This article from Security Affairs discusses a recent breach at the agency whose mission, ironically, is to strengthen cyber security.
Threat actors breached two crucial systems of the US CISA
Fortunately, the breach only affected two systems, which would seem to indicate that CISA silos its operations so that a breach in one system will not affect others. This is a best practice that all organizations should follow
As a CISA spokesperson said, “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”
Vulnerabilities in Ivanti software were blamed for the breach.