The US Cybersecurity and Infrastructure Security Agency (CISA) has released its Remote Monitoring and Management (RMM) Cyber Defense Plan, which aims to address the threats posed by vulnerabilities in RMM software. The plan, developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC), is described as the first proactive approach to protecting against attacks on RMM systems.
RMM software allows administrators to connect to their networks and endpoints remotely, making it a convenient tool for managing environments. However, its extensive control capabilities and implicit trust make it a prime target for malicious actors. In recent years, multiple RMM vendors have experienced breaches or vulnerabilities that allowed attackers to gain unauthorized access to organizations using their products. The impact of these attacks is significant, affecting federal agencies and businesses alike.
The CISA’s plan focuses on two key pillars: operational collaboration and cyber defense guidance. The goal is to enhance the security of the RMM ecosystem by sharing threat intelligence, promoting collaboration within the RMM community, providing end-user education, and amplifying CISA services. By implementing these efforts, companies and agencies can build effective Continuous Threat Exposure Management (CTEM) practices, significantly reducing the risk of RMM-related attacks.
Experts in the cybersecurity industry have praised the CISA’s plan, recognizing its potential to advance cybersecurity measures. Roger Grimes, data-driven defense evangelist at KnowBe4, believes the plan will have a sweeping impact across future generations and reduce cybersecurity risk, particularly in critical infrastructure sectors. He commends the inclusion of an education tier, which is often overlooked in defensive plans.
Avishai Avivi, CISO at SafeBreach, acknowledges the urgency and criticality of addressing RMM vulnerabilities. He highlights the impact of recent breaches on organizations using RMM tools and emphasizes the need for collaboration within the RMM ecosystem. Avivi explains that the plan’s efforts, such as information sharing, establishing an RMM operational community, end-user education, and amplifying CISA services, will enhance the security of the RMM ecosystem and enable effective threat exposure management.
In other news, organizations are preparing for the US Securities and Exchange Commission’s (SEC) new incident reporting requirements, set to take effect on September 5. The new rules mandate a four-day window for disclosing breaches and require organizations to provide detailed information on the material nature, scope, timing, and impact of the incidents. Organizations’ annual reports must also cover three new categories of information related to cybersecurity risks and incidents.
While the SEC’s attempt to streamline compliance is generally welcomed, the requirement of disclosing incidents within four days poses a challenge for companies. The US Chamber of Commerce has urged the SEC to delay the effective date of the rules by one year, stating that organizations face the difficult choice between disclosure and national security. The chamber suggests that a twelve-month delay would allow for additional industry input and exploration of alternative approaches.
Meanwhile, the White House is taking a more directive approach to agency cybersecurity. National Security Advisor Jake Sullivan has issued a memorandum to Federal civilian executive agencies, directing them to achieve full compliance with the President’s 2021 Executive Order on cybersecurity. The memo acknowledges a failure to fully comply thus far and calls for agencies to adopt a more serious approach to their cybersecurity posture.
The directive from the White House reflects the increasing importance of cybersecurity and the need to strengthen the defenses of federal agencies. Failure to comply with the cybersecurity requirements could have significant consequences, both in terms of national security and potential repercussions for the agencies involved.
Overall, these developments highlight the ongoing efforts to enhance cybersecurity measures in various sectors. From addressing vulnerabilities in RMM software to implementing new incident reporting rules and strengthening agency cybersecurity posture, the focus on proactive defense and collaboration is crucial in the face of evolving threats.