MITRE, the non-profit technology and R&D company, on Monday announced the public availability of its EMB3D threat model for embedded devices used in critical infrastructure and other industries.
EMB3D was developed by MITRE in collaboration with cybersecurity and industrial sector partners such as Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas.
Unveiled in December 2023, the framework provides a knowledge base of cyber threats to embedded devices used in the critical infrastructure, IoT, healthcare, automotive, and manufacturing sectors.
The resource is recommended for vendors, asset owners and operators, testing organizations and cybersecurity researchers.
Its goal is to help improve the security of embedded devices — both in terms of hardware and software — mapping threats to associated features and properties, and enabling users to easily enumerate threat exposure.
EMB3D aligns with and expands on existing models such as CWE, ATT&CK, and CVE, but with a focus on embedded devices.
The framework will be continuously updated with new information on threat actors, vulnerabilities, and defenses.
“Our framework’s strength lies in the collaborative efforts and rigorous review process across industries,” said Yosry Barsoum, vice president and director at the Center for Securing the Homeland at MITRE. “The diverse perspectives and invaluable insights shared have fortified our approach, ensuring a robust and effective solution to address the evolving challenges in embedded device security.”
Related: MITRE Hack: China-Linked Group Breached Systems in December 2023
Related: Japan’s Kishida Unveils a Framework for Global Regulation of Generative AI
Related: NIST Cybersecurity Framework 2.0 Officially Released