{"id":3490881,"date":"2026-07-11T01:01:28","date_gmt":"2026-07-11T01:01:28","guid":{"rendered":"https:\/\/techingeek.com\/index.php\/2026\/07\/11\/the-us-cybersecurity-agency-cisa-disclosed-that-it-had-to-create-its-incident-playbook-in-the-midst-of-the-event\/"},"modified":"2026-07-11T01:01:28","modified_gmt":"2026-07-11T01:01:28","slug":"the-us-cybersecurity-agency-cisa-disclosed-that-it-had-to-create-its-incident-playbook-in-the-midst-of-the-event","status":"publish","type":"post","link":"https:\/\/techingeek.com\/index.php\/2026\/07\/11\/the-us-cybersecurity-agency-cisa-disclosed-that-it-had-to-create-its-incident-playbook-in-the-midst-of-the-event\/","title":{"rendered":"The US cybersecurity agency CISA disclosed that it had to create its incident playbook in the midst of the event."},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/techingeek.com\/wp-content\/uploads\/2026\/07\/the-us-cybersecurity-agency-cisa-disclosed-that-it-had-to-create-its-incident-playbook-in-the-midst-of-the-event.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">The U.S. federal cybersecurity organization CISA stated that it lacked a pre-established response strategy for addressing a cybersecurity event in May, after an investigative journalist informed them that a contractor had inadvertently revealed sensitive keys and access credentials for U.S. government systems.<\/p>\n<p class=\"wp-block-paragraph\">CISA, the Homeland Security division responsible for protecting federal networks and assisting in the defense of critical infrastructure, disclosed on Friday in a post-incident report that its personnel \u201chad to allocate time to develop [a playbook] in the initial phases of the incident.\u201d The agency emphasized the necessity of creating playbooks for \u201call expected requirements\u201d to guarantee that organizations are prepared to react to a security breach instead of hurriedly crafting one in real-time.<\/p>\n<p class=\"wp-block-paragraph\">The agency did not specify the extent of the delay in CISA\u2019s response due to the absent playbook, and a spokesperson did not promptly reply to TechCrunch\u2019s inquiry for comments.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Independent cybersecurity reporter Brian Krebs mentioned in May that a security researcher from cyber firm GitGuardian alerted him to a multitude of exposed passwords located in a publicly available GitHub repository that had been uploaded by an employee of a CISA contractor.<\/p>\n<p class=\"wp-block-paragraph\">As per Krebs, the researcher attempted to inform the contractor but received no response. Only after Krebs reached out to CISA did the agency take down the repository and revoke and replace all the compromised credentials to avert any potential misuse in the future.<\/p>\n<p class=\"wp-block-paragraph\">CISA asserted that no customer or mission-related data was compromised in the incident and expressed gratitude to the researcher and journalist for their assistance. The agency admitted that its protocols for enabling security researchers to notify CISA of possible incidents \u201cwere not clearly defined,\u201d and it has implemented changes to facilitate quicker communication for researchers wanting to contact the agency.<\/p>\n<p class=\"wp-block-paragraph\">CISA has been without a permanent director since the commencement of President Donald Trump\u2019s second term in January 2025. The agency has also experienced cutbacks, furloughs, and layoffs impacting around one-third of its workforce since Trump assumed office.\u00a0<\/p>\n<\/div>\n<p><em>If you buy through links in our articles, we may receive a minor commission. This does not influence our editorial autonomy.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/techingeek.com\/wp-content\/uploads\/2026\/07\/the-us-cybersecurity-agency-cisa-disclosed-that-it-had-to-create-its-incident-playbook-in-the-midst-of-the-event.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">The U.S. federal cybersecurity organization CISA stated that it lacked a pre-established response strategy for addressing a cybersecurity event in May, after an investigative journalist informed them that a contractor had inadvertently revealed sensitive keys and access credentials for U.S. government systems.<\/p>\n<p class=\"wp-block-paragraph\">CISA, the Homeland Security division responsible for protecting federal networks and assisting in the defense of critical infrastructure, disclosed on Friday in a post-incident report that its personnel \u201chad to allocate time to develop [a playbook] in the initial phases of the incident.\u201d The agency emphasized the necessity of creating playbooks for \u201call expected requirements\u201d to guarantee that organizations are prepared to react to a security breach instead of hurriedly crafting one in real-time.<\/p>\n<p class=\"wp-block-paragraph\">The agency did not specify the extent of the delay in CISA\u2019s response due to the absent playbook, and a spokesperson did not promptly reply to TechCrunch\u2019s inquiry for comments.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Independent cybersecurity reporter Brian Krebs mentioned in May that a security researcher from cyber firm GitGuardian alerted him to a multitude of exposed passwords located in a publicly available GitHub repository that had been uploaded by an employee of a CISA contractor.<\/p>\n<p class=\"wp-block-paragraph\">As per Krebs, the researcher attempted to inform the contractor but received no response. Only after Krebs reached out to CISA did the agency take down the repository and revoke and replace all the compromised credentials to avert any potential misuse in the future.<\/p>\n<p class=\"wp-block-paragraph\">CISA asserted that no customer or mission-related data was compromised in the incident and expressed gratitude to the researcher and journalist for their assistance. The agency admitted that its protocols for enabling security researchers to notify CISA of possible incidents \u201cwere not clearly defined,\u201d and it has implemented changes to facilitate quicker communication for researchers wanting to contact the agency.<\/p>\n<p class=\"wp-block-paragraph\">CISA has been without a permanent director since the commencement of President Donald Trump\u2019s second term in January 2025. The agency has also experienced cutbacks, furloughs, and layoffs impacting around one-third of its workforce since Trump assumed office.\u00a0<\/p>\n<\/div>\n<p><em>If you buy through links in our articles, we may receive a minor commission. This does not influence our editorial autonomy.<\/em><\/p>\n","protected":false},"author":2,"featured_media":3490882,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3490881","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3490881"}],"collection":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/comments?post=3490881"}],"version-history":[{"count":0,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3490881\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media\/3490882"}],"wp:attachment":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media?parent=3490881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/categories?post=3490881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/tags?post=3490881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}