Saturday, 11 July 2026
Rīga TV

World and Latvian news in one place

TechnologyPublished: 11 July 2026 at 04:36

CISA reveals it had to build incident playbook during the incident

The US cybersecurity agency CISA admitted it lacked a prepared response plan for a May incident, forcing staff to develop one while the breach unfolded.

Foto: TechCrunch

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that it did not have a pre-written response plan for handling a cybersecurity incident in May, after an investigative reporter informed the agency about exposed sensitive keys and credentials.

In a post-mortem report released Friday, CISA said its staff "had to spend time building [a playbook] during the early stages of the incident." The agency emphasized the importance of preparing playbooks for "all anticipated needs" to ensure organizations can respond promptly rather than scrambling to improvise.

Independent cybersecurity journalist Brian Krebs reported in May that a researcher from security firm GitGuardian had alerted him to a large set of exposed passwords stored in a publicly accessible GitHub repository uploaded by an employee of a CISA contractor. The researcher had tried to notify the contractor but received no response. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all exposed credentials.

CISA stated that no customer or mission data was exposed and thanked the researcher and reporter for their assistance. The agency acknowledged that its channels for security researchers to report potential incidents "were not well defined" and said it has since made changes to facilitate faster and easier reporting.

CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. The agency has also been affected by budget cuts, furloughs, and layoffs that have impacted about one-third of its workforce.

Comments

0/1500

Comments are automatically moderated. No hate, threats, personal data or spam.

Loading comments…

More in this category