F5 vulnerability highlights weak points in DHS’s CDM program
Last week, Cybersecurity and Infrastructure Security Agency officials spoke candidly about the challenges they faced tracking the use of F5 products across the civilian federal government. While CISA knows there are thousands of instances of F5 currently in use, it admitted it wasn’t certain where each instance was deployed.
The uncertainty came as the agency issued an emergency directive related to F5, instructing other government agencies to find and patch any F5 instances. The urgency stemmed from the fact that F5 itself had revealed a nation-state had gained a long-term foothold in its systems.
One of the main goals of the directive: “help us identify the different F5 technology in the federal network,” as one official told reporters.
Read more at CyberScoop