December 13, 2023 at 10:48AM
MITRE, in collaboration with the cybersecurity community and the industrial sector, has developed EMB3D, a threat model tailored for embedded devices in critical infrastructure. With a focus on mitigating threats, EMB3D provides a knowledge base and mappings to device properties while offering technical mitigations. It aims to enhance device security and reduce post-design security costs. Scheduled for launch in early 2024, EMB3D is currently in the pre-release review phase, encouraging feedback from relevant stakeholders.
The meeting notes outline the creation of EMB3D, a threat model developed by MITRE and other organizations for embedded devices used in critical infrastructure. EMB3D aims to provide a collaborative framework for organizations to understand and mitigate threats targeting embedded devices. It expands on resources such as ATT&CK, CVE, and CWE, focusing exclusively on embedded devices and providing a knowledge base of threats. The model maps threats to device properties and offers mitigations focused on technical mechanisms that can be implemented by device vendors. EMB3D is expected to be officially launched in early 2024, but is currently in a pre-release review period, with various stakeholders encouraged to review the framework.
Additionally, the notes mention that the framework will be continuously updated by its maintainers and the cybersecurity community and provide related articles on MITRE’s collaboration with other organizations in the cybersecurity space.