Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


IoT Security

MITRE EMB3D Threat Model Officially Released

MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure.


MITRE, the non-profit technology and R&D company, on Monday announced the public availability of its EMB3D threat model for embedded devices used in critical infrastructure and other industries.

EMB3D was developed by MITRE in collaboration with cybersecurity and industrial sector partners such as Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas.  

Unveiled in December 2023, the framework provides a knowledge base of cyber threats to embedded devices used in the critical infrastructure, IoT, healthcare, automotive, and manufacturing sectors. 

The resource is recommended for vendors, asset owners and operators, testing organizations and cybersecurity researchers.

Its goal is to help improve the security of embedded devices — both in terms of hardware and software — mapping threats to associated features and properties, and enabling users to easily enumerate threat exposure.

EMB3D aligns with and expands on existing models such as CWE, ATT&CK, and CVE, but with a focus on embedded devices.

The framework will be continuously updated with new information on threat actors, vulnerabilities, and defenses. 

“Our framework’s strength lies in the collaborative efforts and rigorous review process across industries,” said Yosry Barsoum, vice president and director at the Center for Securing the Homeland at MITRE. “The diverse perspectives and invaluable insights shared have fortified our approach, ensuring a robust and effective solution to address the evolving challenges in embedded device security.”

Advertisement. Scroll to continue reading.

Related: MITRE Hack: China-Linked Group Breached Systems in December 2023

Related: Japan’s Kishida Unveils a Framework for Global Regulation of Generative AI

Related: NIST Cybersecurity Framework 2.0 Officially Released

Related: Google Open Sources AI-Aided Fuzzing Framework

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights