New CISA guidance looks to guard against supply chain hacks

Chor Muang/Getty Images

The Cybersecurity and Infrastructure Security Agency advocates constant communication and education as cyber threat mitigative measures.

The Cybersecurity and Infrastructure Security Agency released its first remote monitoring and management software guidance document on Wednesday, part of the agency’s larger Joint Cyber Defense Collaborative initiative.

The Remote Monitoring & Management Cyber Defense Plan specifically focuses on the potential vulnerabilities within RMM software installed on network endpoints. 

RMM software is commonly used to monitor the safety landscape of a given network, and can grant remote access to some system configurations. Malicious hackers who target these systems through endpoint access often maintain long-term and uninterrupted access into a business’s digital networks, a technique CISA refers to as “living off the land.”

Noting that malicious actors frequently exploit RMM security patches, CISA’s plan relies on two pillars as key to safeguard digital networks: operational collaboration, focused on increased information sharing; and cyber defense guidance, which primarily suggests educating RMM end users on the cybersecurity dangers associated with the software.

CISA has previously issued several advisories linking Chinese state-sponsored cyber actors to RMM endpoint exploitation.

“As envisioned by Congress and the Cyberspace Solarium Commission, JCDC Cyber Defense Plans are intended to bring together diverse stakeholders across the cybersecurity ecosystem to understand systemic risks and develop shared, actionable solutions,” said Eric Goldstein, CISA executive assistant director for cybersecurity. “The RMM Cyber Defense Plan demonstrates the criticality of this work and the importance of both deep partnership and proactive planning in addressing systemic risks facing our country.”

Goldstein added that the report was composed through a collaboration between industry and government partners over the course of several months, a longstanding goal of the Biden administration’s bid to fortify the nation’s digital infrastructures. 

“As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure,” he said. 

Four lines of action included in the report further compliment the two central pillars. They include advanced cyber threat information sharing between stakeholders, institutionalizing communication mechanisms, end user education on cyber threats and amplifying communication through all available avenues.

The broader goal for the RMM Defense Plan, as well as for the JCDC parent program, is to sustain cooperation between RMM vendors and U.S. government agencies.