CISA lacked response plan during May government credential leak
The top US cybersecurity agency had to improvise its response during a May leak of government credentials, raising concerns about the readiness of a critical transatlantic security partner hobbled by recent staff cuts.
The US Cybersecurity and Infrastructure Security Agency (CISA) did not have a prepared response plan when a contractor accidentally exposed sensitive government keys and passwords on a public GitHub repository in May. In a postmortem report released Friday, the agency admitted its staff “had to spend time building [a playbook] during the early stages of the incident.”
Independent journalist Brian Krebs reported in May that a security researcher at GitGuardian discovered the exposed credentials. The researcher initially tried to alert the contractor responsible but received no reply. CISA only took the repository offline and revoked the compromised access keys after Krebs directly contacted the agency.
For European businesses and governments, CISA serves as a primary linchpin in defending shared transatlantic digital infrastructure and global supply chains. The revelation that the agency lacked basic incident response protocols for a straightforward credential leak raises serious questions about its readiness to manage a coordinated, state-sponsored attack on critical networks.
CISA acknowledged that its internal channels for external security researchers to report vulnerabilities “were not well defined,” inadvertently forcing journalists to act as emergency intermediaries. While the agency confirmed no customer or mission data was exposed, the reliance on press intervention to trigger a federal security response highlights a structural blind spot.
This operational lapse occurs against a backdrop of significant internal turmoil. CISA has operated without a permanent director since January 2025, when President Donald Trump began his second term. The agency has also suffered cuts, furloughs, and layoffs affecting roughly a third of its workforce.
European firms heavily invested in US cloud providers and cross-border data flows face systemic risks when the primary federal defender of those networks is understaffed and improvising its defenses. CISA noted that organizations must prepare playbooks for “all anticipated needs” to avoid scrambling during a crisis, a standard it failed to meet itself while operating at a severely diminished capacity.