The US Cybersecurity and Infrastructure Security Agency (CISA) reports that it did not have a ready incident response playbook when it was hacked in May. In a postmortem released on Friday, CISA says its staff spent time developing the playbook during the early stages of the incident rather than using a pre-established procedure. The agency describes this as an opportunity it “missed,” noting that having a response plan prepared in advance would have helped it get ahead of the situation.

While details about the specific breach and its timeline are not provided in the excerpts from the two sources, both describe the same core finding from CISA’s review: the agency’s internal preparedness for handling cybersecurity incidents was incomplete at the time of the attack. CISA’s postmortem frames the issue as a gap in prior planning and emphasizes that the response process began with building necessary guidance in real time, which can affect how quickly and consistently an organization coordinates actions during an active incident.