pushing an agenda here, it’s the people that are doing away from the people that are trying to find the facts. You already had companies like meta come out and say, oh, well, we’re not going to do fact checking anymore.

00:53:09:27 – 00:53:31:27
Joseph
Ironically, that happened shortly after Zuckerberg met with Trump. So apparently Trump had enough of a threat to Zuckerberg that he didn’t want fact checking. Now, why wouldn’t you want fact checking? Why wouldn’t you want an advisory board that’s out there protecting us from foreign attackers? What’s the motivation for that?

00:53:31:29 – 00:54:09:05
Joseph
It’s important to note that the members of the board were unpaid, which raises questions about the justification for dissolving. The board. Wasn’t crossing the taxpayers any anything, and it was providing an incredibly valuable service. Many tech leaders, including Google’s former security lead Heather Adkins, have warned about political interference in cybersecurity policy. There was a tweet from cybersecurity expert Jake Williams, who said, quote, dismissing cybersecurity experts from critical advisory roles.

00:54:09:08 – 00:54:17:27
Joseph
Right. As China ramps up, cyber ops is like firing your lifeguards during a hurricane.

00:54:18:00 – 00:54:48:26
Joseph
Companies may lose confidence in government cybersecurity collaboration. I can’t imagine that happening, which might lead to more fragmented and decentralized cybersecurity industry. You know, we spent Lord knows how many episodes of this podcast talking about standards and frameworks and the right way to do things and best practices. And the federal government walks in and they want to throw the whole thing out the door under Trump.

00:54:48:28 – 00:55:20:08
Joseph
Some businesses may seek alliances with international cybersecurity firms rather than relying on domestic federal oversight. What kind of impact is that going to be on national security? It’s just it boggles the mind. It really does. Is cybersecurity becoming a Partizan issue? Trump’s campaign and platform have emphasized removing bureaucratic oversight, arguing that cybersecurity should be handled by the private sector.

00:55:20:11 – 00:55:50:06
Joseph
Well, the problem with that is the private sector is for profit. And when you’re for profit, you’re not for the people who you know. I mean, this is Trump talking. Trump is a, you know, industry tycoon. He’s a real estate guy. He’s a private citizen basically with an empire. And he thinks people like him should have the power and that’s just not the way this country was designed.

00:55:50:09 – 00:56:12:11
Joseph
Some experts warn that cyber security is becoming partizan rather than a national security priority. You can’t tell me. On one hand, you’re worried about national. You want to ban TikTok. Trump wants to ban TikTok. He he wanted to ban TikTok back in 2000 2020 and he wanted to ban for national security. Well, now he doesn’t want to. Why is that?

00:56:12:12 – 00:56:47:15
Joseph
What’s changed? Is he. Is he pandering to some some group of, you know, TikTokers? Is he trying to cozy up again to China? That’s what it looks like to me. Is there a silver lining here? With this push the private sector to innovate more in cybersecurity. The removal of federal oversight may accelerate private sector investment. It might, but again, it’s not going to be for the betterment of society.

00:56:47:15 – 00:57:17:07
Joseph
It’s going to be for the profit of the company. Cybersecurity startups could benefit from increased demand for independent security audits and AI driven security solutions. Makes me wonder at that point in time, you know, follow the money mentality that Trump invest in some cybersecurity companies he plans on cashing out on after they get all these contracts. You know, large corporations may lobby for replacement advisory board.

00:57:17:10 – 00:57:49:00
Joseph
I wonder who would be on that. I’m guessing probably someone associated with Tesla and Elon Musk, probably someone associated with Facebook and probably somebody associated with OpenAI. All people who seem to be cozying up to Trump right now. Gee, I wonder if that’s going to happen. So how do other nations handle cyber threats? Because we’re we’re kind of ignoring them at this point in time and in this administration.

00:57:49:03 – 00:58:30:03
Joseph
Well, the European Union Agency for Cyber Security is an example of a stable, and I can’t emphasize stable enough long term cyber security body with cross-industry and government collaboration on the UK’s National Cyber Security Center takes a hybrid approach, partnering with major enterprises while maintaining a strong advisory role. So now that the U.S. has eliminated its primary Cyber Security Advisory Board, it puts a greater risk compared on us compared to the global powers in general.

00:58:30:05 – 00:58:56:00
Joseph
Why would we do that? That is a burning question that really needs to be answered. Global corporations operating in the US may shift security operations to regions with stronger cybersecurity oversight. You know, one of the things that we at my company have a requirement to do is to not offshore our data for security reasons. It has to be handled domestically.

00:58:56:03 – 00:59:28:20
Joseph
Well, under these conditions here, domestic servers may not be the safest. We may need to offshore it to somewhere in Europe that actually has an advisory board that actually takes cybersecurity seriously and isn’t undermining cyber security for the sake of Partizan politics. That’s pretty messed up that we would have to offshore our stuff to somewhere else, because the US isn’t secure anymore because of policies that our government has chosen to follow.

00:59:28:23 – 01:00:05:21
Joseph
So what’s next for cyber security? With the elimination of the Cyber Security Advisory Board? It raises serious questions about national security, enterprise risk in cyber security policy in general with the administration. While the administration justifies the move as eliminating, quote, eliminating bureaucratic bureaucratic waste after they create a new government agency headed by two people, which doesn’t seem very efficient at all.

01:00:05:21 – 01:00:35:04
Joseph
But okay. Cybersecurity experts warn that this could weaken America’s defense against cyber threats, particularly from China. So all right, big picture stuff. What is the potential silver lining here? And this is me really digging deep to try to come up with something positive. So there’s private sector innovation that may accelerate leading to a boom in AI driven threat detection.

01:00:35:06 – 01:01:04:01
Joseph
But since we’re not regulating AI anymore, that boom and I could turn around and really bite us and be the end of human civilization. So silver lining, enterprises may take a more proactive role in cybersecurity, leading to a more market driven approach rather than government regulation. I, for one can tell you that’s not going to happen, because the last five years or so that I’ve been dealing with, cmmc.

01:01:04:01 – 01:01:27:11
Joseph
For my company, the only thing that we’ve seen in the, in the industry that has motivated anybody to do anything about cybersecurity has been pressure from the federal government. You take that pressure away. Nobody’s going to want to go through the expense of dealing with cybersecurity until they get better. And then it’s too late. So that’s wishful thinking.

01:01:27:13 – 01:02:02:11
Joseph
Cybersecurity startups may benefit from an increased demand for independent security solutions. Well, kudos to them. But when you’re not pushing it at the top, you can’t expect it to trickle down anywhere. The real test will be how the US responds to the next major attack. Without the board’s expert analysis and government private coordination. The response could be delayed, uncoordinated and more costly for enterprises and national security alike.

01:02:02:13 – 01:02:28:04
Joseph
So yeah, I mean, this is the first not even a first full week of him in office right now. And we’re in a lot of trouble. There’s really no way to sugarcoat that. And this appears to be the tip of the iceberg. And I expect things to get much worse before they get better. And I hate to be a Debbie Downer, but that’s just the reality of things.

01:02:28:06 – 01:02:56:04
Joseph
The country voted for him for office, and now we’re getting what we voted for. I didn’t vote for officially, but we’re getting it as a collective country now. So, hey, thanks to all those people out there who voted for him. And don’t come complaining when you your bank gets hacked or your credit card gets hacked or your telephone company gets hacked, or you don’t have power because of an attack.

01:02:56:06 – 01:03:23:04
Joseph
That’s what you voted for. Congratulations. Okay, political rant is over. I think it’s time to wrap things up before I get any more hate mail, which I’m sure I’m going to get. Before we do go, I want to take, another moment to invite our listening and viewing audience. Do subscribe to the podcast. You can find all of our, episodes.

01:03:23:06 – 01:03:46:22
Joseph
I’m going to say articles, but there are episodes. You can find all of our episodes listed as insights into things. We are on Apple, Spotify, Google, iHeartRadio, TuneIn. Anywhere you get a podcast. I would also invite you to give us your feedback, tell us how we’re doing. Tell us how much you dislike my political rants, or that you support my political rants.

01:03:46:24 – 01:04:26:09
Joseph
You can email us at. Comments and insights and the things that come. You can call us and leave a voicemail for us at (856) 403-8788. That’s (856) 403-8788. You can find high res versions of our videos on YouTube at youtube.com. Slash insights into things we do. Stream five days a week on Twitch. Twitch.tv slash insights into things. If you are an Amazon Prime subscriber, you do get a free Twitch Prime monthly subscription.

01:04:26:12 – 01:04:49:15
Joseph
We would appreciate it if you subscribed to us with that. That helps us keep the lights on here. We are on blue Sky now. You can find us, insights in the things that be sky dot social. We are also on LinkedIn. If you look us up as insights into Things Productions, LLC. Otherwise you can find links to all that and more on our website.

01:04:49:15 – 01:04:56:02
Joseph
And insights into things. Dot com. That’s it. Another one of the books.