The US Cybersecurity and Infrastructure Security Agency confirmed it won't attend the 2026 RSA Conference, continuing a trend of declining federal participation that began under the Trump administration, with measurable impacts on public-private collaboration.
The Cybersecurity and Infrastructure Security Agency (CISA) will skip the RSA Conference 2026, marking the second consecutive year of absence for America's top cyber-defense agency from the industry's largest gathering. This decision follows a measurable decline in federal participation since 2025, creating quantifiable gaps in the public-private collaboration historically central to RSA's mission.
CISA's former director Jen Easterly will attend RSA 2026 in her new role as RSAC CEO, despite her agency's absence.
Historical attendance metrics reveal a stark contrast: In 2024, CISA led initiatives like the Secure by Design pledge signed by 68 major technology providers during the conference. That year, federal agencies accounted for 12% of keynote speakers and hosted 23 technical sessions. By 2025, participation plummeted to near-zero following President Trump's public criticism of former CISA leadership. Last year's State of the Hack panel—historically drawing over 5,000 attendees—was abruptly canceled by the NSA, while CISA declined all press engagements.
Participation Benchmarks (RSA 2024 vs 2025 vs 2026)
| Metric | 2024 | 2025 | 2026 (Projected) |
|---|---|---|---|
| Federal Keynote Speakers | 5 | 1 (DHS only) | 0 |
| CISA-Led Sessions | 8 | 0 | 0 |
| Vendor-Govt Collaboration Announcements | 14 | 2 | ≤1 (est.) |
| Attendee Survey Satisfaction (Govt Track) | 4.2/5 | 3.1/5 | N/A |
CISA spokesperson Marci McCarthy framed the decision as fiscal responsibility: "We regularly review all stakeholder engagements to ensure maximum impact and good stewardship of taxpayer dollars." The announcement coincides with former CISA Director Jen Easterly's appointment as RSAC CEO—a move that reportedly triggered internal White House discussions about broader federal boycotts. Easterly's previous dismissal from a West Point position following criticism from Trump-aligned figures adds political context to the non-participation.
Ecosystem Impact Analysis
Policy Compatibility Gaps: Without CISA's presence, critical discussions about implementing the Secure Software Development Framework (SSDF) lose their primary government voice. Vendors seeking alignment with federal procurement requirements face higher friction.
Threat Intelligence Decay: The State of the Hack panel historically delivered unmatched data on nation-state threats. Its absence creates intelligence vacuums filled by unverified commercial reports.
Collaboration Power Draw: Public-private initiatives like 2024's Secure by Design required significant coordination bandwidth. Without federal convening power, similar efforts now operate at reduced efficiency—akin to underclocking a CPU.
Build Recommendations for Enterprises
- Diversify Engagement Channels: Prioritize direct CISA working groups (like the Joint Cyber Defense Collaborative) over conference-based networking.
- Compensate for Intelligence Gaps: Augment RSAC content with MITRE ATT&CK framework drills and NIST CSF workshops.
- Monitor Policy Shifts: Track CISA's Binding Operational Directives for real-time compliance requirements instead of waiting for conference briefings.
The absence represents more than a scheduling conflict—it quantifiably reduces the conference's signal-to-noise ratio for critical infrastructure operators. As RSA 2026 proceeds without its most influential government participant, the security community must recalibrate how it measures the event's value: not by speaker count, but by actionable outputs generated despite the void.
Comments
Please log in or register to join the discussion