Home Technology CISA, the U.S. cybersecurity agency, was forced to create an incident playbook...

CISA, the U.S. cybersecurity agency, was forced to create an incident playbook during the incident, the agency said.

CISA, the U.S. cybersecurity agency, was forced to create an incident playbook during the incident, the agency said.

CISA, the U.S. federal cybersecurity agency, said it had no prepared response plan for how to handle a cybersecurity incident after an investigative reporter notified the agency in May that a contractor had publicly exposed sensitive keys and credentials to access U.S. government systems.

CISA, the Department of Homeland Security’s agency tasked with defending federal networks and protecting critical infrastructure, said in an after-action report Friday that employees “had to spend time building (playbooks) in the early stages of the incident.” The agency said it is important for organizations to have a playbook for “all anticipated requirements” so they are ready to respond in the event of a security incident rather than having to improvise in real time.

The agency did not say how long the missing playbook delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment.

Independent cybersecurity journalist Brian Krebs reported that in May, security researchers at the cyber firm GitGuardian alerted him that passwords stored in a publicly accessible GitHub repository uploaded by an employee of a CISA contractor were exposed.

According to Krebs, researchers attempted to alert the contractor but did not hear a response. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all exposed credentials to prevent potential future abuse.

CISA said no customer or mission data was exposed in the incident and thanked researchers and reporters for their assistance. The agency said the channels through which security researchers could notify CISA of potential incidents were “not well defined,” and the changes were made to make it easier and faster for researchers to contact CISA.

CISA has not had a permanent director since President Donald Trump’s second term began in January 2025. CISA has also been impacted by cuts, furloughs and layoffs since Trump took office, affecting about a third of its workforce.

If you purchase through links in our articles, we may receive a small commission. This does not affect our editorial independence.

Exit mobile version