Mitre has worked with Red Balloon Security and Narf Industries to develop a threat model designed to provide device manufacturers, asset owners, testing organizations and security researchers a knowledge base of cyberthreats to critical infrastructure embedded devices.
The EMB3D Threat Model is a framework that provides security mechanisms meant to help device vendors mitigate cyberthreats, Mitre said Wednesday.
“The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices. This will eliminate or reduce the need to ‘bolt on’ security after the fact, resulting in more secure infrastructure and reduced security costs,” said research sponsor Niyo Little Thunder Pearson of ONEGas.
EMB3D is expected to be unveiled in early 2024 and will serve as a public community resource that will allow asset owners, device makers and researchers to update and add new threats and mitigations.
Yosry Barsoum, vice president and director of the Center for Securing the Homeland at Mitre, called on asset owners, device vendors, academia and researchers to review and share their insights on the threat model and help strengthen the digital infrastructure’s resilience.