MITRE Releases EMB3D Cybersecurity Threat Model for Embedded Devices

In collaboration with Red Balloon Security, Narf Industries, and Niyo Little Thunder Pearson, MITRE has unveiled EMB3D, a comprehensive threat model designed to address the growing cybersecurity risks faced by embedded devices in critical infrastructure sectors.

Embedded devices, widely employed across industries such as oil and gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems, often lack proper security controls and are insufficiently tested for vulnerabilities.

As sophisticated cyber adversaries increasingly target these devices, EMB3D aims to provide a common understanding of the threats posed and the necessary security mechanisms to mitigate them.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

A Collaborative Framework

EMB3D aligns with and expands upon existing models like Common Weakness Enumeration (CWE), MITRE ATT&CK®, and Common Vulnerabilities and Exposures (CVE), but with a specific focus on embedded devices.

The framework offers a cultivated knowledge base of cyber threats to embedded devices, including those observed in field environments, demonstrated through proofs-of-concept, or derived from theoretical research.

Workflow Summary

These threats are mapped to device properties, enabling users to develop and tailor accurate threat models for specific embedded devices.

For each identified threat, EMB3D suggests technical mechanisms that device vendors should implement to protect against it, promoting a secure-by-design approach.

EMB3D is intended to be a living framework, continuously updated with new threats, mitigations, and security defenses as they emerge.

Scheduled for public release in early 2024, EMB3D will be an open community resource, allowing the security community to contribute additions and revisions.

“We encourage device vendors, asset owners, researchers, and academia to review the threat model and share feedback, ensuring our collective efforts remain at the forefront of safeguarding our interconnected world,” said Yosry Barsoum, vice president and director of MITRE’s Center for Securing the Homeland.

EMB3D aims to improve the cyber posture of critical infrastructure sectors by fostering collaboration and leveraging collective expertise, thus building a safer and more secure digital future for those reliant on operational technology.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

1 day ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

1 day ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

1 day ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

1 day ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

3 days ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

3 days ago