The U.S. federal cybersecurity agency CISA said it had no prepared response plan for how to handle a cybersecurity incident in May after an investigative reporter alerted the agency that a contractor had publicly exposed sensitive keys and credentials to access U.S. government systems.
CISA, the Homeland Security unit tasked with defending federal networks and helping to safeguard critical infrastructure, disclosed Friday in an autopsy that his staff “had to spend time building [a playbook] in the early stages of the event”. The agency said it’s important to prepare books for “all anticipated needs” to ensure organizations are ready to respond to a security incident rather than trying to improvise one in real time.
The agency did not say how long it delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment.
Freelance cybersecurity reporter Brian Krebs reported in May which a security researcher with cyber company GitGuardian alerted him to a series of exposed passwords stored in a publicly accessible GitHub repository that had been uploaded by an employee of a CISA contractor.
According to Krebs, the investigator attempted to notify the contractor but received no response. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all exposed credentials to prevent any potential future abuse.
CISA said no customer or shipment data was exposed in the incident and thanked the investigator and reporter for their assistance. The agency said the channels that allow security investigators to notify CISA of potential incidents were “not well defined” and that it was making changes to make it easier and easier for investigators to contact the agency.
CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. The agency has also been affected by cuts, layoffs and layoffs affecting approx. one third of its workforce since Trump took office.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
