MITRE has released the EMB3D threat model for embedded devices.

Recently, the non-profit technology organization MITRE presented a threat model to the public.EMB3DThis model is focused on embedded devices used in critical infrastructure. It is designed to meet the needs of various sectors, such as automotive, healthcare, and manufacturing, playing a key role in ensuring the safety of these devices. EMB3D offers an extensive database compiled from information on cyber threats to embedded systems, making it an important tool for many industries, including critical infrastructure, the Internet of Things (IoT), and others. This model provides useful recommendations to manufacturers, resource owners, operators, and researchers in the field of security, allowing for improved protection of embedded electronics.

The creation of this model was the result of collaborative work among various partners, including companies such asRed Balloon SecurityandNarf Industriesand also Niyo 'Little Thunder' Person fromONE GasThe EMB3D structure provides manufacturers and operators with the ability to effectively enhance the security level of embedded devices.

"By mapping threats to the corresponding properties of devices, users can easily assess the level of vulnerability based on the known characteristics of the devices." EMB3D was developed as a dynamic structure that will continuously update and evolve, incorporating new threats and mitigation measures as they arise, from both attackers and security researchers. This initiative functions as a public resource, providing open access to all data and allowing community members to contribute their changes and additions.

This approach to collaboration ensures that EMB3D remains a relevant and comprehensive tool for enhancing the security of embedded devices.

Stay tuned for updates inTwitter@securityaffairs, as well as onFacebookandMastodonfrom Pierluigi Paganini (SecurityAffairs – cybersecurity, Mitre).