Navigating the Challenges: Strengthening Protections for Remote Monitoring and Management

Cybersecurity Initiative Aims to Strengthen Remote Monitoring and Management Systems

Two years after the launch of the Joint Cyber Defense Collective (JCDC), a cooperative effort between the public and private cybersecurity sectors, the group has unveiled its first piece of guidance. The JCDC has developed a roadmap to enhance the security of remote monitoring and management (RMM) systems, which are crucial in maintaining the country’s critical infrastructure.

The Vulnerability of RMM Systems

RMM tools are commonly used by managed service providers (MSPs) to remotely access and manage critical infrastructure systems. However, these tools have become attractive targets for threat actors seeking to exploit vulnerabilities and gain unauthorized access. Once compromised, threat actors can operate undetected and maintain persistent access within these infrastructure systems.

Melissa Bischoping, director of endpoint security research at Tanium, notes that RMM tools are popular among attackers due to their low probability of detection by common security measures and their high level of permissions on the devices they control. The JCDC aims to enhance education, awareness, and vulnerability management of RMM software to mitigate the risks posed by these tools. By doing so, the JCDC hopes to reduce the likelihood of successful attacks leveraging RMM software.

Real-world Implications: Breach of Florida Water Supply

John Gallagher, vice president of Viakoo Labs, highlights the potential impact of a security breach in RMM systems. He points to the example of how a threat actor manipulated the chemicals used to treat Florida’s water supply by gaining control over the legitimate RMM tool, TeamViewer. Gallagher emphasizes that while RMM tools provide secure access, once breached, they enable threat actors to operate within an organization’s infrastructure as if they were physically present, leading to potentially devastating consequences.

Recommendations from the RMM Cyber Defense Plan

The RMM Cyber Defense Plan by CISA aims to foster collaboration among operators and provide guidance to cybersecurity teams in the RMM space. The plan identifies several key recommendations to strengthen the RMM ecosystem:

1. Promote Threat and Vulnerability Information Sharing: The report emphasizes the importance of sharing information regarding emerging threats and vulnerabilities among stakeholders. By fostering a collaborative environment, organizations can stay ahead of evolving threats.
2. Build an Enduring RMM Operational Community: The plan calls for the establishment of a strong and lasting community of cybersecurity professionals working in the RMM space. This community would serve as a forum for knowledge exchange, best practices, and mutual support.
3. Educate Users: Recognizing that many MSPs are relatively new to the security space, the plan highlights the need for comprehensive education and training programs. By equipping MSPs with the necessary knowledge and skills, they can better secure their own operations and assist their customers in achieving robust cybersecurity.
4. Amplify Threat Alerts and Advisories: The plan stresses the importance of effectively disseminating threat alerts and advisories throughout the RMM community. Timely and concise communication of potential risks will facilitate prompt response and mitigation.

Expert Analysis and Outlook

Teresa Rothaar, a governance, risk, and compliance analyst at Keeper Security, emphasizes the educational benefits that the collaborative efforts of the JCDC will yield for MSPs. As MSPs gain knowledge on running secure operations, they will be better equipped to assist their customers in maintaining strong cybersecurity practices.

Roger Grimes, from KnowBe4, expresses optimism about the impact of the JCDC RMM Cyber Defense Plan. He acknowledges the long-standing vulnerabilities within RMM systems and asserts that the framework laid out by CISA holds great potential for success. However, Grimes also cautions that time will tell if the plan delivers the expected dividends.

Editorial and Advice

The collaborative efforts of public and private sectors, as exemplified by the JCDC, are critical in addressing the evolving cybersecurity challenges facing the nation’s critical infrastructure. The vulnerabilities in RMM systems underscore the importance of proactive security measures and continuous monitoring of these tools.

For organizations utilizing RMM software, it is crucial to prioritize education and training for IT staff responsible for managing and securing these systems. By staying informed about emerging threats and vulnerabilities, organizations can implement timely mitigation strategies and enhance their overall security posture.

Furthermore, fostering a culture of information sharing and collaboration within the RMM community is essential. Organizations should actively participate in threat intelligence sharing initiatives and engage in discussions with their peers in the industry. By working together, the RMM community can collectively combat emerging threats and strengthen the overall security of critical infrastructures.

The JCDC RMM Cyber Defense Plan represents a significant step towards improving the security of RMM systems. However, it is crucial that this initiative receives sufficient support and resources to achieve its goals. Continued investment in research, education, and the development of innovative cybersecurity solutions will be key in protecting the nation’s critical infrastructure from cyber threats.