JCDC Remote Monitoring and Management Cyber Defense Plan
Remote Monitoring and Management (RMM) is software that is installed on an endpoint to continuously monitor a machine or system’s health and status, as well as enabling remote unattended administration functions. As ransomware threat actors continue to use RMM tools in their attacks, exploitation of RMM platforms presents a growing risk to small and medium-sized organizations that support national critical functions.
The Joint Cyber Defense Collaborative (JCDC) Remote Monitoring and Management Cyber Defense Plan provides cyber defense leaders in government and industry a collective plan for mitigating threats to the RMM ecosystem. Authored by JCDC and its partners, this plan addresses issues facing the top-down exploitation of RMM software, through which cyber threat actors gain footholds into managed service provider servers and, by extension, into thousands of customer networks.
The JCDC RMM Cyber Defense Plan outlines implementation across two foundational pillars and four lines of effort (LOEs).
- Pillar 1: Operational Collaboration, encourages collective action across the RMM community to enhance information sharing, increase visibility, and fuel creative cybersecurity solutions. Lines of effort aligned with this pillar include 1) Cyber Threat and Vulnerability Information and 2) Enduring RMM Operational Community.
- Pillar 2: Cyber Defense Guidance, focuses on educating RMM end-user organizations of the dangers and risk to the RMM infrastructure upon which they rely today, and how they can help promote security best practices moving forward. Lines of effort aligned under this pillar address 3) End-User Education and 4) Amplification.
The JCDC RMM Cyber Defense Plan builds off of the priorities in the JCDC 2023 Planning Agenda for the mitigation of systemic cybersecurity risks and supports JCDC’s three core functions:
- Developing and coordinating plans for cyber defense operations and supporting execution of those plans,
- Driving operational collaboration and cybersecurity information fusion between public and private sectors, for the benefit of the broader ecosystem, and
- Producing and disseminating cyber defense guidance across all stakeholder communities.