U.S. Senator Bill Cassidy, chair of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has expanded an ongoing investigation into cybersecurity incidents that threaten both public and private sectors in the United States. The move follows a recent breach at F5, a major application security company used by 85% of Fortune 500 companies.
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued its second emergency directive in less than a month to federal agencies, instructing them to review their deployment of F5 products for vulnerabilities. According to CISA’s directive on October 15, “A nation-state affiliated cyber threat actor [that] has compromised F5’s systems and exfiltrated files.” Reports indicate unauthorized access to F5’s systems may have begun as early as 2023.
Dr. Cassidy emphasized the seriousness of these developments: “The second potential breach of a critical network tool connecting public and private entities to essential tools highlights the significant threat of cybersecurity attacks, particularly from hostile actors, such as China, Russia, and Iran,” he wrote. “As cyber incidents continue to increase, it is essential that the public and private sectors take steps to safeguard the information of millions of patients, students, and employees across America.”
Earlier this month, Senator Cassidy also requested information from Cisco after CISA directed federal agencies to disconnect certain Cisco devices due to similar concerns.
In his letter addressed to François Locoh-Donou of F5 Networks, Dr. Cassidy noted that organizations worldwide faced an average of 1,876 cyber attacks per week in 2024—a record high—and that over one-third of smaller organizations believe their cybersecurity measures are insufficient. He stressed the importance for both government and business entities to strengthen protections for sensitive data.
F5 confirmed in public statements that “A highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems.” The company said it had not seen any new unauthorized activity since containment efforts began.
Senator Cassidy posed several questions regarding how F5 is communicating with customers about threats or patches; when unauthorized activity was detected; how ongoing monitoring is being conducted; whether customers should follow CISA's latest guidance; how sector-specific support is being provided; and what steps are being taken for organizations without dedicated security officers.
He asked for answers by November 12.
For further updates from HELP Republicans visit their website or Twitter account @GOPHELP.
