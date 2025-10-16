In a startling revelation that has sent shockwaves through the cybersecurity and energy sectors, F5 Inc., a leading U.S.-based cybersecurity provider, has disclosed a major breach attributed to Chinese state-backed hackers.

The Seattle-headquartered company, known for its BIG-IP suite of application services used by Fortune 500 companies and government agencies, reported that intruders gained “long-term, persistent access” to its systems, stealing source code and details about vulnerabilities that could be exploited against its customers.

Described as potentially “catastrophic,” this incident revives longstanding fears about China’s influence over critical infrastructure, particularly in the energy domain.

Details of the F5 Breach

F5 Inc. made the disclosure in a regulatory filing, highlighting how nation-state actors—identified by sources familiar with the matter as originating from China—compromised the company’s networks.

The stolen data includes portions of the source code for BIG-IP, a widely deployed platform for application security and delivery. More alarmingly, the hackers accessed information on flaws that could allow targeted attacks on F5’s extensive client base.

While the article does not explicitly tie the breach to energy systems, F5’s tools are integral to securing digital infrastructure across industries, including those handling sensitive operational technology (OT) in power grids.

This isn’t the first time China has been accused of cyber espionage against U.S. firms. The attribution to Beijing aligns with a pattern of state-sponsored hacking aimed at intellectual property theft and strategic positioning in global supply chains.

The long-term access suggests a sophisticated operation, potentially allowing ongoing surveillance or future disruptions.

F5’s Critical Role in the Energy Sector

F5’s platforms are not just corporate tools; they play a vital role in safeguarding energy infrastructure. A prime example is their work with SA Power Networks (SAPN), South Australia’s electricity distributor serving 1.7 million people.

SAPN deployed F5’s NGINXaaS for Azure to enhance OT cloud security, managing massive data streams from renewable sources like solar PV systems and home batteries.

Facing challenges from a bidirectional grid with high renewable penetration (71% of demand met by renewables), SAPN needed robust encryption and compliance with standards like IEEE 2030.5 and Australia’s ASD Essential 8.

F5’s solution provided scalable, cloud-native architecture for secure data handling, reducing vulnerabilities in grid-to-device communications.

Benefits included operational efficiency, freeing teams from infrastructure management to focus on innovation, while fortifying against threats in a digitized grid.

This case illustrates how F5’s technology supports energy providers in transitioning to renewables, ensuring resilience amid growing cyber risks.In the U.S., similar deployments mean F5’s BIG-IP and related tools are embedded in power utilities, protecting against unauthorized access and ensuring reliable service delivery. A breach here could expose blueprints for bypassing these defenses, directly threatening grid stability.

Broader Implications for Energy Security

The energy sector is particularly vulnerable because it relies on interconnected systems where a single weak point can cascade into widespread outages. With F5’s stolen source code, adversaries could craft exploits tailored to energy clients, potentially disrupting power generation, transmission, or distribution.

This is especially concerning given the rise in renewable integration, which increases data flows and attack surfaces, as seen in the SAPN example.

Compounding this is the historical context:

China has long been suspected of embedding backdoors in grid equipment. In his first term, President Trump issued Executive Order 13920 on May 1, 2020, declaring a national emergency to secure the U.S. bulk-power system (BPS) from foreign adversaries, explicitly targeting China.

The order prohibited utilities supplying critical defense facilities from acquiring BPS equipment manufactured or supplied by entities under Chinese jurisdiction, covering voltages of 69kV and above.

This was implemented by then-Secretary of Energy Dan Brouillette through a prohibition order effective January 16, 2021, aiming to mitigate risks like hidden malware in transformers and other components.

Energy News Beat has previously highlighted these concerns, noting how China’s dominance in grid hardware could provide an “off-switch” for America’s power infrastructure amid aging systems and surging demand from AI, EVs, and data centers.

The U.S. grid, much of it over 50 years old, faces unprecedented stress, with data centers alone consuming 4.4% of electricity.

Trump’s EO addressed fears that adversaries like China and Russia have secured footholds in the electric system, potentially enabling blackouts.

Overview of Executive Order 13920

Executive Order 13920, titled “Securing the United States Bulk-Power System,” was issued by President Donald J. Trump on May 1, 2020, and published in the Federal Register on May 4, 2020.

The order aimed to protect the U.S. electric grid from vulnerabilities introduced by foreign adversaries, particularly through the supply chain of critical power equipment. It was invoked under the authority of the Constitution, the International Emergency Economic Powers Act (IEEPA), the National Emergencies Act (NEA), and Section 301 of Title 3 of the U.S. Code.

The order declared a national emergency due to threats posed by foreign adversaries—defined as any foreign government or non-governmental entity engaged in conduct significantly adverse to U.S. national security or that of its allies—to the bulk-power system (BPS), which is essential for national defense, public health, and economic stability.

The BPS refers to facilities and control systems for electric energy outside the local distribution level, operating at 69 kilovolts (kV) or higher, including generators, transmission lines, transformers, substations, and related equipment.

Concerns centered on malicious cyberattacks, sabotage, or backdoors embedded in imported equipment, with implicit focus on countries like China, Russia, and Iran, as highlighted in related Department of Energy (DOE) requests for information.

Key Provisions

The order’s core mechanism was to prohibit certain “transactions” involving BPS electric equipment to mitigate undue risks. Here’s a breakdown:

Prohibited Transactions (Section 1)

Bans any acquisition, importation, transfer, or installation of BPS electric equipment initiated after May 1, 2020, if the Secretary of Energy (in coordination with the Office of Management and Budget Director and consultation with Defense, Homeland Security, National Intelligence, and other agency heads) determines the transaction involves equipment where a foreign adversary has an interest (e.g., via ownership, control, or contracts), and it poses unacceptable risks to U.S. national security, including sabotage or subversion.

Exceptions (Section 1(b))

Does not apply to transactions necessary for critical infrastructure protection or if the Secretary determines the equipment does not pose undue risk.

Implementation Rules (Section 2)

Requires the Secretary of Energy, within 150 days, to identify and publish rules or regulations prohibiting such transactions, including criteria for recognizing pre-qualified vendors and equipment.

Federal Agency Actions (Section 3)

Directs agency heads (including the Tennessee Valley Authority Board) to implement measures within their authority to ensure compliance, avoiding BPS equipment from adversaries.

DOE Responsibilities (Section 4)

Tasks the Secretary with: (i) creating a pre-qualified vendor list; (ii) developing recommendations to identify, isolate, monitor, or replace risky existing equipment; and (iii) leading a task force to update federal acquisition regulations and issue policy reports.

General Provisions (Section 6)

Clarifies the order does not impair existing agency authorities or create enforceable rights/benefits against the U.S. government.

Background and Rationale

The order was motivated by escalating threats to the U.S. power grid, including foreign adversaries’ efforts to exploit supply chain weaknesses for espionage or disruption.

It built on prior concerns about over-reliance on imported BPS components, particularly from China, which dominates global manufacturing of transformers and other high-voltage gear. A DOE Request for Information in July 2020 sought public input on implementation, explicitly listing China as a key adversary equipped to undermine the BPS.

This aligned with broader Trump-era policies, such as Executive Order 13873 on securing information and communications technology supply chains.

Implementation and Subsequent Developments

Prohibition Order (December 2020): DOE issued an order on December 17, 2020, prohibiting utilities serving critical defense facilities (e.g., military bases, nuclear sites) from acquiring BPS equipment from foreign adversaries after January 16, 2021, focusing on voltages ≥69 kV. federalregister.gov

Suspension and Revocation: On January 20, 2021, President Joe Biden issued Executive Order 13990, suspending EO 13920 for 90 days for review. federalregister.gov The emergency declaration expired on May 1, 2021, and the December 2020 Prohibition Order was revoked on April 20, 2021, to allow for a more comprehensive strategy. federalregister.gov The Biden administration shifted toward collaborative, multi-agency approaches to supply chain security rather than outright bans.

EO 13920 highlighted the intersection of energy infrastructure and national security but faced criticism for potential supply disruptions and lack of immediate exemptions. Its legacy influences ongoing efforts to diversify BPS supply chains and enhance cybersecurity in the grid. For the full text, refer to the Federal Register publication.

As I have mentioned on the podcast, we had 492 major grid interconnects removed under President Trump’s first term, and then put back in under President Biden, and I cannot find out if they have been removed again. Best guess is that an estimated 9% to 12% of the grid could be impacted by a major breach, and could be deadly for millions. The power would not come back on for a long time if these are being deployed, then cut remotely by cyber hackers.

Potential Impacts and the Path Forward

This F5 breach could amplify these risks, allowing China to exploit stolen vulnerabilities in tandem with any lingering hardware access. Impacts might include targeted cyberattacks on energy firms, leading to blackouts, inflated costs, or delayed renewable transitions. For instance, compromised OT security could hinder real-time management of solar and battery data, undermining grid reliability.

In response, the energy sector must prioritize supply chain audits, diversify vendors, and enhance zero-trust architectures. Policymakers could revisit and strengthen measures like EO 13920, especially as global tensions rise.

While Biden suspended the order in 2021 for review, the current landscape—marked by this breach—underscores the need for robust defenses.

As the world pushes toward net-zero goals, cybersecurity must evolve alongside. The F5 incident is a wake-up call: ignoring China’s cyber ambitions could leave energy systems—and the economies they power—in the dark.

You have heard me say this before, but as the CEO of a company, it's crucial to have a plan in place for your energy requirements to keep your doors open in the event of a grid failure. As Men leading your homes, get a plan and be able to survive with lights, water purification, and basic life. Having a plan for man-made or natural disasters is something we all need to do.

Similar to my interview with General Flynn, he encourages us to get involved locally in elections and schools. We need to prepare for emergencies by taking care of our neighbors, family, and friends.

Thank you to all of our great subscribers and readers on the Substack, YouTube, and Energynewsbeat.co site.