The MITRE Corporation has launched EMB3D, a new threat-modeling framework designed for embedded devices in critical infrastructure environments, reports The Hacker News.
Developed in collaboration with Niyo "Little Thunder" Pearson, Red Balloon Security, and Narf Industries, the framework aims to provide a comprehensive knowledge base of cyber threats to embedded devices and the security measures needed to mitigate them. Similar to MITRE’s ATT&CK framework, EMB3D will be updated continuously to address emerging threats and vulnerabilities, focusing specifically on embedded devices.
The program's goal is to give device vendors a unified view of vulnerabilities and corresponding security mechanisms, promoting a secure-by-design approach that reduces exploitable out-of-the-box flaws and ensures secure default configurations. This initiative responds to increasing attacks on operational technology and Internet of Things devices across various sectors such as food and agriculture, chemical, water treatment, manufacturing, and energy.
"The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices," said Pearson.
