The Embedded Systems Threat Matrix™

What’s New And on the Horizon

  • April 30, 2026 – ESTM is featured on Space and Cyber Security
  • April 16, 2026 – ESTM was discussed during Run Safe Security’s Exploited: The Cyber Truth podcast.
  • March 2026 – We presented ESTM and PIVOT at the ACI COI N-Factor meeting on 18 March 2026. We also presented ESTM at the ACI Cyber Rodeo in Huntsville, AL from March 31 – April 1, 2026
  • February 4, 2026 – We presented ESTM at the ACI Cyber Rodeo in Daytona Beach, FL.
  • January 2026 – MITRE officially announced the ESTM Cybersecurity Framework
  • October 1, 2025 – MITRE releases STIX 2.1 compliance for ESTM.™  This ESTM release offers a JSON-formatted STIX 2.1 representation of its 218 Techniques and 13 Tactics, with any deprecated Techniques clearly labeled to support easier filtering and ongoing maintenance. This format enables seamless integration with various tools and is fully compatible with the OpenCTI platform. To access the STIX 2.1 .json file, please visit our Threat Matrix page
  • September 2025 – MITRE releases ESTM

What is the Embedded Systems Threat Matrix?

The MITRE-developed Embedded Systems Threat Matrix (ESTM)™ provides a purpose-built framework to address embedded system vulnerabilities by offering a structured approach to analyzing and understanding potential adversarial behaviors targeting these systems. Inspired by the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, the ESTM categorizes adversarial tactics and techniques specific to embedded systems, enabling organizations to analyze threats, conduct realistic assessments, and develop comprehensive defense strategies. The ESTM has proven valuable in various applications, including cyber threat modeling and attack path analysis, and its alignment with established cybersecurity frameworks ensures seamless integration with existing security practices.  

The development of ESTM originated from a critical need to enhance cybersecurity for embedded systems across various sectors. In 2020, efforts to create a framework specifically tailored for vulnerability assessments of complex systems with embedded technologies highlighted a significant gap in existing resources, especially for avionics environments. While existing frameworks provided valuable insights, they lacked the nuanced understanding required to address the unique vulnerabilities inherent in embedded systems.

ESTM has undergone significant development since its initial iteration, which focused on capturing potential adversarial behaviors and techniques within embedded environments. Through extensive collaboration with mission partners, MITRE has matured the framework into its current form, ESTM 3.0. This iteration prioritizes three key areas of improvement. First, it emphasizes system-agnostic tactics and techniques, ensuring the framework’s applicability across diverse domains, including public, commercial, and specialized sectors. Second, ESTM 3.0 aligns its structure with Structured Threat Information Expression 2.1, promoting interoperability and enabling machine-readable threat intelligence. Finally, the framework focuses on developing and validating attack patterns specific to embedded systems, providing defenders with actionable insights to strengthen their security posture. 

Want to learn more about the development and application of ESTM?

Find more information here in the Embedded Systems Threat Matrix™.

Thinking about applying ESTM within a systems-of-systems environment?

You should check out Platform Independent Vectors of Techniques (PIVOT™).

How do I contribute more to ESTM?
If you want to contribute or explore its applications, please send all inquiries to estm@mitre.org.