MITRE [1] [2] [3] [4], in collaboration with Niyo Little Thunder Pearson [2], Red Balloon Security [1] [2] [3] [4], and Narf Industries [1] [2] [3] [4], has launched EMB3D [1] [3], a new threat model framework [1] [3] [4]. EMB3D is specifically designed to protect operational technology (OT) and industrial control systems (ICS) by providing a comprehensive knowledge base of cyber threats specific to embedded devices used in critical infrastructure environments.


EMB3D allows users to map cyber threats with vulnerabilities and flaws using systems such as Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures (CVE) [2], and MITRE’s own TTPs mapping framework [3], ATT&CK [2] [3]. It aligns with existing models but focuses specifically on embedded devices. EMB3D is intended for use by device vendors, manufacturers [1] [2], asset owners [1] [2] [4], security researchers [1] [2] [4], and testing organizations [1] [2]. It offers a repository of known threats [4], vulnerable device properties [4], and necessary mitigations [4]. EMB3D was developed in collaboration with researchers from ONE Gas and will be continuously updated with new threats and mitigations [4]. It is a public community resource for contributions and revisions and will be publicly available in early 2024.


EMB3D has the potential to significantly enhance the protection of critical infrastructure environments by providing a comprehensive framework for identifying and mitigating cyber threats specific to embedded devices. Its collaboration with researchers from ONE Gas ensures that it is continuously updated with the latest threats and mitigations. EMB3D’s public availability in early 2024 will allow for widespread use and contributions from the cybersecurity community, further strengthening its effectiveness in safeguarding OT and ICS systems.