Full Report
Washington content to be represented by actual empty chairs RSA 2026 Back in the day (circa 2023) when cybercrime group Scattered Spider and its help-desk voice-phishing calls were a relatively new threat, the feds considered pulling the government's top cyber-threat hunters and their private-sector counterparts into one room to share information, in real time, about this loosely knit extortion ring that was terrorizing enterprises.…
Analysis Summary
# Industry News: Public-Private Friction Peaks at RSA 2026
## Summary
The 2026 RSA Conference has highlighted a growing rift in national cybersecurity efforts, characterized by the conspicuous absence of U.S. government representatives from key panels on Chinese state-sponsored threats (the "Typhoon" groups). Despite the critical need for real-time intelligence sharing to combat sophisticated actors like Volt and Salt Typhoon, private sector leaders are sounding the alarm that bureaucratic hurdles and administrative shifts are hampering collective defense.
## Key Details
- **Date:** March 23, 2026
- **Companies Involved:** Palo Alto Networks, EY (Ernst & Young), Sidley Austin
- **Category:** Industry Analysis / Public-Private Partnership
## The Story
The "Inside the Hunt for China's Typhoons" panel at RSA 2026, originally intended to be a joint briefing between the FBI, NSA, and private industry, was starkly marked by an empty chair. Government speakers were pulled following a change in administration, leaving private sector experts—including Wendi Whitmore (Palo Alto Networks) and Dave Scott (EY)—to discuss the "Typhoon" threats alone.
The discussion revisited the 2023 "Scattered Spider" era, noting that while the FBI originally proposed "real-time coordination cells" with the private sector, these initiatives never fully materialized due to legal and bureaucratic friction. Today, with Chinese state actors embedded in critical infrastructure and telecommunications, the private sector remains the primary holder of threat intelligence, yet they lack a streamlined mechanism to funnel that data into government actions.
## Business Impact
### For the Companies Involved
- **Palo Alto Networks & EY:** These firms are positioning themselves as the "de facto" intelligence leaders when the government is absent. By advocating for better sharing, they are cementing their roles as essential intermediaries between victims and federal agencies.
### For Competitors
- **Consultancies and Incident Response (IR) Firms:** There is a growing market for firms that can navigate the "legal process" and approvals required to interface with the feds. Firms that can offer "Signal-thread-level" informal networks may see higher demand than those relying purely on official channels.
### For Customers
- **Critical Infrastructure Providers:** These organizations face increased risk. Without real-time federal support and declassified intelligence, the burden of national defense is shifting toward private utilities and telcos, increasing their operational security costs.
### For the Market
- **The "Efficiency Gap":** There is a clear market demand for automated, real-time threat intelligence platforms that can bypass human-led legal delays.
## Technical Implications
- **Visibility Disparity:** Most adversarial activity occurs on private-sector infrastructure (telcos and clouds). Government agencies (FBI/NSA) are increasingly reliant on private-sector EDR (Endpoint Detection and Response) and cloud logs to identify state-sponsored persistence.
- **AI Acceleration:** AI is accelerating the "initial access" phase of attacks, making traditional federal "legal processes" for information sharing effectively obsolete for active mitigation.
## Strategic Analysis
- **Market Positioning:** Private sector firms are moving from "service providers" to "strategic national security partners," whether the government is ready or not.
- **Competitive Advantage:** Firms with high-level ex-government leadership (like EY) hold a strategic advantage in navigating the current communication vacuum.
- **Challenges:** The primary obstacle remains the "Empty Chair"—the lack of a consistent, agile, and legally shielded framework for public-private collaboration.
## Industry Reactions
- **Private Sector Criticism:** Experts are frustrated that the "joint operations" touted by previous administrations are stalling at a time when threats like Salt Typhoon are most active.
- **Skepticism:** Analysts suggest that while public panels are empty, the "real" work has moved to encrypted backchannels (e.g., Signal), which lacks transparency and systematic scalability.
## Future Outlook
- **Predictions:** Expect a push for "Direct-to-Gov" automated intelligence sharing APIs to remove the human/legal bottleneck.
- **What to Watch For:** Watch for whether the current administration formalizes the "Coordination Cells" proposed in 2023 or if they continue to pull back from public industry engagement.
## For Security Professionals
- **Actionable Insight:** Do not rely on federal alerts for early-stage detection of "Typhoon" actors. Your visibility will likely come from peer sharing and private threat intel feeds before it reaches federal channels.
- **Strategy:** Prioritize building informal intelligence-sharing networks within your specific sector (e.g., ISACs) to compensate for the current public-private friction.