MITRE has introduced EMB3D, a new threat model framework aimed at securing operational technology (OT) and industrial control systems (ICS) against increasing cyber threats to critical infrastructure. EMB3D serves as a knowledge base for cyber threats targeting embedded devices in industrial environments. It allows users to map these threats with vulnerabilities and flaws using systems like Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE), along with MITRE’s own TTPs mapping framework, ATT&CK.
The framework provides suggested mitigations, focusing on technical mechanisms that device vendors can implement to protect against specific threats. It is intended for use by the entire security ecosystem, including device vendors, manufacturers, asset owners, security researchers, and testing organizations. EMB3D is currently in a pre-release review period and is expected to be publicly available in early 2024. The framework will be continually updated with new threats and mitigations as threat actors evolve and security researchers discover new vulnerabilities, threats, and defense categories.
Yosry Barsoum, VP and director of the Center for Securing the Homeland at MITRE, encourages stakeholders to review the threat model and provide feedback to ensure collective efforts remain at the forefront of safeguarding interconnected systems. MITRE collaborated with security provider Red Balloon Security and Narf Industries, a group of security researchers, in developing EMB3D. Niyo Pearson, team lead for cybersecurity at ONE Gas, notes that EMB3D will help ICS device manufacturers understand the evolving threat landscape earlier in the design cycle, resulting in more inherently secure devices and reduced security costs.