CISA lacked playbook after contractor exposed gov passwords

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- CISA had no prepared incident response playbook when a contractor publicly exposed sensitive government credentials, requiring staff to create one during the event
- CISA contractor employee uploaded passwords and access keys for U.S. government systems to a public GitHub repository, exposing them to potential misuse
- Brian Krebs reported the exposure after a security researcher with GitGuardian alerted him, prompting CISA to take down the repository and revoke credentials
- CISA confirmed no customer or mission data was exposed and credited the researcher and reporter for identifying the issue
- CISA acknowledged its channels for receiving security disclosures were not well defined and has since updated its processes to speed up researcher contact
- CISA has operated without a permanent director since January 2025 and has faced workforce cuts affecting about a third of its staff under the current administration
Why it matters: CISA’s lack of a playbook delayed its ability to respond to a real breach scenario, despite handling threats to federal networks. With a third of its workforce cut and no permanent leader, the agency’s operational readiness is materially weakened at a time of rising cyber threats.


