The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a strategic plan to help critical infrastructure organizations reduce the risks associated with the use of remote monitoring and management (RMM) solutions.
The newly released RMM Cyber Defense Plan (PDF) was developed by the Joint Cyber Defense Collaborative (JCDC) in line with June 2023 guidance on securing remote access software against malicious attacks and aligns with the CISA Strategic Plan for 2023–2025.
“To support the CISA Strategic Plan, the JCDC RMM Cyber Defense Plan identifies a path forward to reduce risks to—and strengthen the resilience of—America’s critical infrastructure organizations that are dependent upon RMM products,” the agency notes.
The new plan, CISA says, is meant to identify ways in which RMM vendors can improve cybersecurity, as well as mechanisms to sustain cybersecurity collaborations in the area.
“JCDC’s RMM Cyber Defense Plan provides cyber defense leaders in government and industry with a collaborative proposal for mitigating threats to the RMM ecosystem,” the document reads.
According to the plan, the collaboration between the government and the private sector is expected to improve the nation’s critical infrastructure security, and major RMM vendors have already shown willingness to work with the US government in this pursuit.
The cyber defense plan is meant to strengthen collaboration to improve information sharing and visibility, and help develop creative cybersecurity solutions.
The plan also highlights the need to improve awareness among small and medium-sized businesses (SMBs) regarding CISA resources and guidance, by educating RMM end-users of the risks associated with using such software and on the steps to be taken to reduce them.
“JCDC has already capitalized on the momentum of collaboration established through this planning effort and have advanced protections through this unique and strategic partnership. The enduring partnership provides a proven forum to drive industry-informed objectives aimed at mitigating risk to downstream SMBs and critical infrastructure operators,” the document reads.
The JCDC RMM Cyber Defense Plan should be regarded as a foundation from which government and industry partners – including managed service providers (MSPs) and managed security service providers (MSSPs) – can align their efforts to improve resilience to malicious attacks, the document suggests.
“Through this effort, CISA and partners across government and the private sector will take steps to measurably reduce some of the most significant cyber risks facing the global cyber community,” CISA notes.