Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

MITRE Adds Mitigations to EMB3D Threat Model

MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices.

MITRE EMB3D

MITRE on Tuesday announced the full release of the EMB3D Threat Model, which now includes essential mitigations mapped to security controls specified in the Industrial Automation and Control Systems standard.

Initially announced in December 2023 and officially released in May 2024, EMB3D is a framework offering information on the cyber threats targeting embedded devices used in critical infrastructure and other industries.

Aligned with threat models such as CWE, ATT&CK, and CVE, EMB3D aims to help asset owners and operators, vendors, and security researchers improve the security of embedded devices.

EMB3D’s full release, MITRE explains, includes detailed mitigation for each threat entry, along with details on the security mechanisms that can help minimize impact.

The mitigations are categorized into foundational, intermediate, and leading, to help vendors and original equipment managers identify challenges in deploying them and prioritize their security strategies.

Furthermore, each mitigation is mapped to the security controls specified in the ISA/IEC 62443-4-2 standard for Industrial Automation and Control Systems, so that organizations can identify the mitigations they need to implement to meet requirements.

Protecting embedded devices used to control core energy, transportation, and water systems is essential in securing critical infrastructure systems and preventing disruptions, safety hazards, and significant economic repercussions, MITRE argues.

“In today’s rapidly evolving landscape, understanding and mitigating risks to embedded devices is crucial. With the release of EMB3D’s mitigations, we are not only addressing an industry challenge but also empowering stakeholders to adopt a proactive approach to security,” MITRE vice president and director Yosry Barsoum said.

Advertisement. Scroll to continue reading.
Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks

Related: Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation

Related: CardinalOps Extends MITRE ATT&CK-based Detection Posture Management

Related: MITRE, CISA Announce 2021 List of Most Common Hardware Weaknesses

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.