As reported by Dark Reading: Frameworks to aid device and industrial control system (ICS) manufacturers in modeling the threats that their products face continue to gain traction as research matures.
Non-profit government research organization MITRE, for example, announced its EMB3D framework for threat modeling in late 2023, outlining specific categories of threats. Late last year, MITRE added recommendations for companies to mitigate the threats. And already, device manufacturers are starting to use EMB3D to enhance their threat-modeling processes, researchers are using it to discuss findings in the same language, and cybersecurity vendors have started incorporating it into their products, says Marie Stanley Collins, senior principal with MITRE's Critical Infrastructure Initiative.
"Device manufacturers can use it during their device design as they perform threat-modeling activities, to ensure they're broadly considering known embedded device threats and are integrating mitigations that effectively protect against those threats," she says. "End users can use EMB3D to better inform acquisitions, so that vendors have to clearly define a product’s security threats and associated protections."