Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems.
However, these devices often lack proper security controls and are insufficiently tested for vulnerabilities. Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.
The EMB3D Threat Model, a collaborative effort by MITRE, Red Balloon Security, and Narf Industries, provides a common understanding of the threats posed to embedded devices and the security mechanisms required to mitigate them.
“Together, we are committed to enhancing the cyber posture of critical infrastructure sectors that rely on Operational Technology (OT) technologies. This collaboration exemplifies the power of collective expertise and underscores MITRE's dedication to advancing the resilience and security of vital systems in today's interconnected world.”
What is EMB3D
EMB3D aligns with and expands on several existing models, including Common Weakness Enumeration, MITRE ATT&CK, and Common Vulnerabilities and Exposures, but with a specific embedded device focus.
It provides a cultivated knowledge base of cyber threats to devices, including those observed in the field environment or demonstrated through proofs-of-concept and/or theoretic research. These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices.
For each threat, suggested mitigations are exclusively focused on technical mechanisms that device vendors should implement to protect against the given threat with the goal of building security into the device.
EMB3D is intended to offer a comprehensive framework for the entire security ecosystem—device vendors, manufacturers, asset owners, security researchers, and testing organisations.
“Utilities have been forced to extreme measures to secure our infrastructures because of concerns about ICS device insecurities,” says Niyo Pearson of ONEGas.
“The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices. This will eliminate or reduce the need to ‘bolt on’ security after the fact, resulting in more secure infrastructure and reduced security costs.”
EMB3D is intended to be a living framework, where new threats and mitigations are added and updated over time as new threat actors emerge and security researchers discover new categories of vulnerabilities, threats, and security defences.
Anticipated to be released in early 2024, EMB3D will be a public community resource, where all information is openly available, and the security community can submit additions and revisions.
“We encourage device vendors, asset owners, researchers, and academia to review the threat model and share feedback, ensuring our collective efforts remain at the forefront of safeguarding our interconnected world,” said Yosry Barsoum, vice president and director, Centre for Securing the Homeland at MITRE.
“Insights, expertise, and a collaborative spirit are invaluable as we work together to strengthen the resilience of our digital infrastructure. Together, we can build a safer and more secure future.”
