HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

CISA built incident playbook during breach, agency admits

Created at 11 Jul · 1:27 AM1 source↑ Market-relevant
IN SHORT

The U.S. cybersecurity agency CISA revealed it had to create its incident response playbook during a breach in May, after a contractor exposed sensitive government credentials. The agency acknowledged the need for better preparation to avoid improvising during security incidents.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Who's Involved

CISA
U.S. federal cybersecurity agency
Brian Krebs
Independent cybersecurity journalist
Donald Trump
President of the United States
CISA built incident playbook during breach, agency admits

↳ Why This Matters

The revelation highlights potential vulnerabilities in the U.S. government's cybersecurity preparedness, particularly concerning the response to breaches involving sensitive credentials and the agency's ability to effectively manage such incidents in real-time.

Key facts

  • CISA, the federal cybersecurity agency, lacked a prepared incident response playbook in May.
  • Sensitive keys and credentials for accessing U.S. government systems were publicly exposed by a contractor's employee.
  • The agency had to develop its playbook during the initial phase of the incident.
  • No customer or mission data was compromised, according to CISA.
  • CISA has since updated its procedures for security researchers to report potential incidents.

The U.S. federal cybersecurity agency CISA revealed that it did not have a prepared response plan for handling a cybersecurity incident in May. The agency had to develop its incident playbook during the early stages of the breach, which occurred after a contractor's employee publicly exposed sensitive keys and credentials for accessing U.S. government systems on GitHub.

Independent cybersecurity journalist Brian Krebs reported that a security researcher alerted him to the exposed passwords. After Krebs contacted CISA, the agency took the repository offline and revoked the compromised credentials. CISA stated that no customer or mission data was exposed and thanked the researcher and reporter for their assistance. The agency also acknowledged that its channels for security researchers to report potential incidents were not well-defined and has since made changes to improve these processes.

CISA has been operating without a permanent director since January 2025 and has experienced workforce reductions affecting approximately one-third of its staff since President Donald Trump took office.

Frequently asked questions

Sensitive keys and credentials for accessing U.S. government systems were exposed.

An employee of a CISA contractor uploaded the exposed passwords to a publicly accessible GitHub repository.

CISA stated that no customer or mission data was exposed in the incident.

A security researcher with cyber firm GitGuardian alerted investigative reporter Brian Krebs, who then contacted CISA.

What Happens Next

01CISA will continue to refine its incident response playbooks for all anticipated needs.
02The agency will maintain improved channels for security researchers to report potential incidents.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

CISA did not have a prepared response plan for a cybersecurity incident in May.
A contractor's employee publicly exposed sensitive keys and credentials on GitHub.
An investigative reporter was notified by a security researcher about the exposed data.
CISA created its incident playbook during the early stages of the breach.
The agency took the repository offline and revoked exposed credentials.
CISA stated no customer or mission data was exposed.
The agency has since improved its channels for security researchers to report incidents.

Sources

T1
US cyber agency CISA had to build its incident playbook during the incident, agency revealsTechCrunch

Related Stories

Trump officials explored bypassing election agency before firings
11 Jul · 12:43 AM
Ransomware negotiator sentenced to 6 years for extorting clients
10 Jul · 7:47 PM
Florida ransomware negotiator sentenced to over five years for BlackCat conspiracy
10 Jul · 2:17 PM
Trump administration to require states to adopt election security measures to receive FEMA funds, DHS says
10 Jul · 9:18 PM
EPA's 'Make America Healthy Again' agenda remains elusive, frustrating activists
10 Jul · 11:15 AM