We Must Control our Data

(Originally posted to Facebook on 5-25-2026)

Recently, CISA (the Cybersecurity and Infrastructure Security Agency), an agency run by the federal government, had a data breach that went unchecked for six months.

This was a catastrophic failure of best practices and common sense.

In November, a contractor to CISA created a repository on GitHub titled “Private-CISA.” It was not a secure private repository; it was open to anyone in the world. It was only shut down on May 15, 2026.

This data included, but was not limited to, high-level Amazon Web Services GovCloud admin credentials, authentication tokens, security certificates, and internal system access information.

CISA is responsible for coming up with security best-practice recommendations for federal, state, local, and tribal governments. It is also responsible for protecting our nation’s critical election infrastructure.

CISA claims that none of the data ended up being compromised.

Several of the passwords in the leaked files were things like "servicenameYear" for many of the government cloud services. It appears as though the person who brought this to light was actually able to gain access to these services.

This implies to me that they were also not using multi-factor authentication on these sensitive accounts.

CISA is the agency tasked with ensuring that federal, state, local, and tribal government entities all follow cybersecurity best practices, especially regarding password management.

I have also read reports that the account/person responsible for posting these files ignored the security researcher who discovered this for months. The system in place at CISA to report such incidents appears to not have worked properly, either.

It is another example of "do as I say, not as I do," and in this case, they really should have been doing what they preached.

I have been concerned for years that we rely too heavily on the cloud for critical government IT infrastructure in this country.

Cities, counties, and the federal government should all try to move as many critical services as they can to on-premise solutions. These solutions tend to cost more initially, may not have all the "bells and whistles" of the cloud, and often require a greater investment in personnel and equipment.

But let me ask you this: Would you rather Amazon and Microsoft store the data the government collects on you, or would you rather it be under your local government's direct control?

I know that at the City of Mills, we try to use the cloud as sparingly as possible, whether that be for our in-car and body-cam video storage, our accounting systems, or our water treatment management systems.

I believe that when it comes to our critical county data, "convenience" should not come at the cost of control.

How important is data sovereignty to you as a resident of Natrona County?

Cameron Savage

Candidate for Natrona County Commissioner