US cybersecurity agency CISA had to build its incident playbook during the incident, agency reveals
US cybersecurity agency CISA had to build its incident playbook during the incident, agency reveals
美国网络安全机构 CISA 披露:在应对安全事件时才临时制定应急预案
U.S. federal cybersecurity agency CISA said it did not have a prepared response plan for how it should handle a cybersecurity incident in May, after an investigative reporter notified the agency that a contractor had publicly exposed sensitive keys and credentials for accessing U.S. government systems.
美国联邦网络安全机构 CISA 表示,今年 5 月,在一名调查记者通知该机构有承包商公开泄露了访问美国政府系统的敏感密钥和凭证后,他们发现自己并没有针对此类网络安全事件的预备应对方案。
CISA, the Homeland Security unit tasked with defending federal networks and helping to safeguard critical infrastructure, revealed Friday in a postmortem report that its staff “had to spend time building [a playbook] during the early stages of the incident.” The agency said it is important to prepare playbooks for “all anticipated needs” to ensure that organizations are ready to respond in the event of a security incident rather than scrambling to improvise one in real time.
作为负责保护联邦网络和关键基础设施的国土安全部门,CISA 在周五发布的一份事后调查报告中披露,其工作人员“不得不在事件初期花费时间来制定(应急预案)”。该机构表示,针对“所有预期需求”提前准备预案至关重要,这样才能确保组织在发生安全事件时能够从容应对,而不是在事发时手忙脚乱地临时拼凑方案。
The agency did not say how long the missing playbook delayed CISA’s response, and a spokesperson did not immediately respond to TechCrunch’s request for comment.
该机构并未说明预案的缺失导致 CISA 的响应延迟了多久,其发言人也未立即回应 TechCrunch 的置评请求。
Independent cybersecurity journalist Brian Krebs reported in May that a security researcher with cyber firm GitGuardian alerted him to reams of exposed passwords stored in a publicly accessible GitHub repository, which an employee of a CISA contractor had uploaded. According to Krebs, the researcher tried to alert the contractor but didn’t hear back. Only after Krebs contacted CISA did the agency take the repository offline and revoke and replace all of the exposed credentials to prevent any potential future abuse.
独立网络安全记者 Brian Krebs 在 5 月报道称,网络安全公司 GitGuardian 的一名研究人员向他发出警示,称在 GitHub 的一个公开存储库中发现了大量泄露的密码,这些密码是由 CISA 的一名承包商员工上传的。据 Krebs 称,该研究人员曾试图联系承包商但未获回复。直到 Krebs 联系了 CISA,该机构才将存储库下线,并撤销并更换了所有泄露的凭证,以防止未来可能出现的滥用。
CISA said that no customer or mission data was exposed in the incident and thanked the researcher and reporter for their help. The agency said that its channels for allowing security researchers to notify CISA of potential incidents “were not well defined,” and that it has made changes to make it easier and faster for researchers to contact the agency.
CISA 表示,此次事件中没有客户或任务数据泄露,并感谢了该研究人员和记者的帮助。该机构承认,其允许安全研究人员通报潜在事件的渠道“定义不够明确”,目前已做出改进,以便研究人员能更轻松、更快捷地联系该机构。
CISA has been without a permanent director since the start of President Donald Trump’s second term in January 2025. The agency has also been affected by cuts, furloughs, and layoffs affecting about a third of its workforce since Trump took office.
自 2025 年 1 月唐纳德·特朗普总统开启第二个任期以来,CISA 一直没有常任局长。自特朗普上任以来,该机构还受到了削减预算、强制休假和裁员的影响,约三分之一的员工受到波及。