MITRE released EMB3D, a cybersecurity threat model for embedded devices.
The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them.
The model is the result of a collaborative effort by MITRE, Niyo Little Thunder Pearson, Red Balloon Security, and Narf Industries.
EMB3D model strengthened by peer reviews from infrastructure industries.
After the model garnered significant interest for peer review across diverse industries, numerous organizations piloted the threat model, offering invaluable feedback.
The EMB3D team appreciates the interest and feedback from vendors and integrators across many industries, including energy, water, manufacturing, aerospace, health, and automotive, as well as researchers and threat tool vendors.
This ongoing collaborative effort has been instrumental in refining and enhancing the model's content and usability.
Leveraging established models to strengthen embedded device security.
EMB3D aligns with and expands on several existing models, including Common Weakness Enumeration, MITRE ATT&CK, and Common Vulnerabilities and Exposures, but with a specific embedded-device focus.
The threats defined within EMB3D are based on observation of use by threat actors, proof-of-concept and theoretical/conceptual security research publications, and device vulnerability and weakness reports.
These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices.
For each threat, EMB3D suggests technical mechanisms that vendors should build into the device to mitigate the given threat.
EMB3D is a comprehensive framework for the entire security ecosystem-device vendors, asset owners, security researchers, and testing organizations.
An evolving framework for a dynamic threat landscape.
EMB3D is intended to be a living framework, where new threats and mitigations are added and updated as new threat actors emerge and security researchers discover new categories of vulnerabilities, threats, and security defenses.
EMB3D is a public, community resource where all information is openly available and the security community can submit additions and revisions.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 13 May 2024 14:13:06 +0000