V-Help
← All news
Security

CISA Acknowledges Lack of Cyber Incident Response Plan in May

CISA Acknowledges Lack of Cyber Incident Response Plan in May

Photo: TechCrunch

Quick answer

The US CISA had no ready response plan for a May 2025 contractor access key leak, delaying incident mitigation efforts.

The US Cybersecurity and Infrastructure Security Agency (CISA) published a report acknowledging it lacked a prepared response plan for a May 2025 data breach incident. The situation arose after independent journalist Brian Krebs reported publicly accessible contractor credentials discovered by a GitGuardian researcher.

According to the report, CISA staff were forced to develop an action plan during the incident, causing response delays, though the agency did not specify the extent. The breach compromised access keys to federal systems, but CISA stated no critical data was affected. All vulnerable credentials were promptly replaced.

The incident also revealed issues with security researcher communication channels. Initially, the GitGuardian specialist attempted to contact the contractor but received no response. Only after journalist intervention did CISA take action. The agency noted it has since streamlined threat notification processes and plans to develop standardized protocols for all possible incident scenarios.

The situation is complicated by CISA operating without a permanent director since January 2025, with staff reductions affecting about one-third of employees. These factors may impact response efficiency amid growing cyber threats.

Common questions

What happened to CISA in May 2025?
An investigative journalist discovered a publicly accessible GitHub repository containing sensitive keys and passwords belonging to a CISA contractor. The agency had no prepared response plan and developed one during the incident.
Why is the lack of a response plan critical for CISA?
The absence of a pre-prepared plan slows threat response, increases data compromise risks, and reduces the effectiveness of federal system protection. CISA is responsible for securing US critical infrastructure.
What measures did CISA take after the incident?
The agency improved communication channels for security researchers to accelerate threat notifications and began developing standardized protocols for all incident scenarios.
Share:

Dzen feed: /feed/dzen.xml · RSS: /feed.xml

Why trust this

Prepared by the V-Help editorial team from the primary source with a published date.

Published by: V-Help.ru news desk

Source: TechCrunch