{"id":27181,"date":"2026-02-03T09:27:22","date_gmt":"2026-02-03T03:57:22","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-in\/?p=27181"},"modified":"2026-02-03T09:45:14","modified_gmt":"2026-02-03T04:15:14","slug":"securing-embedded-systems-in-indias-critical-infrastructure-with-estm-3-0","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/securing-embedded-systems-in-indias-critical-infrastructure-with-estm-3-0\/","title":{"rendered":"Securing Embedded Systems in India\u2019s Critical Infrastructure with ESTM 3.0"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"27181\" class=\"elementor elementor-27181\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c7ba113 e-flex e-con-boxed e-con e-parent\" data-id=\"c7ba113\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-95eb674 elementor-widget elementor-widget-heading\" data-id=\"95eb674\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h2 class=\"elementor-heading-title elementor-size-default\">Embedded Systems Pose A Different Kind Of Threat<span style=\"font-size: 2.5rem; font-style: inherit;\"><\/span><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ca9c2cd elementor-widget elementor-widget-text-editor\" data-id=\"ca9c2cd\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><span style=\"color: #000000;\">Last year, India had to deal with heightened geopolitical tensions that made it the target of several adversarial nation-state hacker groups. Massive volumes of attacks were directed at our critical infrastructure in the aftermath of <a href=\"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/control-maturity-the-best-defence-against-apt36\/\">Operation Sindoor<\/a>, and the spillover has continued in 2026.\u00a0<\/span><\/p><p><span style=\"color: #000000;\">Industries like defense, power, healthcare and transportation are becoming increasingly preferred targets for these groups because of the potential to severely destabilize the country, should their attempts be successful. What these types of industries also have in common is a mix of traditional IT and embedded systems in their IT infrastructure.\u00a0<\/span><\/p><p><span style=\"color: #000000;\">Embedded systems are hardware-firmware compute components that directly sense, control, automate or protect cyber-physical processes. If compromised, breaches could have direct physical consequences, whether its:<\/span><\/p><ul><li><span style=\"color: #000000;\">Adversarial control of defense weapons systems\u00a0<\/span><\/li><li><span style=\"color: #000000;\">Blocking of telecom networks by taking over firmware in towers<\/span><\/li><li><span style=\"color: #000000;\">Electrical shutdowns through breaches in power plant machine controllers\u00a0<\/span><\/li><\/ul><p><span style=\"color: #000000;\">Embedded systems face different kinds of threats when compared to traditional IT systems &#8211; yet, for the longest time, there wasn\u2019t an effective cybersecurity framework to help enterprises combat them. Efforts to create one in 2020 highlighted a significant gap in existing resources, with earlier frameworks lacking the nuanced understanding required to address the unique vulnerabilities inherent in these systems. A framework needed to be introduced for today\u2019s embedded devices that:<\/span><\/p><ul><li><span style=\"color: #000000;\">Connect to enterprise networks<\/span><\/li><li><span style=\"color: #000000;\">Handle sensitive data<\/span><\/li><li><span style=\"color: #000000;\">Control physical processes<\/span><\/li><li><span style=\"color: #000000;\">Cannot be easily replaced or patched<\/span><\/li><\/ul><p><span style=\"color: #000000;\">That was accomplished earlier this year, when MITRE &#8211; an organization famed for their ATT&amp;CK and D3FEND frameworks &#8211; introduced the Embedded Systems Threat Matrix (ESTM) 3.0 in association with the US Air Force\u2019s Cyber Resilience Office For Weapons Systems (CROWS). While the framework was designed to protect embedded systems that underpin defense technology in the US, its principles very much extended to India and so many of its critical infrastructure sectors.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-744fca0 e-flex e-con-boxed e-con e-parent\" data-id=\"744fca0\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-21c9bbb e-flex e-con-boxed e-con e-child\" data-id=\"21c9bbb\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cdd8a13 elementor-widget elementor-widget-heading\" data-id=\"cdd8a13\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">What\u2019s New In ESTM 3.0?<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-76a143c e-flex e-con-boxed e-con e-parent\" data-id=\"76a143c\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2c4a55c elementor-widget elementor-widget-text-editor\" data-id=\"2c4a55c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000; font-style: inherit; font-weight: inherit;\">While the first two versions of ESTM were more iterative in nature, 3.0 is more of a formal framework that prioritizes 3 key areas of improvement:<\/span><\/p><ol><li><span style=\"color: #000000;\">It emphasizes system-agnostic tactics and techniques that ensure the framework\u2019s applicability across diverse domains, making it highly relevant for various Indian critical infrastructure sectors.<\/span><\/li><li><span style=\"color: #000000;\">Its structure is aligned with Structured Threat Information Expression 2.1 &#8211; an integration that promotes interoperability and enables machine-readable threat intelligence.<\/span><\/li><li><span style=\"color: #000000;\">Finally, it focuses on developing and validating attack patterns specific to embedded systems, providing cybersecurity teams with actionable insights to strengthen their security posture.<\/span><\/li><\/ol><p><span style=\"color: #000000;\">ESTM 3.0 uses <a href=\"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/leveraging-the-mitre-attck-framework-for-enterprise-wide-cybersecurity-posture-management\/\">MITRE ATT&amp;CK <\/a>as a starting point to map specific tactics &amp; techniques, yet it\u2019s important to acknowledge that both frameworks are for vastly different systems:<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ce4c97d elementor-widget elementor-widget-image\" data-id=\"ce4c97d\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"566\" src=\"https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE-1024x566.png\" class=\"attachment-large size-large wp-image-27184\" alt=\"\" srcset=\"https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE-1024x566.png 1024w, https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE-300x166.png 300w, https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE-768x425.png 768w, https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE-24x13.png 24w, https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE-36x20.png 36w, https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE-48x27.png 48w, https:\/\/ivaluegroup.com\/en-in\/wp-content\/uploads\/sites\/2\/2026\/02\/ESTM-vs-MITRE.png 1297w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6437d9 elementor-widget elementor-widget-text-editor\" data-id=\"a6437d9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">While ATT&amp;CK applies to traditional IT that lives in clean software boundaries, ESTM 3.0 focuses more on securing real devices (IoT, industrial controllers, vehicles, medical equipment) where hardware, firmware and physical access are essential parts of daily environments.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ada053a e-flex e-con-boxed e-con e-parent\" data-id=\"ada053a\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-fc22d17 e-flex e-con-boxed e-con e-child\" data-id=\"fc22d17\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-76d09fa elementor-widget elementor-widget-heading\" data-id=\"76d09fa\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Combining Specific Techniques With Superior Threat Modeling<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-057c10a e-flex e-con-boxed e-con e-parent\" data-id=\"057c10a\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f61c17c elementor-widget elementor-widget-text-editor\" data-id=\"f61c17c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">ESTM 3.0 is derived from the robust structure of MITRE ATT&amp;CK yet tailored to the unique characteristics of embedded environments. These are some of the categories when it comes to attacker tactics:<\/span><\/p><p>\u00a0<\/p><div dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"left\"><table style=\"border: none; border-collapse: collapse;\"><colgroup><col width=\"312\" \/><col width=\"312\" \/><\/colgroup><tbody><tr style=\"height: 0pt;\"><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Reconnaissance\u00a0<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they actively or passively gather information that can be used to support targeting a specific embedded system or component.<\/span><\/p><\/td><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Initial Access<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to gain access into embedded systems or components.<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Execution<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they try to run malicious code.<\/span><\/p><\/td><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Persistence<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they try to maintain a foothold on these systems.<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Privilege Escalation<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they try to gain higher level permissions.<\/span><\/p><\/td><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Defense Evasion<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to avoid being detected.<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Credential Access<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to steal credentials.<\/span><\/p><\/td><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Discovery<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they try to map out environments of embedded systems and components.<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Lateral Movement\u00a0<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to move through environments using these components.<\/span><\/p><\/td><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Collection<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to gather data of interest for these systems.<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">C&amp;C<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to command and control a compromised system.<\/span><\/p><\/td><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Exfiltration<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to steal data through these embedded systems.<\/span><\/p><\/td><\/tr><tr style=\"height: 21pt;\"><td style=\"vertical-align: top; padding: 5pt 5pt 5pt 5pt; overflow: hidden; overflow-wrap: break-word; border: solid #000000 1pt;\" colspan=\"2\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Impact<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">When they are trying to manipulate, intercept or destroy your systems and data.<\/span><\/p><\/td><\/tr><\/tbody><\/table><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-444a599 e-flex e-con-boxed e-con e-parent\" data-id=\"444a599\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f165033 elementor-widget elementor-widget-text-editor\" data-id=\"f165033\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">This forms the basis for teams to undertake superior embedded attack path analysis. In particular, ESTM 3.0 is highly effective in combining these tactics and simulating multi-stage attacks like the following:<\/span><\/p><p style=\"text-align: center;\"><strong><span style=\"color: #000000;\">Physical Access\u00a0 <img decoding=\"async\" class=\"emoji\" role=\"img\" draggable=\"false\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/25b6.svg\" alt=\"\u25b6\ufe0f\" \/>Firmware Extraction\u00a0 <img decoding=\"async\" class=\"emoji\" role=\"img\" draggable=\"false\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/25b6.svg\" alt=\"\u25b6\ufe0f\" \/>Modified Image <img decoding=\"async\" class=\"emoji\" role=\"img\" draggable=\"false\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/25b6.svg\" alt=\"\u25b6\ufe0f\" \/> Persistent Control<\/span><\/strong><\/p><div><span style=\"color: #000000;\">Additionally, ESTM 3.0 combines these attacker techniques with threat modeling from another MITRE model called EMB3D &#8211; a framework with a knowledge base of device properties and mitigations intended to help system developers, asset operators and researchers improve security of embedded hardware and software. This integration allows for development teams to use learnings from attacker tactics &amp; techniques as a basis for creating shift-left, secure-by-design embedded systems.<\/span><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-4a52d0e e-flex e-con-boxed e-con e-parent\" data-id=\"4a52d0e\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-7934a6b e-flex e-con-boxed e-con e-child\" data-id=\"7934a6b\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-73595b6 elementor-widget elementor-widget-heading\" data-id=\"73595b6\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">A Powerful Tool Against Emerging Embedded Systems Threats<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-959cefa e-flex e-con-boxed e-con e-parent\" data-id=\"959cefa\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2575dc6 elementor-widget elementor-widget-text-editor\" data-id=\"2575dc6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">With ESTM 3.0 now available for enterprises to integrate, teams can now model different kinds of advanced threats for both hardware and firmware components in embedded environments:<\/span><\/p><div><div dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"left\"><table style=\"border-collapse: collapse; table-layout: fixed; width: 468pt; border: initial none initial;\"><colgroup><col \/><col \/><\/colgroup><tbody><tr style=\"height: 21pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\" colspan=\"2\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">ESTM 3.0 Helps You Stay Prepared For Emerging<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Hardware-Based Attacks<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 13pt; font-family: Arial, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Firmware-Based Attacks<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><ul><li><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Abuse of debug interfaces (JTAG, SWD, UART)<\/span><\/li><li><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Fault injection using voltage or clock manipulation<\/span><\/li><li><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Side-channel attacks\u00a0<\/span><\/li><li><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Hardware tampering during manufacturing or repair<\/span><\/li><\/ul><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><ul><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Extracting firmware from flash<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Bypassing or weakening secure boot<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Installing malicious or downgraded firmware<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Achieving below-OS persistence<\/span><\/li><\/ul><\/td><\/tr><\/tbody><\/table><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a00fe00 e-flex e-con-boxed e-con e-parent\" data-id=\"a00fe00\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-70b9c06 e-flex e-con-boxed e-con e-child\" data-id=\"70b9c06\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-29a682c elementor-widget elementor-widget-heading\" data-id=\"29a682c\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">ESTM 3.0-Fortified Security Stacks By iValue<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e68cf80 e-flex e-con-boxed e-con e-parent\" data-id=\"e68cf80\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3cb9a61 elementor-widget elementor-widget-text-editor\" data-id=\"3cb9a61\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">ESTM lays out a framework that helps secure vital embedded systems in areas like:<\/span><\/p><ul><li><span style=\"color: #000000;\">Transportation (air, space, maritime, autonomous, military)<\/span><\/li><li><span style=\"color: #000000;\">Energy<\/span><\/li><li><span style=\"color: #000000;\">Healthcare<\/span><\/li><li><span style=\"color: #000000;\">Industrial Processes<\/span><\/li><li><span style=\"color: #000000;\">Sectors that heavily utilize robotics\u00a0<\/span><\/li><\/ul><p><span style=\"color: #000000;\">One of the reasons why iValue is considered the preferred managed tech partner for many enterprises across the country is our ability to create personalized security stacks specific to your industry and individual requirements. All our <a href=\"https:\/\/ivaluegroup.com\/en-in\/solutions\/industry-solution-stacks-for-bfsi-manufacturing-smart-cities-more-ivalue\/\">critical infrastructure stacks<\/a> (Manufacturing, Healthcare, Smart Cities, etc.) now incorporate ESTM 3.0 to create blended, holistic security across both traditional IT environments and embedded systems.<\/span><\/p><p><span style=\"color: #000000;\">A crucial gap has now been plugged with the introduction of ESTM 3.0, and now, organizations in India\u2019s critical infrastructure can achieve comprehensive cybersecurity that defends against breaches across all environments. <a href=\"https:\/\/ivaluegroup.com\/en-in\/contact-us\/\">Click here<\/a> to start securing your enterprise today.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Embedded Systems Pose A Different Kind Of Threat Last year, India had to deal with heightened geopolitical tensions that made it the target of several adversarial nation-state hacker groups. Massive volumes of attacks were directed at our critical infrastructure in the aftermath of Operation Sindoor, and the spillover has continued in 2026.\u00a0 Industries like defense, &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/securing-embedded-systems-in-indias-critical-infrastructure-with-estm-3-0\/\"> <span class=\"screen-reader-text\">Securing Embedded Systems in India\u2019s Critical Infrastructure with ESTM 3.0<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":27182,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[131],"tags":[251,409,658,660,661,659],"whitepapers":[],"case_studies":[],"acf":[],"_links":{"self":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts\/27181"}],"collection":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/comments?post=27181"}],"version-history":[{"count":4,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts\/27181\/revisions"}],"predecessor-version":[{"id":27187,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts\/27181\/revisions\/27187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/media\/27182"}],"wp:attachment":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/media?parent=27181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/categories?post=27181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/tags?post=27181"},{"taxonomy":"whitepapers","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/whitepapers?post=27181"},{"taxonomy":"case_studies","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/case_studies?post=27181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}