CyberSecurityBoard
Sponsor Register Login

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

MITRE has teamed up with the cybersecurity community and the industrial sector to create EMB3D, a threat model specifically designed for embedded devices used in critical infrastructure.
Its goal is to provide a collaborative framework that enables organizations to have a common understanding of the threats targeting embedded devices and how those threats can be mitigated.
The new threat model - recommended for manufacturers, vendors, asset owners, testers and security researchers - expands on resources such as ATT&CK, CVE and CWE, with a focus on embedded devices.
It provides a knowledge base of threats, including ones seen in the wild and ones demonstrated through theoretic research and proofs of concept.
In order to help users create and tailor threat models to specific devices, threats are mapped to device properties.
The mitigations suggested by EMB3D are exclusively focused on technical mechanisms that can be implemented by device vendors.
The framework will be continuously updated by its maintainers and the cybersecurity community with new information on threat actors, vulnerabilities and defenses.
EMB3D is in a pre-release review period, with device vendors, asset owners, academics and researchers being encouraged to review the framework before its official launch, which is scheduled for early 2024.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 13 Dec 2023 16:13:18 +0000


Cyber News related to MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

MITRE EMB3D improves security for embedded devices - MITRE released EMB3D, a cybersecurity threat model for embedded devices. The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to ...
6 months ago Helpnetsecurity.com
MITRE Debuts ICS Threat Threat Modeling for Embedded Systems - MITRE, in collaboration with researchers from three other organizations, this week released a draft of a new threat-modeling framework for makers of embedded devices used in critical infrastructure environments. The goal with the new EMB3D Threat ...
11 months ago Darkreading.com
EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure - Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. These devices often lack proper security ...
11 months ago Helpnetsecurity.com
MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure - MITRE has teamed up with the cybersecurity community and the industrial sector to create EMB3D, a threat model specifically designed for embedded devices used in critical infrastructure. Its goal is to provide a collaborative framework that enables ...
11 months ago Securityweek.com
MITRE Launches Critical Infrastructure Threat Model Framework - The cyber threat to critical infrastructure is increasing, prompting cyber government agencies to issue more warnings and advisories for industrial businesses. Against this backdrop, MITRE has launched EMB3D, a new threat model framework for ...
11 months ago Infosecurity-magazine.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Embedded Linux IoT Security: Defending Against Cyber Threats - Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. As Embedded Linux is being used widely, it has attracted the attention ...
10 months ago Securityboulevard.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 month ago Cyberdefensemagazine.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
1 month ago Securelist.com
Best of 2023: Diamond Model of Intrusion Analysis: A Quick Guide - Any intrusion into a network calls for a thorough analysis to give security teams cyber intelligence about different threats and to help thwart similar future attacks. Effective incident analysis has long been held back by uncertainty and high false ...
10 months ago Securityboulevard.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
11 months ago Cyberdefensemagazine.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
11 months ago Feeds.fortinet.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
10 months ago Darkreading.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
9 months ago Microsoft.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
9 months ago Cisa.gov
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
10 months ago Feeds.dzone.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
5 months ago Cisa.gov
Protect AI Unveils Gateway to Secure AI Models - Protect AI today launched a Guardian gateway that enables organizations to enforce security policies to prevent malicious code from executing within an artificial intelligence model. Guardian is based on ModelScan, an open source tool from Protect AI ...
9 months ago Securityboulevard.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
9 months ago Techrepublic.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
9 months ago Techrepublic.com
How to detect poisoned data in machine learning datasets - Almost anyone can poison a machine learning dataset to alter its behavior and output substantially and permanently. With careful, proactive detection efforts, organizations could retain weeks, months or even years of work they would otherwise use to ...
9 months ago Venturebeat.com
Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity - The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. CISA is not responsible ...
11 months ago Darkreading.com
MITRE Links Recent Attack to China-Associated UNC5221 - MITRE recently provided further insight into the recent cyber intrusion, shedding light on the new malicious software employed and a timeline detailing the attacker's actions. In April 2024, MITRE announced a breach in one of its research and ...
6 months ago Cysecurity.news
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor's Activity - By analyzing tools, logs and artifacts left open to the internet, we were able to profile the threat actor and their victims. After analyzing the artifacts we can conclude with moderate confidence that the majority of the threat actor activity ...
11 months ago Thedfirreport.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
10 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)