The US cybersecurity agency had to create its own incident playbook during the incident, the agency revealed


The US federal cybersecurity agency CISA said it had no response plan in place for how to handle a cybersecurity incident in May, after an investigative journalist notified the agency that a contractor had publicly disclosed sensitive keys and credentials to access US government systems.

CISA, the homeland security unit tasked with defending federal networks and helping protect critical infrastructure, made the disclosure on Friday In the post-mortem report Its staff “had to spend some time building a ‘playbook’ during the early stages of the incident.” The agency said it is important to prepare a playbook for “all anticipated needs” to ensure organizations are prepared to respond in the event of a security incident rather than scrambling to improvise one in real time.

The agency did not say how long the missing playbook delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment.

Freelance cybersecurity journalist Brian Krebs Reported in May That security researcher with Cyber ​​company GitGuardian He was alerted to a large set of exposed passwords stored in a publicly accessible GitHub repository, which had been uploaded by a CISA contractor employee.

According to Krebs, the researcher tried to alert the contractor but received no response. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all exposed credentials to prevent any potential future misuse.

CISA said no client or mission data was exposed in the incident, and thanked the researcher and reporter for their assistance. The agency said that its channels for allowing security researchers to notify CISA of potential incidents were “not well-defined,” and that it had made changes to make it easier and faster for researchers to contact the agency.

CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. The agency has also been affected by cuts, furloughs and layoffs affecting about A third of its workforce Since Trump took office.

When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.

Leave a Reply

Your email address will not be published. Required fields are marked *