RSAC talked AI while Iran talked targets. (Source: The CyberWire Daily Podcast)

On The CyberWire Daily Podcast, I joined Dave Bittner to break down a dissonance that’s been bothering me since RSAC 2026: the US is 30 days into a war with Iran, Iranian APT groups Cyber Av3ngers and Handala are publicly threatening US water infrastructure, and the conference barely mentioned it. I traced the gap between the industry’s appetite for exquisite new capabilities and its neglect of the basics, specifically the under-resourced critical infrastructure that Iranian threat actors have already proven they can hit, from the Aliquippa, PA water authority to the recent Stryker manufacturing breach.

I laid out the compounding problem: CISA has lost 30 percent of its total staff, with 60 percent of remaining personnel suspended or furloughed and another thousand vacancies unfilled. With the federal coordinating authority running on critical functions only, the burden shifts to the community. I called for political pressure to fund CISA, pro bono cybersecurity service modeled on the CLTC’s cyber clinics program, and MSSP organizations donating capacity to local water, energy, and grid operators. When an adversary tells you they’re going to target something, believe them.

Key topics

• Critical Infrastructure Gap: Iranian APTs have demonstrated capability and intent against US water and manufacturing systems, while defenders remain under-resourced at the local level.
• CISA Workforce Collapse: A 30 percent staff reduction, 60 percent furlough rate, and a thousand vacancies leave the nation’s cyber coordinating authority operating at minimum capacity during active conflict.
• Community Call to Action: Pro bono cybersecurity service, cyber clinic expansion, and MSSP community give-back as the near-term mechanism to harden soft targets the federal government cannot currently reach.