The US agency that protects federal networks did not have its own incident response manual when it was hacked



TL; DR

CISA has admitted that there is no textbook for the cyber security incident. Contractor leaked government credentials on GitHub. The journalist had to notify the agency.

The US Cybersecurity and Infrastructure Security Agency announced the death report on Friday It said there was no response plan in place to deal with a cyber security incident in May. CISA staff”had to spend time building (a playbook) in the early stages of the event,The agency advised organizations to prepare playbooks.all expected needs” rather than improvising in real time.

The incident began after a security researcher at cyber firm GitGuardian discovered that an employee of a CISA contractor had uploaded passwords, AWS GovCloud keys and other sensitive credentials to a publicly available GitHub repository. The researcher tried to alert the contractor but received no response. Only after cybersecurity journalist Brian Krebs contacted CISA did the agency take the repository offline and revoke the exposed credentials.

CISA said no client or mission information was disclosed and thanked the researcher and reporter for their assistance. The agency acknowledged that it has channels that allow security researchers to report potential incidents.not well defined” and made changes to improve communication paths.He did not say how long the missing playbook delayed his response. CISA also uses Anthropic’s Mythos AI to audit government code even more surprising is his admission that he was unprepared for major incidents for his own safety due to vulnerabilities.

The agency has been without a permanent director since the start of Trump’s second term in January 2025. Since then, layoffs, furloughs and layoffs have affected about a third of its workforce. The irony is hard to miss: the federal agency tasked with protecting government networks and advising critical infrastructure on cybersecurity preparedness did not have a response document to the incident that it had ordered every other agency to keep. State-sponsored threat actors apply artificial intelligence to find zero-day vulnerabilities an industry-wide agency on the front lines of this defense was immediately building its response plan.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *