the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.

That doesn't support the theory that it was a mistake. That was intentional action. Maybe he was being blackmailed, and was coerced to do it. Or maybe he was a foreign agent or sympathizer who had infiltrated the organization.

There has been no indication if this was personally owned GitHub or Organizational owned GitHub. If it's personally owned, it still is one person doing massive dumb. Even if it's Organizational, it's very possible that person in question had rights to do this without oversight.

I've been a government contractor before, it does not employ best and brightest, it employs the average and below generally.