The U.S. federal cybersecurity agency CISA acknowledged that it lacked a pre-established response plan for a cybersecurity incident reported in May. This came after an investigative journalist informed the agency that a contractor had inadvertently exposed sensitive keys and credentials, granting access to U.S. government systems.
CISA, a Homeland Security unit responsible for protecting federal networks and critical infrastructure, disclosed in a postmortem report released Friday that its team had to create a response plan during the initial stages of the incident. The agency emphasized the necessity of having ready-made playbooks for all potential scenarios to ensure preparedness for security incidents, avoiding the need to create one on the spot.
CISA did not specify how much the absence of a playbook delayed its response. A spokesperson was unavailable for immediate comment to JS.
In May, independent cybersecurity journalist Brian Krebs reported that a security researcher from the cyber firm GitGuardian alerted him to numerous exposed passwords in a publicly accessible GitHub repository. These credentials were uploaded by an employee of a CISA contractor.
Krebs noted that the researcher attempted to warn the contractor but received no response. It was only after Krebs reached out to CISA that the agency removed the repository and replaced all exposed credentials to prevent potential misuse.
CISA confirmed that no customer or mission data was compromised and expressed gratitude to both the researcher and the journalist for their assistance. The agency acknowledged that its methods for allowing security researchers to report potential incidents were unclear and has since improved the process to facilitate easier and quicker communication with researchers.
Since the beginning of President Donald Trump’s second term in January 2025, CISA has been without a permanent director. Additionally, the agency has faced cuts, furloughs, and layoffs affecting about a third of its workforce since Trump assumed office.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

