On January 20, MITRE announced that it has introduced the Embedded Systems Threat Matrix (ESTM), a cybersecurity framework to protect the embedded systems that power our nation’s critical infrastructure and defense technologies. Developed in collaboration with the Air Force’s Cyber Resiliency Office for Weapon Systems (CROWS), ESTM helps organizations understand and defend against cyber threats targeting these vital systems.
ESTM reflects MITRE’s mission-first approach as a not-for-profit organization serving the public interest. The framework provides practical tools for researchers, vendors, and security professionals to identify vulnerabilities and build stronger embedded systems. ESTM can be used across many sectors, including transportation, energy, healthcare, industrial controls, and robotics.
“Embedded systems are the foundation of our critical infrastructure and defense capabilities, but they face complex and growing cyber risks,” said Keoki Jackson, senior vice president, MITRE National Security. “ESTM fills a key gap by giving defenders clear, actionable information to identify and stop cyber threats against these essential systems.”
ESTM builds on MITRE’s history of delivering objective, independent solutions to government and industry. Inspired by the MITRE ATT&CK framework and based on MITRE’s proof-of-concept and theoretical research, ESTM organizes tactics and techniques specific to embedded systems, making it easy to add to existing security programs. It also covers emerging threats and weaknesses, helping organizations prepare for future risks. ESTM works with the MITRE EMB3D Threat Model to offer a complete resource for secure system design.
Source: MITRE
Start 2026 ahead of the competition with a paid subscription to IC News. You’ll get full access to our searchable archive of 15,000+ articles, plus new articles each weekday.
By 
