The Cybersecurity and Infrastructure Security Agency (CISA) has released the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive document collectively developed by industry and government partners.
A key part of the RMM plan is to advance cybersecurity and reduce supply chain risk for small and medium critical infrastructure entities through collaboration with RMM vendors, managed service providers (MSPs) and managed security service providers (MSSPs).
The JCDC RMM Cyber Defense Plan is built on two foundational pillars:
- Collective action across the RMM community to enhance information sharing, increase visibility, and fuel creative cybersecurity solutions.
- Educating RMM end-user organizations of the dangers and risks to the RMM infrastructure upon which they rely today, and how to implement best practices moving forward.
Of particular note, the Computer Technology Industry Association (CompTIA), the IT industry’s non-profit trade association and advocate, endorsed the plan and said it had input into its development.
Wayne Selk, CompTIA vice president, cybersecurity programs, and executive director of the CompTIA Information Sharing and Analysis Organization, said it is important that the “unique experiences and perspectives” of MSPs and MSSPs were taken into account in the RMM plan.
"These firms provide information technology and cybersecurity services to approximately 90 percent of U.S.-based small and medium-sized businesses, who themselves account for about half the nation's gross domestic product.”
Cyber threat actors can gain footholds leveraging RMM software into managed service providers (MSPs) or manage security service providers (MSSPs) servers. Infiltrations can have a domino effect to impact small and medium-sized organizations that are MSP/MSSP customers. For instance, the high profile SolarWinds Orion attack of December 2020 leveraged MSPs to hit government agencies and hundreds of businesses.
How the RMM Plan Addresses Risk
THE RMM plan builds on the Joint Cyber Defense Collaborative’s 2023 Planning Agenda that addresses the following risks:
- Understand and mitigate risks potentially posed by open source software used in industrial control systems
- Advance cybersecurity and reduce supply chain risk for small and medium critical infrastructure entities through collaboration with remote monitoring and management (RMM), managed service providers (MSPs), and managed security service providers (MSSPs)
- Deepen operational collaboration and integration with the Energy Sector, in partnership with the Department of Energy
- Identify approach to enhance security and resilience of edge devices for the water sector
The JCDC RMM Cyber Defense Plan supports JCDC’s three core functions:
- Developing and coordinating plans for cyber defense operations and supporting execution of those plans
- Driving operational collaboration and cybersecurity information fusion between public and private sectors, for the benefit of the broader ecosystem
- Producing and disseminating cyber defense guidance across all stakeholder communities