New threats, properties and countermeasures: MITRE EMB3D 2.0 helps manufacturers and operators systematically address device security.
What is EMB3D?
The EMB3D model links a device's typical properties with possible threat scenarios. This makes it possible to systematically analyze which security risks a device introduces because of its functions and interfaces. For each threat, appropriate countermeasures are described - from technical controls to design recommendations.
EMB3D is aimed at:
- Manufacturers, who want to perform systematic threat analyses or secure development processes.
- Operators, who want to make informed purchasing decisions or derive protective measures.
- Security researchers and testing bodies, who can rely on EMB3D as a structured analysis model.
What is new in version 2.0?
- New threats related to logging and data exfiltration
- New device properties, e.g., regarding the storage of log data
- New measures, such as securing systems through formal methods or protecting sensitive information in protocols
- Numerous clarifications, new references and updates to existing entries
Why is EMB3D relevant?
For companies that need to integrate security functions into their products or implement regulatory requirements such as CRA, RED or the Maschinenverordnung, EMB3D offers a practical and methodical foundation. By the structured mapping of properties, threats and countermeasures, device security can be assessed in a well-founded and transparent way.
Further information
- Overview of the project: https://emb3d.mitre.org
- Changelog for version 2.0: https://emb3d.mitre.org/changelog
- Blog article on combining EMB3D + STRIDE: https://medium.com/mitre-emb3d