MITRE releases EMB3D cybersecurity threat model for embedded devices to boost critical infrastructure security

After announcing the MITRE EMB3D threat model for critical infrastructure embedded devices last December, MITRE released its cybersecurity threat model for embedded devices on Monday. The model provides a cultivated knowledge base of cyber threats to embedded devices, offering a common understanding of the threats with the security mechanisms required to mitigate them. The collaborative framework aims to enhance the collective understanding and address cyber threats to critical infrastructure.

The EMB3D model is the result of a collaborative effort by MITRE, Niyo Little Thunder Pearson, Red Balloon Security, and Narf Industries. EMB3D is intended to be a living framework, where new threats and mitigations are added and updated as new threat actors emerge and security researchers discover new categories of vulnerabilities, threats, and security defenses. 

“Our framework’s strength lies in the collaborative efforts and rigorous review process across industries,” Yosry Barsoum, vice president and director at the Center for Securing the Homeland at MITRE, said in a media statement. “The diverse perspectives and invaluable insights shared have fortified our approach, ensuring a robust and effective solution to address the evolving challenges in embedded device security.”

EMB3D is a public, community resource where all information is openly available and the security community can submit additions and revisions. The framework aligns with and expands on several existing models, including Common Weakness Enumeration, MITRE ATT&CK, and Common Vulnerabilities and Exposures, but with a specific embedded-device focus. 

Furthermore, the threats defined within EMB3D are based on observation of use by threat actors, proof-of-concept and theoretical/conceptual security research publications, and device vulnerability and weakness reports. Additionally, these threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices. 

The threat model aims to serve as a central repository of information, defining known threats to embedded devices and their unique device features/properties that enable specific threat actions. By mapping the threats to the associated device features/properties, the user can enumerate threat exposure based on the known device features.

EMB3D suggests technical mechanisms vendors should build into devices to mitigate each given threat. EMB3D is a comprehensive framework for the entire security ecosystem, including device vendors, asset owners, security researchers, and testing organizations.

After the model garnered significant interest for peer review across diverse industries, numerous organizations piloted the threat model. The EMB3D team appreciates the interest and feedback from vendors and integrators across many industries, including energy, water, manufacturing, aerospace, health, and automotive, as well as researchers and threat tool vendors. This ongoing collaborative effort has been instrumental in refining and enhancing the model’s content and usability. The team looks forward to continued collaboration to strengthen the ability of the model to enable ‘secure by design.’

EMB3D threats identify how a threat actor can achieve a specific objective or effect on a system or device. Each threat description includes information about the technical features that are targeted by the threat; the actions that the threat actor must perform to cause the threat’s effect, including the impact or effect the threat will have on the device; and the vulnerabilities or weaknesses within that mechanism that enable the threat actions.

Device properties describe a device’s hardware and software components and capabilities of a device. These include physical hardware, network services and protocols, software, and firmware. Each category is further divided into sub-properties that are then mapped to a set of threats. By mapping properties, users can identify the threats associated with a given device property.

Mitigation strategies and techniques are described for each threat. These can be leveraged by device vendors to prevent and reduce the risk of a threat, and by end users to validate that devices are sufficiently protected against that threat. 

The mitigations define the mechanisms or technologies that protect against the threat while remaining flexible in how mitigations can be implemented within the device’s unique constraints.

The initial release of EMB3D includes the device properties and threats enumerations. The full set of mitigations will be available in the summer 2024 update.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.