The Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC) today published the Cyber Defense Plan for Remote Monitoring and Management (RMM), making it the first-ever plan developed by industry and government partners through the JCDC.
The plan provides cyber defense leaders in both government and industry with a clear roadmap to mitigate threats to the RMM ecosystem.
“As envisioned by Congress and the Cyberspace Solarium Commission, JCDC Cyber Defense Plans are intended to bring together diverse stakeholders across the cybersecurity ecosystem to understand systemic risks and develop shared, actionable solutions,” said Eric Goldstein, CISA’s executive assistant director for cybersecurity. “The RMM Cyber Defense Plan demonstrates the criticality of this work and the importance of both deep partnership and proactive planning in addressing systemic risks facing our country.”
So, what exactly is RMM? RMM is a software that is installed on an endpoint to continuously monitor a machine or system’s health and status, as well as enable remote functions.
While RMM offers a number of benefits, adversaries often target those same benefits to evade detection and penetrate into managed service provider (MSP) servers and, by extension, into thousands of customer networks that employ MSPs.
The JCDC’s plan addresses issues facing the top-down exploitation of RMM software, furthering specific lines of effort in the Biden administration’s National Cybersecurity Strategy and in CISA’s Cybersecurity Strategic Plan.
The plan, as part of JCDC’s 2023 Planning Agenda, is built on two foundational pillars: operational collaboration and cyber defense guidance. It also contains four subordinate lines of effort:
- Cyber Threat and Vulnerability Information Sharing: Expand cyber threat and vulnerability information sharing between the Federal government and RMM stakeholders.
- Enduring RMM Operational Community: Implement mechanisms for an enduring RMM operational community that will continue to bolster security efforts.
- End-User Education: Develop and enhance end-user cybersecurity guidance and best practices.
- Amplification: Amplify relevant advisories and alerts within the RMM ecosystem.
“These planning efforts are dependent on trusted collaboration with our partners, and this plan was a true partnership with the RMM community, industry, and interagency partners that contributed time and effort towards this important work,” Goldstein said. “The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem.”
“As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure,” he added.
The JCDC – established by Congress in 2021 – aims to reduce cyber risk through continuous operational collaboration between trusted partners in the public and private sectors.