MITRE has teamed up with the cybersecurity community and the industrial sector to create EMB3D, a threat model specifically designed for embedded devices used in critical infrastructure.
EMB3D is the work of MITRE, Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas.
Its goal is to provide a collaborative framework that enables organizations to have a common understanding of the threats targeting embedded devices and how those threats can be mitigated.
The new threat model — recommended for manufacturers, vendors, asset owners, testers and security researchers — expands on resources such as ATT&CK, CVE and CWE, with a focus on embedded devices. It provides a knowledge base of threats, including ones seen in the wild and ones demonstrated through theoretic research and proofs of concept.
In order to help users create and tailor threat models to specific devices, threats are mapped to device properties. The mitigations suggested by EMB3D are exclusively focused on technical mechanisms that can be implemented by device vendors.
“The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices,” Pearson said. “This will eliminate or reduce the need to ‘bolt on’ security after the fact, resulting in more secure infrastructure and reduced security costs.”
The framework will be continuously updated by its maintainers and the cybersecurity community with new information on threat actors, vulnerabilities and defenses.
EMB3D is in a pre-release review period, with device vendors, asset owners, academics and researchers being encouraged to review the framework before its official launch, which is scheduled for early 2024.