EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure

Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested for vulnerabilities.

Cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.

The EMB3D Threat Model, a collaborative effort by MITRE, Niyo Little Thunder Pearson (ONEGas), Red Balloon Security, and Narf Industries, provides a common understanding of the threats posed to embedded devices and the security mechanisms required to mitigate them.

EMB3D aligns with and expands on several existing models, including Common Weakness Enumeration, MITRE ATT&CK, and Common Vulnerabilities and Exposures, but with a specific embedded device focus. EMB3D provides a cultivated knowledge base of cyber threats to devices, including those observed in the field environment or demonstrated through proofs-of-concept and/or theoretic research.

These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices. For each threat, suggested mitigations are exclusively focused on technical mechanisms that device vendors should implement to protect against the given threat with the goal of building security into the device. EMB3D is intended to offer a comprehensive framework for the entire security ecosystem—device vendors, manufacturers, asset owners, security researchers, and testing organizations.

“The EMB3D framework stands as a perfect example of MITRE’s role as both an innovator and a connector, working hand-in-hand with industry leaders to develop cutting-edge tools,” said Beth Meinert, SVP, GM, MITRE Public Sector.

“Together, we are committed to enhancing the cyber posture of critical infrastructure sectors that rely on Operational Technology (OT) technologies. This collaboration exemplifies the power of collective expertise and underscores MITRE’s dedication to advancing the resilience and security of vital systems in today’s interconnected world,” Meinert added.

“Utilities like mine have been forced to extreme measures to secure our infrastructures because of concerns about ICS device insecurities,” says Niyo Little Thunder Pearson, ONEGas, and sponsor of the research. “The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices. This will eliminate or reduce the need to ‘bolt on’ security after the fact, resulting in more secure infrastructure and reduced security costs.”

EMB3D is intended to be a living framework, where new threats and mitigations are added and updated over time as new threat actors emerge and security researchers discover new categories of vulnerabilities, threats, and security defenses. Anticipated to be released in early 2024, EMB3D will be a public community resource, where all information is openly available, and the security community can submit additions and revisions.

“We encourage device vendors, asset owners, researchers, and academia to review the threat model and share feedback, ensuring our collective efforts remain at the forefront of safeguarding our interconnected world,” said Yosry Barsoum, VP and director, Center for Securing the Homeland at MITRE.

“Insights, expertise, and a collaborative spirit are invaluable as we work together to strengthen the resilience of our digital infrastructure. Together, we can build a safer and more secure future,” Barsoum concluded