728 x 90

The US cyber agency CISA had to prepare its instruction manual during the incident, the agency reveals | TechCrunch

The US cyber agency CISA had to prepare its instruction manual during the incident, the agency reveals | TechCrunch

The US federal cybersecurity agency, CISA, said it did not have a prepared response plan for how it should handle a cybersecurity incident in May, after an investigative journalist notified the agency that a contractor had publicly exposed sensitive keys and credentials to access US government systems. CISA, the Homeland Security unit charged with defending

The US federal cybersecurity agency, CISA, said it did not have a prepared response plan for how it should handle a cybersecurity incident in May, after an investigative journalist notified the agency that a contractor had publicly exposed sensitive keys and credentials to access US government systems.

CISA, the Homeland Security unit charged with defending federal networks and helping safeguard critical infrastructure, revealed in a postmortem report Friday that its staff “had to spend time building [a playbook] during the early stages of the incident.” The agency said it is important to prepare guidance for “all anticipated needs” to ensure organizations are ready to respond in the event of a security incident rather than having to rush to improvise one in real time.

The agency did not say how long the missing manual delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment.

Freelance cybersecurity journalist Brian Krebs reported in May that a security researcher at cyber firm GitGuardian alerted him to a large number of exposed passwords stored in a publicly accessible GitHub repository, which had been uploaded by an employee of a CISA contractor.

According to Krebs, the investigator attempted to alert the contractor but received no response. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all exposed credentials to prevent potential future abuse.

CISA said no client or mission data was exposed in the incident and thanked the investigator and journalist for their help. The agency said its channels for allowing security researchers to notify CISA about potential incidents were “not well defined” and that it has made changes to make it easier and faster for researchers to communicate with the agency.

CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. The agency has also been hit by cuts, furloughs and layoffs affecting about a third of its workforce since Trump took office.

When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.

Keep following us for the latest insights.

Posts Carousel

Latest Posts

Top Authors

Most Commented

Featured Videos