-

MITRE Releases EMB3D™ – A Cybersecurity Threat Model for Embedded Devices

Collaborative framework provides common understanding to mitigate cyber threats to critical infrastructure

MCLEAN, Va. & BEDFORD, Mass.--(BUSINESS WIRE)--The EMB3D Threat Model is now publicly available at https://emb3d.mitre.org. The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them. The model is the result of a collaborative effort by MITRE, Niyo Little Thunder Pearson, Red Balloon Security, and Narf Industries.

EMB3D model strengthened by peer reviews from infrastructure industries

After the model garnered significant interest for peer review across diverse industries, numerous organizations piloted the threat model, offering invaluable feedback. The EMB3D team appreciates the interest and feedback from vendors and integrators across many industries, including energy, water, manufacturing, aerospace, health, and automotive, as well as researchers and threat tool vendors. This ongoing collaborative effort has been instrumental in refining and enhancing the model’s content and usability. The team looks forward to continued collaboration to strengthen the ability of the model to enable “secure by design.”

“Our framework’s strength lies in the collaborative efforts and rigorous review process across industries,” said Yosry Barsoum, vice president and director, Center for Securing the Homeland at MITRE. “The diverse perspectives and invaluable insights shared have fortified our approach, ensuring a robust and effective solution to address the evolving challenges in embedded device security.”

Leveraging established models to strengthen embedded device security

EMB3D aligns with and expands on several existing models, including Common Weakness Enumeration, MITRE ATT&CK®, and Common Vulnerabilities and Exposures, but with a specific embedded-device focus. The threats defined within EMB3D are based on observation of use by threat actors, proof-of-concept and theoretical/conceptual security research publications, and device vulnerability and weakness reports. These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices. For each threat, EMB3D suggests technical mechanisms that vendors should build into the device to mitigate the given threat. EMB3D is a comprehensive framework for the entire security ecosystem—device vendors, asset owners, security researchers, and testing organizations.

An evolving framework for a dynamic threat landscape

EMB3D is intended to be a living framework, where new threats and mitigations are added and updated as new threat actors emerge and security researchers discover new categories of vulnerabilities, threats, and security defenses. EMB3D is a public, community resource where all information is openly available and the security community can submit additions and revisions.

For more information, visit https://emb3d.mitre.org.

About MITRE

MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. Learn more at mitre.org.

Contacts

Sarah Lytle, media@mitre.org

MITRE


Release Versions

Contacts

Sarah Lytle, media@mitre.org

Social Media Profiles
More News From MITRE

MITRE Survey Highlights Persistent Challenges and Emerging Opportunities in Defense Acquisition

MCLEAN, Va. & BEDFORD, Mass.--(BUSINESS WIRE)--A survey commissioned by MITRE revealed significant hurdles that remain in the U.S. Department of Defense (DoD) acquisition process, particularly for nontraditional contractors and small- and medium-sized businesses in the aerospace and defense industry. Of the defense acquisition professionals surveyed, 57% identified the inflexibility and complexity of acquisition processes as the most significant challenge to participation. Other critical barrie...

10th Annual MITRE eCTF Competition Cultivates Future Cybersecurity Leaders

MCLEAN, Va. & BEDFORD, Mass.--(BUSINESS WIRE)--At an award celebration at Tufts University, MITRE honored the winners, participants, and sponsors of its 2025 Embedded Capture the Flag (eCTF) Competition, a semester-long program for cultivating the next generation of cybersecurity professionals. Celebrating its 10th anniversary, the MITRE eCTF had more than 1,200 students participate on 139 teams, representing 123 schools from 17 countries. Through collaboration amongst academia, industry, and g...

MITRE’s Breaking Barriers Summit to Craft Roadmap for a Transformative Defense Acquisition Ecosystem

MCLEAN, Va. & BEDFORD, Mass.--(BUSINESS WIRE)--MITRE has announced the agenda and speakers for Breaking Barriers in Defense Acquisition, a two-day summit for senior defense officials, industry innovators, policymakers, and private capital funders who are shaping the future of defense acquisition. In partnership with the Silverado Policy Accelerator, the summit will take place May 7 and 8, 2025, at MITRE’s campus in McLean, Virginia, with hybrid attendance available for day 1 of the conference....
Back to Newsroom