Security Public-private partnerships vital in disrupting China's Typhoons, says RSA panel with no government speakers Washington content to be represented by actual empty chairs Jessica Lyons Mon 23 Mar 2026 // 21:56 UTC RSA 2026 Back in the day (circa 2023) when cybercrime group Scattered Spider and its help-desk voice-phishing calls were a relatively new threat, the feds considered pulling the government's top cyber-threat hunters and their private-sector counterparts into one room to share information, in real time, about this loosely knit extortion ring that was terrorizing enterprises. "Scattered Spider was evolving so quickly, and there were private-sector partners who had such exquisite information and intelligence," EY managing director Dave Scott said on an RSAC panel Monday morning. At the time, Scott led the FBI's Cyber Operations Branch. While the private-sector intelligence analysts were moving fast, "here we were, with the government, and waiting for legal process and then waiting for the approvals and everything else to share that information," Scott remembered. "And I know it frustrated a lot of our industry partners. You know, we even proposed, back during Scattered Spider , to actually pull private sector, public sector together into one room and stand up a coordination cell where they're sharing in real time." Proposed is the key word. This real-time collab did not happen. Fast forward a few years, and phone calls are the second most common method used by cybercriminals to gain initial access to their victims' IT estate – as well as the top tactic used when breaking into cloud environments. Scott made these comments during a panel discussion titled Inside the Hunt for China's Typhoons: Disrupt, Deter, and Defend . It was originally billed as a "behind-the-scenes" look at the FBI, NSA, and private industry's joint operations to disrupt the operations of Beijing's Typhoon gangs and their attempts to target US critical infrastructure. Then the federal government speakers all cancelled , and the panel became a four-person, all-private-sector discussion with an actual empty chair on the stage. Attorney David Lashway, who co-chairs Sidley Austin's global privacy and cybersecurity practice, said the empty chair should not be symbolically occupied/left-empty by the US government. "The administration has been very clear about its response to Volt and the other Typhoons and Chinese national aggression in cyberspace," he said. Still, the FBI and NSA weren't on the stage as the panelists all touted the importance of public-private partnerships. FBI cyber cop: Salt Typhoon pwned 'nearly every American' This is the FBI, open up. China's Volt Typhoon is on your network Feds totally skipping infosec industry's biggest conference this year Smooth criminals talking their way into cloud environments, Google says "So many of these challenges are blended," said Wendi Whitmore, chief security intelligence officer at Palo Alto Networks. Most of the Volt Typhoon sightings on utility owners and operators' networks, and the Salt Typhoon intrusions into telecommunications networks happened on private-sector infrastructure. "All of us have a certain level of visibility into those environments," Whitmore said. "When we look at public-private partnerships, we have a role to play, to share information, to then make sure that decision-makers within the government can take decisive actions," she added. "When you look at Volt and Salt Typhoon, it really required the victims stepping forward and sharing intelligence. It required the law firms and the incident response firms who were working those cases to share that information so that the decision-makers within the government can take separate actions." While Scott said he has "yet to see a perfect solution for the information sharing," it becomes even more important in the era of AI. "As quickly as AI is progressing, it just becomes more and more critical for that information sharing to be real time," he said. This annual cybersecurity conference isn't the only – or the most important – place where public-private partnerships are built and information sharing happens. Much of this happens behind closed doors and very likely on Signal threads. But still, when one of the world’s more significant infosec events has no US government speakers, it isn't a good look. ® Share More about China Cybercrime RSA Conference More like these × More about China Cybercrime RSA Conference Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI China Mobile China telecom China Unicom CISO Common Vulnerability Scoring System Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Cyberspace Administration of China Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Great Firewall Hacker Hacking Hacktivism Hong Kong Identity Theft Incident response Information Technology and the People's Republic of China Infosec Infrastructure Security JD.com Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil Semiconductor Manufacturing International Corporation Shenzhen Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Uyghur Muslims Vulnerability Wannacry Zero trust Broader topics APAC Cybersecurity RSA Security More about Share POST A COMMENT More about China Cybercrime RSA Conference More like these × More about China Cybercrime RSA Conference Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI China Mobile China telecom China Unicom CISO Common Vulnerability Scoring System Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Cyberspace Administration of China Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Great Firewall Hacker Hacking Hacktivism Hong Kong Identity Theft Incident response Information Technology and the People's Republic of China Infosec Infrastructure Security JD.com Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil Semiconductor Manufacturing International Corporation Shenzhen Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Uyghur Muslims Vulnerability Wannacry Zero trust Broader topics APAC Cybersecurity RSA Security TIP US OFF Send us news