In a pioneering move to fortify cybersecurity measures, the Cybersecurity and Infrastructure Security Agency (CISA) has unveiled the Cyber Defense Plan for Remote Monitoring and Management (RMM). This innovative plan, developed through the Joint Cyber Defense Collaborative (JCDC), marks an essential step in CISA’s 2023 Planning Agenda. By fostering collaborative efforts between industry and government partners, the JCDC Remote Monitoring and Management Systems Cyber Defense Plan addresses systemic risks, bolstering the security and resilience of the RMM ecosystem.
RMM products are increasingly embraced by diverse sectors to achieve operational efficiencies and harness scalable services. However, these advantages have not gone unnoticed by malicious actors, ranging from ransomware perpetrators to state-sponsored entities. Adversaries target RMM products as a means to compromise downstream customer organizations. This approach aids them in evading detection and establishing persistent access, a tactic known as “living off the land.”
Designed as an integral part of the 2023 Planning Agenda, the RMM Cyber Defense Plan lays out a comprehensive roadmap to enhance security and resilience within this critical ecosystem. This encompasses RMM vendors, managed service providers (MSPs), managed security service providers (MSSPs), small and medium-sized businesses (SMBs), and operators of critical infrastructure. Developed through an extensive collaboration involving vendors, operators, agencies, and stakeholders, the Plan has already culminated in a significant achievement with the publication of the joint advisory titled “Protecting Against Malicious Use of Remote Monitoring and Management Software.”
The RMM Cyber Defense Plan is constructed upon two foundational pillars: operational collaboration and cyber defense guidance. It encompasses four subordinate lines of effort:
- Cyber Threat and Vulnerability Information Sharing: Facilitate the exchange of cyber threat and vulnerability information between U.S. government entities and RMM ecosystem stakeholders.
- Enduring RMM Operational Community: Establish mechanisms for a sustainable RMM operational community, fostering the maturation of scaled security endeavors.
- End-User Education: Enhance and develop end-user education and cybersecurity guidance to drive the adoption of robust best practices, through collaborative efforts involving CISA, interagency partners, and other RMM ecosystem stakeholders.
- Amplification: Utilize existing communication channels to amplify pertinent advisories and alerts throughout the RMM ecosystem.
Eric Goldstein, CISA Executive Assistant Director for Cybersecurity, emphasized the pivotal nature of this proactive collaboration in addressing systemic risks. The JCDC’s execution of the plan signifies a significant stride towards minimizing risks to the nation’s critical infrastructure.
As part of the JCDC 2023 Planning Agenda, this endeavor underscores the significance of public-private collaboration in executing cyber defense strategies and fortifying national security. To explore more about the JCDC’s endeavors, visit CISA.gov/JCDC.
CISA extends an invitation to all organizations to review the JCDC RMM Cyber Defense Plan and contribute to this united front against cyber threats.