MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

MITRE has teamed up with the cybersecurity community and the industrial sector to create EMB3D, a threat model specifically designed for embedded devices used in critical infrastructure.
Its goal is to provide a collaborative framework that enables organizations to have a common understanding of the threats targeting embedded devices and how those threats can be mitigated.
The new threat model - recommended for manufacturers, vendors, asset owners, testers and security researchers - expands on resources such as ATT&CK, CVE and CWE, with a focus on embedded devices.
It provides a knowledge base of threats, including ones seen in the wild and ones demonstrated through theoretic research and proofs of concept.
In order to help users create and tailor threat models to specific devices, threats are mapped to device properties.
The mitigations suggested by EMB3D are exclusively focused on technical mechanisms that can be implemented by device vendors.
The framework will be continuously updated by its maintainers and the cybersecurity community with new information on threat actors, vulnerabilities and defenses.
EMB3D is in a pre-release review period, with device vendors, asset owners, academics and researchers being encouraged to review the framework before its official launch, which is scheduled for early 2024.

This Cyber News was published on www.securityweek.com. Publication date: Wed, 13 Dec 2023 16:13:18 +0000

Cyber News related to MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

MITRE EMB3D improves security for embedded devices - MITRE released EMB3D, a cybersecurity threat model for embedded devices. The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to ...
1 year ago Helpnetsecurity.com

MITRE Debuts ICS Threat Threat Modeling for Embedded Systems - MITRE, in collaboration with researchers from three other organizations, this week released a draft of a new threat-modeling framework for makers of embedded devices used in critical infrastructure environments. The goal with the new EMB3D Threat ...
2 years ago Darkreading.com

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure - Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. These devices often lack proper security ...
2 years ago Helpnetsecurity.com

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure - MITRE has teamed up with the cybersecurity community and the industrial sector to create EMB3D, a threat model specifically designed for embedded devices used in critical infrastructure. Its goal is to provide a collaborative framework that enables ...
2 years ago Securityweek.com

MITRE Launches Critical Infrastructure Threat Model Framework - The cyber threat to critical infrastructure is increasing, prompting cyber government agencies to issue more warnings and advisories for industrial businesses. Against this backdrop, MITRE has launched EMB3D, a new threat model framework for ...
2 years ago Infosecurity-magazine.com

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
5 months ago Cybersecuritynews.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com

Embedded Linux IoT Security: Defending Against Cyber Threats - Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. As Embedded Linux is being used widely, it has attracted the attention ...
1 year ago Securityboulevard.com

Best of 2023: Diamond Model of Intrusion Analysis: A Quick Guide - Any intrusion into a network calls for a thorough analysis to give security teams cyber intelligence about different threats and to help thwart similar future attacks. Effective incident analysis has long been held back by uncertainty and high false ...
1 year ago Securityboulevard.com Axiom

How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
1 year ago Securelist.com

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 year ago Cyberdefensemagazine.com Akira

The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
2 years ago Cyberdefensemagazine.com

20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
8 months ago Cybersecuritynews.com

Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon

TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
2 years ago Feeds.fortinet.com CVE-2023-42793 APT29

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

MITRE Links Recent Attack to China-Associated UNC5221 - MITRE recently provided further insight into the recent cyber intrusion, shedding light on the new malicious software employed and a timeline detailing the attacker's actions. In April 2024, MITRE announced a breach in one of its research and ...
1 year ago Cysecurity.news

Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov

A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
1 year ago Cisa.gov

Protect AI Unveils Gateway to Secure AI Models - Protect AI today launched a Guardian gateway that enables organizations to enforce security policies to prevent malicious code from executing within an artificial intelligence model. Guardian is based on ModelScan, an open source tool from Protect AI ...
1 year ago Securityboulevard.com

What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
1 year ago Feeds.dzone.com

How to detect poisoned data in machine learning datasets - Almost anyone can poison a machine learning dataset to alter its behavior and output substantially and permanently. With careful, proactive detection efforts, organizations could retain weeks, months or even years of work they would otherwise use to ...
1 year ago Venturebeat.com

Using Passive DNS To Trace Command And Control Infrastructure - When a security team discovers a suspicious domain or IP address, passive DNS allows them to trace its historical connections and uncover the broader infrastructure used by the threat actor. Finally, security teams should combine passive DNS ...
8 months ago Cybersecuritynews.com Hunters

Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity - Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The framework applies rigorous ...
4 months ago Cybersecuritynews.com

CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
3 years ago