Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

CISA Releases Cyber Defense Plan to Reduce RMM Software Risks

CISA has published a cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software.

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a strategic plan to help critical infrastructure organizations reduce the risks associated with the use of remote monitoring and management (RMM) solutions.

The newly released RMM Cyber Defense Plan (PDF) was developed by the Joint Cyber Defense Collaborative (JCDC) in line with June 2023 guidance on securing remote access software against malicious attacks and aligns with the CISA Strategic Plan for 2023–2025.

“To support the CISA Strategic Plan, the JCDC RMM Cyber Defense Plan identifies a path forward to reduce risks to—and strengthen the resilience of—America’s critical infrastructure organizations that are dependent upon RMM products,” the agency notes.

The new plan, CISA says, is meant to identify ways in which RMM vendors can improve cybersecurity, as well as mechanisms to sustain cybersecurity collaborations in the area.

“JCDC’s RMM Cyber Defense Plan provides cyber defense leaders in government and industry with a collaborative proposal for mitigating threats to the RMM ecosystem,” the document reads.

According to the plan, the collaboration between the government and the private sector is expected to improve the nation’s critical infrastructure security, and major RMM vendors have already shown willingness to work with the US government in this pursuit.

The cyber defense plan is meant to strengthen collaboration to improve information sharing and visibility, and help develop creative cybersecurity solutions.

The plan also highlights the need to improve awareness among small and medium-sized businesses (SMBs) regarding CISA resources and guidance, by educating RMM end-users of the risks associated with using such software and on the steps to be taken to reduce them.

Advertisement. Scroll to continue reading.

“JCDC has already capitalized on the momentum of collaboration established through this planning effort and have advanced protections through this unique and strategic partnership. The enduring partnership provides a proven forum to drive industry-informed objectives aimed at mitigating risk to downstream SMBs and critical infrastructure operators,” the document reads.

The JCDC RMM Cyber Defense Plan should be regarded as a foundation from which government and industry partners – including managed service providers (MSPs) and managed security service providers (MSSPs) – can align their efforts to improve resilience to malicious attacks, the document suggests.

“Through this effort, CISA and partners across government and the private sector will take steps to measurably reduce some of the most significant cyber risks facing the global cyber community,” CISA notes.

Related: CISA Unveils Cybersecurity Strategic Plan for Next 3 Years

Related: CISA Instructs Federal Agencies to Secure Internet-Exposed Devices

Related: CISA Introduces Secure-by-design and Secure-by-default Development Principles

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.