May 14, 2024 at 06:54AM
MITRE publicly released its EMB3D threat model for embedded devices in critical infrastructure and other sectors. Developed in collaboration with industry partners, the framework aims to improve the security of these devices by mapping threats to their features and properties. It aligns with existing models and will be continuously updated with new information.
Meeting Notes Takeaways:
– MITRE has released the EMB3D threat model for embedded devices used in critical infrastructure and various industries in collaboration with partners such as Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas.
– The EMB3D framework was announced in December 2023 and targets cyber threats to embedded devices in sectors like IoT, healthcare, automotive, and manufacturing.
– This resource is recommended for vendors, asset owners, operators, testing organizations, and cybersecurity researchers to enhance the security of embedded devices, covering both hardware and software aspects.
– EMB3D aligns with existing models such as CWE, ATT&CK, and CVE, with a specific focus on embedded devices, and will be continuously updated with new threat information.
– Yosry Barsoum, vice president and director at the Center for Securing the Homeland at MITRE, emphasized the collaborative nature of the framework’s development and its effectiveness in addressing evolving challenges in embedded device security.
– Related news items include a MITRE hack, Japan’s generative AI regulation framework, the release of NIST Cybersecurity Framework 2.0, and Google’s open sourcing of an AI-aided fuzzing framework.