The US cybersecurity agency had to create its own incident playbook during the incident, the agency revealed

💥 Explore this trending post from TechCrunch 📖

📂 **Category**: Security,CISA,cybersecurity,us government

📌 **What You’ll Learn**:

The US federal cybersecurity agency CISA said it had no response plan in place for how to handle a cybersecurity incident in May, after an investigative journalist notified the agency that a contractor had publicly disclosed sensitive keys and credentials to access US government systems.

CISA, the homeland security unit tasked with defending federal networks and helping protect critical infrastructure, revealed Friday in a postmortem that its employees “had to spend time building… [a playbook] During the early stages of an incident.” The agency said it is important to prepare a playbook “for all anticipated needs” to ensure organizations are prepared to respond in the event of a security incident rather than scrambling to improvise one in real time.

The agency did not say how long the missing playbook delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment.

Independent cybersecurity journalist Brian Krebs reported in May that a security researcher at cyber firm GitGuardian alerted him to sets of exposed passwords stored in a publicly accessible GitHub repository, which had been uploaded by an employee of a CISA contractor.

According to Krebs, the researcher tried to alert the contractor but received no response. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all exposed credentials to prevent any potential future misuse.

CISA said no client or mission data was exposed in the incident, and thanked the researcher and reporter for their assistance. The agency said that its channels for allowing security researchers to notify CISA of potential incidents were “not well-defined,” and that it had made changes to make it easier and faster for researchers to contact the agency.

CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. The agency has also been affected by cuts, furloughs and layoffs that have affected about a third of its workforce since Trump took office.

When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.

💬 **What’s your take?**
Share your thoughts in the comments below!

#️⃣ **#cybersecurity #agency #create #incident #playbook #incident #agency #revealed**

🕒 **Posted on**: 1783732687

🌟 **Want more?** Click here for more info! 🌟

By

Leave a Reply

Your email address will not be published. Required fields are marked *