U.S. federal cybersecurity agency CISA said it didn’t have a prepared response plan for a way it should handle a cybersecurity incident in May, after an investigative reporter notified the agency that a contractor had publicly exposed sensitive keys and credentials for accessing U.S. government systems.
CISA, the Homeland Security unit tasked with defending federal networks and helping to safeguard critical infrastructure, revealed Friday in a postmortem report that its staff “needed to spend time constructing [a playbook] throughout the early stages of the incident.” The agency said it will be important to organize playbooks for “all anticipated needs” to be sure that organizations are able to respond within the event of a security incident relatively than scrambling to improvise one in real time.
The agency didn’t say how long the missing playbook delayed CISA’s response, and a spokesperson didn’t immediately reply to TechCrunch’s request for comment.
Independent cybersecurity journalist Brian Krebs reported in May that a security researcher with cyber firm GitGuardian alerted him to reams of exposed passwords stored in a publicly accessible GitHub repository, which an worker of a CISA contractor had uploaded.
Based on Krebs, the researcher tried to alert the contractor but didn’t hear back. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace the entire exposed credentials to forestall any potential future abuse.
CISA said that no customer or mission data was exposed within the incident and thanked the researcher and reporter for his or her help. The agency said that its channels for allowing security researchers to notify CISA of potential incidents “weren’t well defined,” and that it has made changes to make it easier and faster for researchers to contact the agency.
CISA has been and not using a everlasting director for the reason that start of President Donald Trump’s second term in January 2025. The agency has also been affected by cuts, furloughs, and layoffs affecting about a 3rd of its workforce since Trump took office.
Whenever you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

