MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices

Avatar
The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. “The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them,” the non-profit said

The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments.

“The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them,” the non-profit said in a post announcing the move.

A draft version of the model, which has been conceived in collaboration with Niyo ‘Little Thunder’ Pearson, Red Balloon Security, and Narf Industries, was previously released on December 13, 2023.

EMB3D, like the ATT&CK framework, is expected to be a “living framework,” with new and mitigations added and updated over time as new actors, vulnerabilities, and attack vectors emerge, but with a specific focus on embedded devices.

The ultimate goal is to provide device vendors with a unified picture of different vulnerabilities in their technologies that are prone to attacks and the security mechanisms for mitigating those shortcomings.

Analogous to how ATT&CK offers a uniform mechanism for tracking and communicating threats, EMB3D aims to offer a central knowledge base of threats targeting embedded devices.

“The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices,” Pearson noted at the time.

“This will eliminate or reduce the need to ‘bolt on’ security after the fact, resulting in more secure infrastructure and reduced security costs.”

In releasing the framework, the idea is to embrace a secure-by-design approach, thereby allowing companies to release products that have a reduced number of exploitable flaws out of the box and have secure configurations enabled by default.

Research that operational technology (OT) cybersecurity company Nozomi Networks released last year revealed that threat actors have opportunistically targeted industrial environments by exploiting vulnerabilities, abusing credentials, and phishing for initial access, DDoS attempts, and trojan execution.

Adversaries, the company said, have particularly ramped up attacks targeting flaws discovered in OT and IoT devices used across food and agriculture, chemical, water treatment, manufacturing, and energy sectors.

“EMB3D provides a cultivated knowledge base of cyber threats to devices, including those observed in the field environment or demonstrated through proofs-of-concept and/or theoretic research,” the non-profit said.

“These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices. For each threat, suggested mitigations are exclusively focused on technical mechanisms that device vendors should implement to protect against the given threat, with the goal of building security into the device.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield

Next Post

Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices

Related Posts

PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app’s icon from the home screen of the victim’s device, IBM said in a technical report published today. “Thanks to this new technique, during PixPirate reconnaissance
Avatar
Read More

Code Keepers: Mastering Non-Human Identity Management

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard
Avatar
Read More