MITRE on Tuesday announced the full release of the EMB3D Threat Model, which now includes essential mitigations mapped to security controls specified in the Industrial Automation and Control Systems standard.
Initially announced in December 2023 and officially released in May 2024, EMB3D is a framework offering information on the cyber threats targeting embedded devices used in critical infrastructure and other industries.
Aligned with threat models such as CWE, ATT&CK, and CVE, EMB3D aims to help asset owners and operators, vendors, and security researchers improve the security of embedded devices.
EMB3D’s full release, MITRE explains, includes detailed mitigation for each threat entry, along with details on the security mechanisms that can help minimize impact.
The mitigations are categorized into foundational, intermediate, and leading, to help vendors and original equipment managers identify challenges in deploying them and prioritize their security strategies.
Furthermore, each mitigation is mapped to the security controls specified in the ISA/IEC 62443-4-2 standard for Industrial Automation and Control Systems, so that organizations can identify the mitigations they need to implement to meet requirements.
Protecting embedded devices used to control core energy, transportation, and water systems is essential in securing critical infrastructure systems and preventing disruptions, safety hazards, and significant economic repercussions, MITRE argues.
“In today’s rapidly evolving landscape, understanding and mitigating risks to embedded devices is crucial. With the release of EMB3D’s mitigations, we are not only addressing an industry challenge but also empowering stakeholders to adopt a proactive approach to security,” MITRE vice president and director Yosry Barsoum said.
Advertisement. Scroll to continue reading.
Related: Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks
Related: Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation
Related: CardinalOps Extends MITRE ATT&CK-based Detection Posture Management
Related: MITRE, CISA Announce 2021 List of Most Common Hardware Weaknesses