The MITER Corporation company has officially made available a new threat detection framework called EMB3D for manufacturers of embedded devices used in critical infrastructure environments.
How MITER Corporation’s new EMB3D tool works
“The model provides a cultivated knowledge base on cyber threats to embedded devices, offering a common understanding of such threats along with the security mechanisms needed to mitigate them“, the non-profit association said in a post announcing the publication of the tool.
However, the idea for EMB3D had already been in the pipeline for a while: in fact a preliminary version of the model anti threats for embedded devicesconceived in collaboration with Niyo ‘Little Thunder’ Pearson, Red Balloon Security and Narf Industries, was previously released on December 13, 2023.
EMB3D, like the framework ATT&CKalso produced by MITER, it is intended to be a “living framework,” with new mitigations added and updated over time as new cybercriminals emergevulnerabilities and attack vectors, but with a specific focus on embedded devices.
The ultimate goal of this curious instrument
The ultimate goal is to supply embedded device vendors a unified view of the different vulnerabilities in their technologies that are subject to attacks and security mechanisms to mitigate such shortcomings.
Similar to how ATT&CK offers a uniform mechanism for tracking and communicating threats, EMB3D aims to offer a centralized knowledge base on threats targeting embedded devices.
“The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and possible mitigations available earlier in the design cycle, resulting in the production of intrinsically safer devices“ said Pearson at the time, who later added: “This will eliminate or reduce the need to add security later, resulting in increased infrastructure security and reduced security costs.“
In short, this will ensure that you do not have to install third-party programs, so as not to burden Embedded devices, making them not only safer, because potential security flaws are limited, but also more efficient.
The reasons behind the release of this framework: not just cybersecurity
With the release of the framework, the idea is to embrace a safe by design approachin line with the US CISA directives, thus allows companies to release products with a reduced number of exploitable defects already in the base and with secure configurations enabled by default.
Research published last year by operational technology (OT) cybersecurity firm Nozomi Networks has revealed that various cyber criminals and hacker groups of various types they opportunistically targeted industrial environments by exploiting vulnerabilitiesmisusing credentials and engaging in phishing to gain initial access, DDoS attempts, and Trojan executions.
Cybercriminals are always lurking
According to the company, Attackers have particularly intensified attacks targeting discovered flaws in OT and IoT devices used in the food and agricultural, chemical, water treatment, manufacturing and energy sectors.
“EMB3D provides a cultivated knowledge base on cyber threats to devices, including those observed in the operational environment or demonstrated through proof of concept and/or theoretical research“, the non-profit company said.
“These threats are mapped to device properties to help users develop and adapt accurate threat models for specific embedded devices. For each threat, the suggested mitigations are exclusively focused on technical mechanisms that device vendors should implement to protect against the given threatswith the aim of integrating security into the device.”
A standard on embedded devices that was still missing
MITER Corporation has introduced a new framework called EMB3D just because There is no established standard for embedded device securitycontrary to what happens with more common devices.
This framework provides structured guidance for understanding and addressing cyber threats that can affect these devices, giving companies a point of reference to design and implement more effective security measures; its introduction aims to fill this gap and promote greater awareness and preparedness in the critical infrastructure sector.
#EMB3D #MITER #launches #antimalware #framework
