Connect with us

Hi, what are you looking for?



MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

MITRE and partners unveil EMB3D, a new threat model designed for critical infrastructure embedded devices.


MITRE has teamed up with the cybersecurity community and the industrial sector to create EMB3D, a threat model specifically designed for embedded devices used in critical infrastructure.

EMB3D is the work of MITRE, Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas. 

Its goal is to provide a collaborative framework that enables organizations to have a common understanding of the threats targeting embedded devices and how those threats can be mitigated. 

The new threat model — recommended for manufacturers, vendors, asset owners, testers and security researchers — expands on resources such as ATT&CK, CVE and CWE, with a focus on embedded devices. It provides a knowledge base of threats, including ones seen in the wild and ones demonstrated through theoretic research and proofs of concept. 

In order to help users create and tailor threat models to specific devices, threats are mapped to device properties. The mitigations suggested by EMB3D are exclusively focused on technical mechanisms that can be implemented by device vendors. 

“The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices,” Pearson said. “This will eliminate or reduce the need to ‘bolt on’ security after the fact, resulting in more secure infrastructure and reduced security costs.” 

The framework will be continuously updated by its maintainers and the cybersecurity community with new information on threat actors, vulnerabilities and defenses. 

EMB3D is in a pre-release review period, with device vendors, asset owners, academics and researchers being encouraged to review the framework before its official launch, which is scheduled for early 2024. 

Advertisement. Scroll to continue reading.

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

Related: New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems

Related: Three Ways to Improve Defense Readiness Using MITRE D3FEND

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...