Pierluigi Paganini
May 14, 2024
MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure.
The threat model provides a knowledge base of cyber threats to embedded devices. EMB3D serves as a valuable resource for various industries, including critical infrastructure, IoT, automotive, healthcare, and manufacturing, providing insights to vendors, asset owners/operators, test organizations, and security researchers to enhance the security of embedded devices.
Multiple partners have contributed to the design of the threat model, including Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas.
The framework can allow vendors, asset owners and operators to improve the security of embedded devices.
“The threat model is intended to be a resource to help vendors, asset owners/operators, test organizations, and security researchers to improve the overall security of embedded devices’ hardware and software. This threat model aims to serve as a central repository of information, defining known threats to embedded devices and their unique device features/properties that enable specific threat actions.” reads the announcement. “By mapping the threats to the associated device features/properties, the user can easily enumerate threat exposure based on the known device features.”
EMB3D was designed as a dynamic framework that will continuously evolve over time, including new threats and mitigations as they are identified by threat actors and security researchers.
It operates as a public community resource, allowing open access to all information and enabling contributions and revisions from the security community. This collaborative approach ensures that EMB3D™ remains up-to-date and comprehensive, serving as a valuable resource for enhancing the security of embedded devices.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Mitre)
