Public-private partnerships vital in disrupting China's Typhoons, says RSA panel with no government speakers
Foto: The Register
An empty chair on the stage of the RSAC 2026 conference became a poignant symbol of the stalemate in the fight against Chinese hacking groups such as Volt Typhoon and Salt Typhoon. Although the panel was intended to be a joint show of force by the FBI, NSA, and the private sector, federal government representatives canceled their participation, leaving experts from firms like Palo Alto Networks and Sidley Austin to discuss critical infrastructure security alone. This is a stark example of the bureaucratic inertia that has hindered real cooperation for years: while private analysts possess precise, real-time intelligence, government agencies remain bogged down in legal procedures and information-sharing approval processes. For users and businesses worldwide, this represents a tangible threat—voice-phishing attacks and breaches of Cloud environments remain the second most common method of gaining network access. Effective protection against Typhoon-style groups, which operate primarily on the infrastructure of private telecoms and energy providers, requires an immediate transition from theoretical declarations to operational coordination cells. Without removing barriers to data flow between the Public and Private sectors, state-sponsored hackers will always remain one step ahead of defenders, exploiting communication gaps between these two worlds. Effective digital defense today requires trust, which cannot be built at an empty negotiating table.
Evolution of Threats: From Scattered Spider to Chinese "Typhoons"
Analyzing the current situation requires looking back to around 2023, when the **Scattered Spider** group began terrorizing enterprises using sophisticated voice-phishing targeted at help-desk departments. Dave Scott, currently a managing director at **EY** and formerly the head of the FBI's cyber operations branch, recalled during a panel how frustrating it was back then to try and establish real cooperation. Private partners possessed "exquisite" intelligence and attack data, but the government machinery was stuck at a standstill.
“We were there, with the government, waiting for legal processes, approvals, and all the rest, just to be able to share that information,” Scott said. Even then, there were proposals to create a joint coordination cell where the public and private sectors would sit in one room, exchanging data in real-time. This initiative never came to fruition in its intended form, which Scott described as a critical failure. Today, in 2026, the effects of these delays are visible in the statistics: phone calls have become the second most common method for obtaining initial access to IT resources and the most popular tactic for breaching cloud environments.
The problem with groups like **Volt Typhoon**, however, is much more serious than that of classic cybercrime. Chinese operations are targeted at US critical infrastructure—from power plants to telecommunications networks. These are not attacks aimed at quick profit, but at long-term presence and the possibility of sabotage in the event of a geopolitical conflict. Experts at RSAC unanimously agreed that fighting such an adversary requires abandoning the siloed thinking that still dominates federal structures.
Read also
The Empty Chair as a Symbol of a Systemic Barrier
David Lashway, co-lead of the global privacy and cybersecurity practice at **Sidley Austin**, tried to tone down the mood, arguing that an empty chair should not be interpreted as a lack of interest from the administration. He reminded the audience that the US government has repeatedly and clearly stated its position on the aggression of **Volt Typhoon** and other Beijing-linked groups. Nevertheless, the physical absence of FBI and NSA officials on a panel that was originally intended to be a joint show of force spoke louder than official press releases.
Wendi Whitmore, Chief Security Intelligence Officer at **Palo Alto Networks**, pointed out a fundamental fact: the majority of infections detected as part of **Volt Typhoon** operations and **Salt Typhoon** breaches into telecommunications networks occurred on infrastructure belonging to the private sector. It is commercial companies that have direct visibility into these environments. “We all have a certain level of insight into these ecosystems,” Whitmore noted. Without the active participation of victims, law firms, and Incident Response teams, government decision-makers are blind.
Effective defense requires that threat information flows in both directions without unnecessary delay. Currently, the cooperation model relies on private companies providing data to the government, which then “takes action.” However, as the panelists noted, this process is too one-sided and slow. In an era where hackers use automated tools for vulnerability scanning and privilege escalation, waiting for “legal approvals” in Washington is equivalent to surrender.
Artificial Intelligence Forces a New Dynamic of Cooperation
Another factor making the lack of real public-private partnership a critical threat is the rapid development of **AI**. Dave Scott emphasized that the pace of progress in the field of artificial intelligence means that information exchange must happen in real-time to have any defensive value. Attackers are already using language models and automation to create more convincing phishing campaigns and to analyze code faster for zero-day vulnerabilities.
- Response Time: In the AI era, the time from detecting an anomaly to implementing a block must be measured in milliseconds, not days spent on consultations with federal agency legal counsels.
- Data Scale: The volume of generated logs and threat signals exceeds the analytical capabilities of individual entities, forcing the use of shared analytical platforms.
- Evolution of Tactics: Groups like **Salt Typhoon** can instantly modify their tools (RATs), making static signature databases useless without a constant stream of fresh intelligence from the battlefield.
Wendi Whitmore added that the challenges we face are "blended" in nature. The line between state espionage and criminal activity is blurring, and the infrastructure used for attacks often includes both cloud servers and local IoT devices in the private homes of citizens. In such an environment, no government agency, regardless of its budget and powers, is capable of acting alone.
Beyond the Limelight: Where Cyber Defense Really Happens
Although RSAC 2026 is the most important stage for the industry, panelists admitted that the most effective cooperation often takes place in the shadows, away from conference halls. Dave Scott noted that “real” partnerships are built behind closed doors, and the real exchange of critical information likely takes place on encrypted channels like **Signal**.
This leads to a bitter conclusion: official public-private cooperation channels are perceived as inefficient, forcing experts to seek alternative, informal communication routes. While effective in the short term, this does not solve the systemic problem. The government's absence at RSAC 2026 can be interpreted as an admission that traditional cooperation structures have eroded or are simply not fit to fight modern threats from China.
A situation where "Washington content" is represented by an empty chair is not just an organizational mishap. It is a manifestation of a crisis of trust and efficiency. If the government administration does not find a way to speed up procedures and truly open up to private partners, groups like **Volt Typhoon** will continue to operate inside critical telecommunications and energy networks, exploiting every second of delay generated by the state's bureaucratic apparatus.
The forecast for the industry is clear: the burden of defending critical infrastructure will increasingly rest on the shoulders of the private sector. Companies like **Palo Alto Networks** or **EY** are already serving as the front line, often possessing better insight into adversary actions than intelligence agencies. The empty chair at RSAC 2026 suggests that in the coming years, it will not be government command centers, but distributed networks of private analysts that will decide the outcome of the digital clash with Beijing. Washington, if it wants to remain a relevant player in this game, must stop being an absent partner and start acting at the pace dictated by technology, not by legal paragraphs.
