RSA 2026 Back in the day (circa 2023) when cybercrime group Scattered Spider and its help-desk voice-phishing calls were a relatively new threat, the feds considered pulling the government’s top cyber-threat hunters and their private-sector counterparts into one room to share information, in real time, about this loosely knit extortion ring that was terrorizing enterprises.
“Scattered Spider was evolving so quickly, and there were private-sector partners who had such exquisite information and intelligence,” EY managing director Dave Scott said on an RSAC panel Monday morning. At the time, Scott led the FBI’s Cyber Operations Branch.
While the private-sector intelligence analysts were moving fast, “here we were, with the government, and waiting for legal process and then waiting for the approvals and everything else to share that information,” Scott remembered. “And I know it frustrated a lot of our industry partners. You know, we even proposed, back during Scattered Spider, to actually pull private sector, public sector together into one room and stand up a coordination cell where they’re sharing in real time.”
Proposed is the key word. This real-time collab did not happen. Fast forward a few years, and phone calls are the second most common method used by cybercriminals to gain initial access to their victims’ IT estate – as well as the top tactic used when breaking into cloud environments.
Scott made these comments during a panel discussion titled Inside the Hunt for China’s Typhoons: Disrupt, Deter, and Defend. It was originally billed as a “behind-the-scenes” look at the FBI, NSA, and private industry’s joint operations to disrupt the operations of Beijing’s Typhoon gangs and their attempts to target US critical infrastructure.
Then the federal government speakers all cancelled, and the panel became a four-person, all-private-sector discussion with an actual empty chair on the stage.
Attorney David Lashway, who co-chairs Sidley Austin’s global privacy and cybersecurity practice, said the empty chair should not be symbolically occupied/left-empty by the US government. “The administration has been very clear about its response to Volt and the other Typhoons and Chinese national aggression in cyberspace,” he said.
Still, the FBI and NSA weren’t on the stage as the panelists all touted the importance of public-private partnerships.
“So many of these challenges are blended,” said Wendi Whitmore, chief security intelligence officer at Palo Alto Networks.
Most of the Volt Typhoon sightings on utility owners and operators’ networks, and the Salt Typhoon intrusions into telecommunications networks happened on private-sector infrastructure. “All of us have a certain level of visibility into those environments,” Whitmore said.
“When we look at public-private partnerships, we have a role to play, to share information, to then make sure that decision-makers within the government can take decisive actions,” she added. “When you look at Volt and Salt Typhoon, it really required the victims stepping forward and sharing intelligence. It required the law firms and the incident response firms who were working those cases to share that information so that the decision-makers within the government can take separate actions.”
While Scott said he has “yet to see a perfect solution for the information sharing,” it becomes even more important in the era of AI. “As quickly as AI is progressing, it just becomes more and more critical for that information sharing to be real time,” he said.
This annual cybersecurity conference isn’t the only – or the most important – place where public-private partnerships are built and information sharing happens. Much of this happens behind closed doors and very likely on Signal threads. But still, when one of the world’s more significant infosec events has no US government speakers, it isn’t a good look. ®
Click Here For The Original Source.
