US cyber agency CISA lacked incident playbook, agency reveals
The U.S. federal cybersecurity agency CISA has admitted it did not have a prepared incident response plan in place in May, after an investigative reporter alerted the agency to exposed credentials.

The U.S. federal cybersecurity agency CISA revealed it lacked a prepared incident response plan in May, when an investigative reporter notified the agency about publicly exposed sensitive keys and credentials for accessing U.S. government systems. CISA staff "had to spend time building [a playbook] during the early stages of the incident," the agency stated in a post-mortem report, emphasizing the importance of having pre-prepared playbooks for "all anticipated needs."
The agency, a unit within the Department of Homeland Security tasked with defending federal networks and critical infrastructure, did not specify how the absence of a playbook delayed its response. A spokesperson did not immediately respond to requests for comment from TechCrunch.
The security lapse was first reported in May by cybersecurity journalist Brian Krebs. He detailed how a security researcher with cyber firm GitGuardian alerted him to numerous exposed passwords and access keys stored in a publicly accessible GitHub repository, uploaded by an employee of a CISA contractor.
According to Krebs, the researcher attempted to notify the contractor without success. Only after Krebs contacted CISA did the agency take down the repository and revoke or replace the exposed credentials to prevent potential abuse. CISA stated that no customer or mission data was compromised and thanked the researcher and reporter for their help. The agency acknowledged that its channels for security researchers to report potential incidents "were not well defined" and that changes have been made.