MITRE Debuts ICS Threat Threat Modeling for Embedded Systems

MITRE, in collaboration with researchers from three other organizations, this week released a draft of a new threat-modeling framework for makers of embedded devices used in critical infrastructure environments.
The goal with the new EMB3D Threat Model is to give device makers a common understanding of vulnerabilities in their technologies that attacks are targeting - and the security mechanisms for addressing those weaknesses.
Embedded devices in ICS and OT environments present an attractive target for attackers because of their relative lack of proper security and inadequate testing for vulnerabilities.
Research that Nozomi Networks released earlier this year showed threat actors have ramped up attacks targeting these devices over the past year, especially in sectors such as food and agriculture, chemical, water treatment, and manufacturing.
Over the past year, there has also been a steady increase in advisories and guidance from the US Cybersecurity and Infrastructure Security Agency pertaining to threats to ICS and OT environments.
Just as ATT&CK gives defenders a common vocabulary for threat-actor tactics, techniques, and procedures, and CWE provides a standard way to categorize and describe hardware and software vulnerabilities, EMB3D provides a central knowledge base of threats to embedded devices.
Such information is critical because, at a high level, embedded devices have more hardware- and firmware-focused threats than typical IT threats.
They also have unique technologies, such as those for executing custom logic, like programmable logic controllers, Collins notes.
While embedded device vendors often perform threat modeling as a method to identify security mechanisms in a device, threats to devices are continually evolving as more attacks and vulnerability research surface, she says.
EMB3D provides a uniform mechanism for tracking and communicating threats and associated security mechanisms in an embedded device.
MITRE and the researchers from ONE Gas, Red Balloon Security, and Narf Industries who developed EMB3D identified threats to embedded systems by reviewing numerous sources, including ATT&CK techniques, research, proof-of-concept demonstration, and vulnerabilities discovered in embedded devices.
As with ATT&CK and CWE, the maintainers of EMB3D will keep adding new threats and mitigations to the knowledge base as they emerge.
Big Deal for Embedded Security Chris Grove, director of cybersecurity strategy at Nozomi Networks, says EMB3D could be another MITRE ATT&CK-like game-changer for embedded device security.
Grove perceives EMB3D as being a useful resource for small asset owners who might not always have the resources to tackle threats on their own.
EMB3D is like a roadmap that makes navigating cybersecurity a lot simpler.
Smaller companies, which might not have the luxury of custom-built security tooling, will find this particularly helpful, he predicts.
At the same time, larger companies could benefit as well because it could save them the hassle and expense of developing their own security metrics and measures.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 13 Dec 2023 20:50:07 +0000


Cyber News related to MITRE Debuts ICS Threat Threat Modeling for Embedded Systems

What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
1 year ago Feeds.dzone.com
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
1 year ago Securelist.com
MITRE Debuts ICS Threat Threat Modeling for Embedded Systems - MITRE, in collaboration with researchers from three other organizations, this week released a draft of a new threat-modeling framework for makers of embedded devices used in critical infrastructure environments. The goal with the new EMB3D Threat ...
1 year ago Darkreading.com
Why Threat Modeling Should Be Part of Every Security Program - Training is another critical success factor; security professionals need technical proficiency in threat modeling methodologies, while business stakeholders require enough understanding to participate meaningfully in the process. With patient ...
1 month ago Cybersecuritynews.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
2 years ago Securityweek.com
Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq - Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is ...
1 year ago Helpnetsecurity.com
Embedded Linux IoT Security: Defending Against Cyber Threats - Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. As Embedded Linux is being used widely, it has attracted the attention ...
1 year ago Securityboulevard.com
7 Critical ICS Flaws Unpatched as Critical Infrastructure Attacks Rise - As cyberattacks against critical infrastructure rise, there remains a number of unpatched vulnerabilities in Industrial Control Systems (ICS) that can be exploited. In a recent report from Cybersecurity Ventures, 100 percent of ICS nodes were ...
2 years ago Csoonline.com
STRIDE GPT - AI-powered Tool LLMs To Generate Threat Models - STRIDE GPT, an AI-powered threat modeling tool, leverages the capabilities of large language models (LLMs) to generate comprehensive threat models and attack trees for applications, ensuring a proactive approach to security. In conclusion, STRIDE GPT ...
1 month ago Cybersecuritynews.com Inception
MITRE Links Recent Attack to China-Associated UNC5221 - MITRE recently provided further insight into the recent cyber intrusion, shedding light on the new malicious software employed and a timeline detailing the attacker's actions. In April 2024, MITRE announced a breach in one of its research and ...
1 year ago Cysecurity.news
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky
How Do Industrial Control Systems Work - An industrial control system (ICS) is a type of computer system that is used to monitor and control industrial processes and infrastructure. These systems are used in a variety of industries, such as oil and gas, chemical, water and wastewater, ...
2 years ago Heimdalsecurity.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
MITRE EMB3D improves security for embedded devices - MITRE released EMB3D, a cybersecurity threat model for embedded devices. The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to ...
1 year ago Helpnetsecurity.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
1 month ago Cybersecuritynews.com
EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure - Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. These devices often lack proper security ...
1 year ago Helpnetsecurity.com
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
8 months ago Cisa.gov CVE-2024-41925 CVE-2024-45367
ICS Ransomware Danger Rages Despite Fewer Attacks - Despite takedowns of top ransomware groups, those remaining threat actors have continued to develop new tricks, while maintaining their ability to capitalize on zero-day vulnerabilities, helping them do more damage to industrial control systems with ...
1 year ago Darkreading.com LockBit BianLian Akira Ragnar Locker Black Basta
Franklin Electric Fueling Systems Colibri - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to obtain login credentials for other users. The discontinued FFS Colibri product allows a remote user to access files on the system including files containing ...
1 year ago Cisa.gov CVE-2023-5885
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
1 year ago Cybersecuritynews.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
New Research Proposed To Enhance MITRE ATT&CK In Dynamic Cybersecurity Environments - However, analysts (at National University of Singapore and NCS Cyber Special Ops R&D) noted that the proposed research seeks to address current limitations by introducing advanced capabilities such as real-time threat mapping, cross-domain ...
3 months ago Cybersecuritynews.com