kras99 - stock.adobe.com
News brief: U.S. absence at RSAC sparks leadership concerns
Check out the latest security news from the Informa TechTarget team.
This week's RSAC Conference drew 40,000-plus attendees to San Francisco, but what many noticed was who wasn't there.
The annual conference, which pulls together cybersecurity professionals from across the globe, did not feature leaders from the U.S. government. Speakers from CISA, the FBI and other federal agencies dropped out of the conference about a week after RSAC named former CISA Director Jen Easterly its next chief executive.
U.S. leadership has long been considered essential in specific areas of cybersecurity, notably with the Common Vulnerabilities and Exposures (CVE) program. Run by the nonprofit Mitre Corp. under the authority of CISA, the CVE program plays a foundational role in cybersecurity. Security teams around the world rely on the systematic tracking of vulnerabilities. If that program is further strained, experts worry that cyberdefenders will know less about the threats they face. Effective patch management practices, for instance, rely on information from the CVE system, especially its assessments of which vulnerabilities require urgent action and which do not.
It did not go unnoticed that federal security professionals and leaders were missing at RSAC. It was discussed in conversations around the conference sites, leaving some people to wonder if the literal absence might be a symbolic cue about the role the U.S. intends to play in cybersecurity under the Trump administration.
U.S. sits this one out, and Europe steps in
With U.S. government officials notably absent from RSAC 2026, European cybersecurity leaders stepped in to address critical issues such as AI regulation, cybersecurity standards and the ongoing war in Iran.
U.K. National Cyber Security Centre Chief Executive Dr. Richard Horne emphasized the need for security in AI-generated vibe coding, while E.U. officials discussed the upcoming Cybersecurity Resilience Act and the importance of securing the technology supply chain. Despite strained U.S.-EU relations, European leaders called for collaboration with the private sector to tackle global cybersecurity challenges.
Conference speakers worried about viability of CVE Program
The CVE Program, a cornerstone of global cybersecurity, faces critical challenges that threaten its relevance and stability. In an RSAC panel, Katie Noble, a CVE Program board member, highlighted concerns about outdated tools, funding reliance from the U.S. government and the surge of AI-generated vulnerability reports, which strain the program's capacity and quality control.
A near-funding lapse in 2025 exposed vulnerabilities in the program's dependence on federal support, prompting discussions on diversifying funding and reducing reliance on U.S. oversight. Meanwhile, new international CVE systems have emerged, raising fears of fragmentation.
Congress pushes White House for clarity on cyber strategy
At RSAC 2026, congressional staffers from both parties expressed concerns about the Trump administration's cybersecurity strategy, particularly its lack of detailed agency responsibilities and policy objectives.
Democrats criticized the strategy as vague, while Republicans anticipated executive orders to expand its implementation. The ongoing war with Iran has heightened cybersecurity risks for critical infrastructure, with lawmakers questioning CISA's readiness amid staffing cuts. Democrats proposed legislation to assess CISA's capabilities and reform its Joint Cyber Defense Collaborative for more trusted information sharing. Additionally, they aim to stabilize and modernize the CVE program, addressing funding issues and adapting to AI-driven vulnerability reporting challenges.
Read the full article by Eric Geller on Cybersecurity Dive.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Phil Sweeney is an industry editor and writer focused on cybersecurity topics.
