In collaboration with Red Balloon Security, Narf Industries, and Niyo Little Thunder Pearson, MITRE has unveiled EMB3D, a comprehensive threat model designed to address the growing cybersecurity risks faced by embedded devices in critical infrastructure sectors.
Embedded devices, widely employed across industries such as oil and gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems, often lack proper security controls and are insufficiently tested for vulnerabilities.
As sophisticated cyber adversaries increasingly target these devices, EMB3D aims to provide a common understanding of the threats posed and the necessary security mechanisms to mitigate them.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
A Collaborative Framework
EMB3D aligns with and expands upon existing models like Common Weakness Enumeration (CWE), MITRE ATT&CK®, and Common Vulnerabilities and Exposures (CVE), but with a specific focus on embedded devices.
The framework offers a cultivated knowledge base of cyber threats to embedded devices, including those observed in field environments, demonstrated through proofs-of-concept, or derived from theoretical research.
These threats are mapped to device properties, enabling users to develop and tailor accurate threat models for specific embedded devices.
For each identified threat, EMB3D suggests technical mechanisms that device vendors should implement to protect against it, promoting a secure-by-design approach.
EMB3D is intended to be a living framework, continuously updated with new threats, mitigations, and security defenses as they emerge.
Scheduled for public release in early 2024, EMB3D will be an open community resource, allowing the security community to contribute additions and revisions.
“We encourage device vendors, asset owners, researchers, and academia to review the threat model and share feedback, ensuring our collective efforts remain at the forefront of safeguarding our interconnected world,” said Yosry Barsoum, vice president and director of MITRE’s Center for Securing the Homeland.
EMB3D aims to improve the cyber posture of critical infrastructure sectors by fostering collaboration and leveraging collective expertise, thus building a safer and more secure digital future for those reliant on operational technology.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free