MITRE on Tuesday announced the launch of Embedded Systems Threat Matrix (ESTM), a cybersecurity framework designed to help organizations protect critical embedded systems.
Inspired by the popular ATT&CK framework and derived from MITRE’s theoretical research and proof-of-concept models, the ESTM categorizes specific attack tactics and techniques tailored to hardware and firmware environments.
The model maps both established and emerging attack vectors to assist organizations in identifying vulnerabilities within embedded architectures.
MITRE says the framework can be used in industries such as energy, robotics, industrial controls, transportation, and healthcare.
“The ESTM has proven valuable in various applications, including cyber threat modeling and attack path analysis, and its alignment with established cybersecurity frameworks ensures seamless integration with existing security practices,” MITRE says on its website.
The non-profit R&D organization also points out that ESTM works with the EMB3D Threat Model.
MITRE is hoping that the cybersecurity community will contribute to the project.
The organization says ESTM has been significantly enhanced since its first iteration. The mature framework is called ESTM 3.0.
Related: MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
Related: MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations
Related: MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS
