A consortium in the US has developed a model of cybersecurity threats to embedded devices, providing a common understanding of these threats with the security mechanisms required for mitigation.
www.eenewseurope.com/, May. 15, 2024 –
The EMB3D cybersecurity threat model is a result of a collaborative effort by MITRE, Niyo Little Thunder Pearson, Red Balloon Security, and Narf Industries.
Numerous organizations have tested out the threat model, offering invaluable feedback across energy, water, manufacturing, aerospace, health, automotive, as well as researchers and threat tool vendors.
EMB3D aligns with and expands on several existing models, including Common Weakness Enumeration, MITRE ATT&CK and Common Vulnerabilities and Exposures, but with a specific embedded device focus. This is based on observation of use by threat actors, proof-of-concept and theoretical/conceptual security research publications, and device vulnerability and weakness reports.
The threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices. For each threat, suggested mitigations are provided for technical mechanisms that device vendors should implement to mitigate the given threat by building security into the device.