Industry experts at RSAC 2026 emphasize the critical need for public-private partnerships to combat sophisticated Chinese cyber threats, despite federal agencies' absence from key discussions.
The cybersecurity community gathered at RSAC 2026 to discuss the growing threat from China's Typhoon hacking groups, but the absence of federal government speakers highlighted ongoing challenges in public-private collaboration. Industry leaders emphasized that coordinated action between private companies and government agencies is essential to counter sophisticated threats like Volt Typhoon and Salt Typhoon.
The Scattered Spider Lesson
During a Monday morning panel titled "Inside the Hunt for China's Typhoons: Disrupt, Deter, and Defend," former FBI Cyber Operations Branch leader Dave Scott reflected on a missed opportunity from 2023. When cybercrime group Scattered Spider was rapidly evolving its voice-phishing tactics, Scott and his team considered creating a real-time coordination cell bringing together government threat hunters and private-sector intelligence analysts.
"Scattered Spider was evolving so quickly, and there were private-sector partners who had such exquisite information and intelligence," Scott explained. The proposal aimed to overcome bureaucratic hurdles that slowed information sharing between agencies and industry partners.
However, the coordination cell never materialized. "Here we were, with the government, and waiting for legal process and then waiting for the approvals and everything else to share that information," Scott recalled. "I know it frustrated a lot of our industry partners."
The Current Threat Landscape
Fast forward to today, and phone-based social engineering has become even more prevalent. These attacks now represent the second most common method for initial network access and the primary tactic for breaching cloud environments.
The panel, which was originally intended to feature FBI and NSA representatives sharing "behind-the-scenes" insights into operations against Beijing's Typhoon gangs, instead featured four private-sector speakers with an empty chair symbolically representing absent federal agencies.
Why Public-Private Partnerships Matter
Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, emphasized that most Typhoon-related intrusions occur on private-sector infrastructure. "All of us have a certain level of visibility into those environments," she noted. "When we look at public-private partnerships, we have a role to play, to share information, to then make sure that decision-makers within the government can take decisive actions."
Attorney David Lashway, co-chair of Sidley Austin's global privacy and cybersecurity practice, acknowledged the administration's stated response to Chinese cyber aggression but emphasized that the empty chair should not remain unoccupied. "The administration has been very clear about its response to Volt and the other Typhoons and Chinese national aggression in cyberspace," he said.
The AI Factor
Scott highlighted that artificial intelligence is accelerating the threat landscape, making real-time information sharing even more critical. "As quickly as AI is progressing, it just becomes more and more critical for that information sharing to be real time," he warned.
Behind Closed Doors
The absence of government speakers at this high-profile conference doesn't mean collaboration isn't happening. Much of the public-private partnership work occurs through informal channels, including secure messaging platforms like Signal. However, the visible absence at a major industry event sends a concerning message about the state of federal engagement.
The Path Forward
Despite the challenges, panelists agreed that successful disruption of Typhoon operations has relied heavily on private-sector victims stepping forward to share intelligence, with law firms and incident response teams facilitating information flow to government decision-makers.
The cybersecurity community continues to advocate for streamlined processes that enable faster, more effective collaboration between industry and government agencies. As threats become more sophisticated and AI-driven, the need for coordinated responses becomes increasingly urgent.
For more information about China's cyber operations and the Typhoon threat groups, visit the FBI's official cybersecurity resources or the NSA's cybersecurity guidance.
Comments
Please log in or register to join the discussion