CISA Publishes JCDC Remote Monitoring and Management Systems Cyber Defense Plan
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) published the Cyber Defense Plan for Remote Monitoring and Management (RMM), the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of our 2023 Planning Agenda. This Plan provides a clear roadmap to advance security and resilience of the RMM ecosystem and further specific lines of effort in the National Cyber Strategy to scale public-private collaboration and in the CISA Cybersecurity Strategic Plan to drive adoption of the most impactful security measures.
Organizations across sectors leverage RMM products to gain efficiencies and benefit from scalable services. These same benefits, however, are increasingly targeted by adversaries – from ransomware actors to nation-states – to compromise large numbers of downstream customer organizations. By targeting RMM products, threat actors attempt to evade detection and maintain persistent access, a technique known as living off the land.
Part of our 2023 Planning Agenda, the RMM Cyber Defense Plan provides a clear roadmap to advance security and resilience of this critical ecosystem, including RMM vendors, managed service providers (MSPs), managed security service providers (MSSPs), small and medium sized businesses (SMBs), and critical infrastructure operators. This Plan was developed through a multi-month process that leveraged deep expertise by vendors, operators, agencies, and other stakeholders, and has already resulted in a significant deliverable with publication of our joint advisory on Protecting Against Malicious Use of Remote Monitoring and Management Software.
The RMM Cyber Defense Plan is built on two foundational pillars, operational collaboration and cyber defense guidance, and contains four subordinate lines of effort:
(1) Cyber Threat and Vulnerability Information Sharing: Expand the sharing of cyber threat and vulnerability information between U.S. government and RMM ecosystem stakeholders.
(2) Enduring RMM Operational Community: Implement mechanisms for an enduring RMM operational community that will continue to mature scaled security efforts.
(3) End-User Education: Develop and enhance end-user education and cybersecurity guidance to advance adoption of strong best practices, a collaborative effort by CISA, interagency partners and other RMM ecosystem stakeholders.
(4) Amplification: Leverage available lines of communication to amplify relevant advisories and alerts within the RMM ecosystem.
“As envisioned by Congress and the Cyberspace Solarium Commission, JCDC Cyber Defense Plans are intended to bring together diverse stakeholders across the cybersecurity ecosystem to understand systemic risks and develop shared, actionable solutions. The RMM Cyber Defense Plan demonstrates the criticality of this work and the importance of both deep partnership and proactive planning in addressing systemic risks facing our country,” said Eric Goldstein,CISA Executive Assistant Director for Cybersecurity. “These planning efforts are dependent on trusted collaboration with our partners, and this Plan was a true partnership with the RMM community, industry and interagency partners that contributed time and effort towards this important work. The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem. As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”
The JCDC 2023 Planning Agenda is a forward-looking effort that is bringing together government and the private sector to develop and execute cyber defense plans that achieve specific risk reduction goals and enable more focused collaboration. To learn more about the JCDC, visit CISA.gov/JCDC.
All organizations are encouraged to review the JCDC RMM Cyber Defense Plan.
Pursuant to new authorities granted by Congress in the 2021 National Defense Authorization Acts, the Cybersecurity and Infrastructure Security Agency (CISA) established JCDC in August 2021 to transform traditional public-private partnerships into real-time private-public operational collaboration and shift the paradigm from reacting to threats and vulnerabilities to proactively planning and taking steps to mitigate them. JCDC combines the visibility, insight, and innovation of the private sector with the capabilities and authorities of the federal cyber ecosystem to collectively drive down cyber risk to the nation at scale.
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.