What do you do when a tool meant for help turns into a vector used for harm?
MSPs have long been in the crosshairs as targets for cybercriminals, and remote monitoring and management (RMM) tools have provided a point of vulnerability.
As high-profile attacks and concerns have grown, CISA, the federal government’s Cybersecurity and Infrastructure Security Agency, sought to alleviate the threat by forming the Joint Cyber Defense Collaborative (JCDC), an effort between the RMM community and government. According to CISA, “As ransomware threat actors continue to use RMM tools in their attacks, exploitation of RMM platforms presents a growing risk to small and medium-sized organizations that support national critical functions.”
CISA published the JCDC’s Cyber Defense Plan for RMM in August. Part of CISA’s 2023 Planning Agenda, the RMM Cyber Defense Plan provides a roadmap to advance security and resilience of the ecosystem comprising RMM vendors, managed service providers and managed security service providers (MSPs/MSSPs), small and medium-sized businesses (SMBs) and critical infrastructure operators.
“For the first time, a nonbiased and resource-capable organization has brought together all of the major stakeholders with the sole intention of improving the state of the SMB ecosystem, led by improving the security of the managed service provider ecosystem,” says Lawrence Cruciana, president of Corporate Information Technologies, an MSP/MSSP in Charlotte, NC, who has been a member of the JCDC since its inception.
“Wisely, this was first focused on the tools that MSPs use,” Cruciana continues. “If the tools are not capable of ‘secure by default, secure by design’ principles or they do not offer the required security-centric capabilities, the initiative would fail. So, CISA invited all of the major RMMs at a very high level (CISO, senior software engineers, etc.) to the conversation.”
The two pillars of the plan are operational collaboration and cyber defense guidance, with efforts focusing on information sharing and amplification within the ecosystem, end-user education and mechanisms for the RMM community to scale cybersecurity efforts.
The success of the JCDC is largely based on the community’s willingness to share data and findings in an open-source and collaborative manner.
“By having the opportunity to collaborate with JCDC, we’re aiming to develop guidelines designated to make sure we’re not only helping our customers manage their security posture with our products, but also helping to create a more secure MSP ecosystem. And that should be critical for all of us,” says Dave MacKinnon, chief security officer at N-able.
“What’s happened thus far with CISA/JCDC is a foundation for collaboration and growth across the industry,” MacKinnon adds.
Jason Manar, chief information security officer at Kaseya, has spent a career both with the FBI and in the private sector fighting cybercrime. He is passionate about the topic of RMM and a strong advocate of the work the JCDC is doing.
“The goal of our collaboration is to help secure and harden the RMM ecosystem,” Manar says. “We seek to do that in many different ways—from creating easier avenues to share previously classified or siloed information, to educating end-users and providing as close to real-time threat intel as possible.”
So what can MSPs do? To MacKinnon, Manar and Cruciana, the answer is both simple and broad: Band together as a team, share, communicate and form a cohesive front against threat actors worldwide. And this can be done both in and through the JCDC.
“If successful, the benefits of the collective efforts of CISA and the private sector will be evident to all through a more secure RMM ecosystem,” states Manar. “These efforts unite everyone under the same goal: to holistically bring the private and public sector together in securing our most critical assets.”
“When it comes to security, it cannot be ‘every company for themselves’—it’s ‘every company for ourselves,’” MacKinnon echoes. “Threat actors are running businesses that are globally connected, highly sophisticated and targeting MSPs. By teaming together, we create a strong force to be reckoned with. We are, simply put, better together.”
He concludes: “What’s happened thus far with CISA/JCDC is a foundation for collaboration and growth across the industry. While it’s too early to try to measure results, this is a critical first step.”
