Lessons Learned from CISA's Recent GitHub Leak
7 hours ago
- #Cybersecurity
- #Data Leak
- #Incident Response
- CISA data leak involved contractor publishing 844 MB of sensitive data, including AWS GovCloud credentials, on a public GitHub repository for six months.
- CISA's response was delayed; it took over 48 hours to invalidate leaked keys, partly due to system complexities and unclear incident reporting channels.
- The agency's postmortem emphasizes improving key management, establishing distinct reporting channels, and continuously scanning for exposed secrets on platforms like GitHub.
- GitGuardian researcher highlighted that CISA ignored nine automated alerts, prolonging exposure, and urged organizations to make leak reporting trivial and visible.
- CISA noted enhanced logging and zero-trust principles helped limit damage, but its incident playbook lacked procedures for GitHub or cloud service incidents.
- The report is praised for transparency and advocating for secrets scanning and better relations with security researchers, setting a precedent for organizations.