Last week, the Cybersecurity and Infrastructure Security Agency (CISA) addressed significant challenges in tracking F5 systems within the federal government, revealing a concerning lack of visibility despite substantial investment in the Continuous Diagnostics and Mitigation (CDM) program. The urgency behind an emergency directive to patch F5 vulnerabilities arose after it was disclosed that a nation-state had established a long-term presence in F5’s systems. This situation underscores serious weaknesses in identifying and managing technology assets in government networks, particularly as existing monitoring systems struggle with rapidly evolving edge device technology.
CISA’s challenges reflect a broader issue within the CDM program, which was primarily established to enhance visibility over internal networks and lacks the necessary oversight for specialized or edge devices that hackers increasingly target. A June report from the Government Accountability Office indicated that many agencies failed to implement full visibility capabilities, which are necessary for ensuring cybersecurity. The lack of adequate monitoring systems for devices like F5 BIG-IP load balancers, which often sit in less-monitored demilitarized zones, makes them ideal targets for cyber adversaries, emphasizing the need for improved strategies in the federal cybersecurity landscape.
👉 Pročitaj original: CyberScoop
