CISA, FBI and NSA Skipped RSA Conference 2026 as Cybersecurity World Gathered

CISA, the FBI and the NSA were absent from RSA Conference 2026 as the cybersecurity industry's flagship gathering opened in San Francisco, a withdrawal that industry observers said signals a troubling retreat from the kind of operational coordination the federal government has long championed.

The three agencies, historically among the most visible federal participants at the annual conference, did not appear on the 2026 program roster. Security Boulevard first reported the non-participation, and eSecurity Planet confirmed the account in late January, nearly two months before the conference opened.

What made the absence particularly pointed was not a matter of protocol. Federal agency sessions at RSAC have never been about product pitches or vendor showcases. As eSecurity Planet noted in its January 28 report, "the absence of these sessions is notable given their focus on operational coordination rather than vendor promotion or product messaging." For working security professionals, those sessions historically served a direct, practical function: understanding how federal investigators approach cyber incidents and how private organizations can align their own preparedness and response with federal frameworks.

None of the three agencies issued public statements explaining the decision before the conference opened. Federally, the decision carries no legal weight either way. "From a policy perspective, federal agencies are under no obligation to attend or participate in private-sector conferences," eSecurity Planet reported. "Decisions regarding conference participation fall within agency discretion and can be influenced by resource constraints, policy considerations, or strategic priorities."

That framing is technically accurate but leaves a wide gap. Resource constraints, policy shifts and strategic reprioritization each carry very different implications for the broader relationship between the federal government and the private sector on cybersecurity. Budget-driven absence is a logistical inconvenience. A deliberate policy decision to reduce engagement with private industry at a moment when ransomware groups are targeting critical infrastructure at scale is a different matter entirely.

The timing compounds those concerns. The 2026 threat landscape has kept security teams stretched thin. Recent coverage from the same period documented ransomware operators pivoting to identity infrastructure, targeting Active Directory systems before encrypting data, and phishing campaigns exploiting AI-generated email summaries to harvest credentials. These are precisely the categories where federal law enforcement and intelligence agencies have investigative visibility that private-sector defenders lack.

RSA Conference organizers did not issue a public statement addressing the absences before the event opened. Whether sessions previously led or co-led by federal participants were canceled, reassigned to other speakers, or quietly removed from the program was not immediately clear.

The longer-term significance may be institutional. For more than a decade, federal presence at RSAC has served as a visible marker of the government's commitment to working alongside private industry on shared threats. CISA in particular has built its identity around that collaborative model since its creation in 2018. An absence from the industry's largest annual gathering, however it is ultimately explained, disrupts a signal that the sector has come to rely on.

Neither CISA, the FBI nor the NSA responded to requests for comment before publication.