Nobody talks about what happens when the agency writing federal cybersecurity standards has no director, no playbook, and a third fewer staff — CISA's May 2026 leak just made it visible
The US Cybersecurity and Infrastructure Security Agency (CISA) has admitted it began writing its incident response playbook during the incident it was responding to — a breach in which a contractor exposed administrative credentials to Amazon AWS GovCloud accounts and internal CISA systems on a public GitHub repository.