This week, the RSAC Conference in San Francisco attracted over 40,000 attendees, yet a conspicuous absence was felt among those present: there were no representatives from the U.S. government. The prominent cybersecurity event, which gathers industry professionals from around the globe, was marked by the withdrawal of key speakers from agencies like CISA (Cybersecurity and Infrastructure Security Agency) and the FBI. Their exit occurred shortly after the announcement of Jen Easterly, the former CISA Director, as the new CEO of RSAC. This change seemed to raise eyebrows and led to speculation about the implications for U.S. cybersecurity efforts.
Historically, U.S. governmental involvement has been deemed crucial in various facets of cybersecurity, particularly concerning the Common Vulnerabilities and Exposures (CVE) program. This significant initiative, managed by the nonprofit Mitre Corporation under CISA’s authority, serves as a foundational element in the global cybersecurity landscape, enabling security teams worldwide to track vulnerabilities systematically. Experts have expressed concerns that any shortcomings in the CVE program could hinder cyber defenders’ understanding of the threat landscape. For instance, effective patch management relies heavily on timely information from the CVE system, which helps determine the urgency of addressing specific vulnerabilities.
The noticeable absence of federal security professionals at RSAC sparked discussions among attendees and raised questions about the symbolic message this might send regarding the U.S. government’s future commitment to cybersecurity under the Trump administration. These uncertainties lingered during the conference, emphasizing the potential implications for international collaboration in this crucial domain.
In the wake of U.S. officials not participating in the conference, European cybersecurity leaders stepped forward to fill the void and address pressing issues surrounding AI regulation, cybersecurity standards, and geopolitical tensions, particularly the ongoing war in Iran. Dr. Richard Horne, the Chief Executive of the U.K. National Cyber Security Centre, underscored the necessity for enhanced security measures in AI-generated coding, illustrating how evolving technologies require proactive regulatory responses.
Furthermore, discussions among European Union officials highlighted the significance of the forthcoming Cybersecurity Resilience Act, which aims to bolster defenses within the technology supply chain. In a time marked by strained relations between the U.S. and Europe, European leaders extended a call for collaboration with private sector entities to effectively address the multitude of global cybersecurity challenges that prevail.
At the conference, participants also expressed concerns regarding the viability of the CVE Program itself. Katie Noble, a board member of the CVE Program, articulated urgent worries about the program facing critical challenges that threaten its sustainability. Outdated tools, over-reliance on federal funding, and a surge in AI-generated vulnerability reports are all factors straining the program’s capacity and quality control. A near-funding lapse in 2025 underscored the program’s vulnerabilities, prompting discussions focused on diversifying funding sources and reducing dependency on U.S. oversight to foster a more resilient CVE ecosystem.
As the conference unfolded, congressional staffers from both political divides voiced significant concerns over the Trump administration’s cybersecurity strategy. Questions arose regarding the lack of clarity surrounding agency responsibilities and policy objectives. While Democrats labeled the strategy as vague, Republicans anticipated potential executive directives aimed at expanding its scope. The alarming situation in Iran has amplified cybersecurity risks, particularly for critical infrastructure, which has prompted lawmakers to scrutinize CISA’s preparedness, especially amidst recent staffing cuts.
In response, Democrats proposed legislation geared towards evaluating CISA’s capabilities and reforming its Joint Cyber Defense Collaborative. Their focus is on ensuring more robust and trusted information sharing, while also addressing the pressing need to stabilize and modernize the CVE program in light of funding issues and the challenges brought on by AI-driven vulnerability reporting.
As cyber threats continue to evolve, the developments and discussions from the RSAC Conference indicate a crucial turning point in cybersecurity strategy—both for the U.S. government and its international partners. The absence of U.S. leaders not only raises questions about domestic policy direction but also highlights the urgency for collaboration among nations, especially as emerging technologies create new vulnerabilities that demand a unified response.
In conclusion, as the cybersecurity landscape becomes increasingly complex, the need for effective cooperation and robust strategies has never been more pronounced. The events at RSAC serve as a reminder of the interconnected nature of global cybersecurity efforts and the importance of comprehensive involvement from all stakeholders, reinforcing a crucial dialogue that must continue beyond the conference walls.