Hasty Briefsbeta

Bilingual

Lessons Learned from CISA's Recent GitHub Leak

7 hours ago
  • #Cybersecurity
  • #Data Leak
  • #Incident Response
  • CISA data leak involved contractor publishing 844 MB of sensitive data, including AWS GovCloud credentials, on a public GitHub repository for six months.
  • CISA's response was delayed; it took over 48 hours to invalidate leaked keys, partly due to system complexities and unclear incident reporting channels.
  • The agency's postmortem emphasizes improving key management, establishing distinct reporting channels, and continuously scanning for exposed secrets on platforms like GitHub.
  • GitGuardian researcher highlighted that CISA ignored nine automated alerts, prolonging exposure, and urged organizations to make leak reporting trivial and visible.
  • CISA noted enhanced logging and zero-trust principles helped limit damage, but its incident playbook lacked procedures for GitHub or cloud service incidents.
  • The report is praised for transparency and advocating for secrets scanning and better relations with security researchers, setting a precedent for organizations.