February 2026
There are myriad reasons why critical infrastructure — energy, water, transportation, healthcare, communications — often gets short shrift in broader cybersecurity discussions.
The ecosystem is complicated, vulnerable, and very high stakes. Plus, the nation’s infrastructure is vast and relies on a patchwork of operators from local, state, and federal governments, as well as private industry.
In a recent interview with ExecutiveBiz, our CEO Mark Peters called out the lapse: “One area that receives too little attention is operational technology (OT), the systems that control physical processes in infrastructure, industrial environments, and defense platforms.”
Identifying the problem: “Unlike traditional IT, these systems were built for reliability, not cybersecurity, and connecting them to modern networks introduces new risks,” Peters says.
Addressing the risks: MITRE partners with key stakeholders to conduct integrated research and analytics across diverse technologies and sectors, strengthening critical infrastructure security at scale.
8-minute read time
CYBERSECURITY IMPACT
Defining Countermeasures for Operational Technology
When most of our critical systems were deployed decades ago, they weren’t designed to be interconnected in the ways they are today. Efficiency has improved, but growing dependencies on the internet and cloud have a flip side: They expose operations to malicious cyber activity.
With funding from the Cyber Warfare Directorate in the U.S. Office of the Under Secretary of War for Acquisition and Sustainment and the National Security Agency, we recently extended our D3FEND™ cybersecurity knowledge base of countermeasures to include OT. The tool empowers critical infrastructure operators to counter attacks specific to cyber-physical environments.
Bottom line: The D3FEND extension provides a common framework to help the cybersecurity community better understand, secure, and sustain vital infrastructure.
SECURING AI
Analysis Reveals How Popular AI Tool Can Be Exploited and How to Defend Against It
Clears inbox, sends emails, manages calendar, checks in for flights. These are just a few noted features of OpenClaw, an open source AI assistant that acts as a user’s “digital chief of staff.” Alongside its promises, there are numerous novel cyber vulnerabilities associated with the technology, which is the most advanced version of a publicly available agentic AI tool to date.
We rapidly analyzed the risks posed by OpenClaw mapping them to MITRE ATLAS, our AI security threat framework.
Why it matters: The novel threats reveal new exploit execution paths that traditional security models don't cover, underscoring the need for updated defenses.
Takeaway: The timely work — addressing concerns about AI safety through rigorous testing — is part of MITRE’s ongoing efforts to foster safe and secure AI adoption for the American public.
FRAMEWORK SPOTLIGHT
Threat Framework Strengthens Cyber Defense for Critical Infrastructure
Your phone, your electronic car key, and your smart watch are all examples of embedded systems, combining hardware and software to perform a specific set of tasks. In addition to everyday devices, our nation’s critical infrastructure also runs on this computing technology. Widespread connectivity makes these systems increasingly vulnerable to cyber attacks.
MITRE worked closely with the Air Force’s CROWS (Cyber Resiliency Office for Weapon Systems) to launch the Embedded Systems Threat Matrix™ (ESTM), a cybersecurity framework that helps researchers, vendors, and security professionals identify risks, understand adversary tactics, and strengthen defenses.
Actionable guidance: "ESTM fills a key gap by giving defenders clear, actionable information to identify and stop cyber threats against these essential systems," says Keoki Jackson, senior vice president, MITRE National Security.
Extended application: ESTM can be used across many sectors and industries, including transportation, energy, healthcare, industrial controls, and robotics.
OUR CULTURE IN ACTION
Cyber Expert Prioritizes Community Inside and Outside the Office
Suneel Sundar is a collaborator by nature. At work, Suneel leads joint efforts with industry partners to enhance cybersecurity practices and tools in our Center for Threat-Informed Defense. He also co-founded our Cyber New Professionals program to help early career professionals explore cybersecurity opportunities across the organization.
Serenity now: Outside of his day job, Sundar is a yoga teacher and studio owner. He often opens work meetings with a gratitude exercise, calling it “an amazing way to get people to say what they're actually proud of and what their priorities are."
THREAT-INFORMED DEFENSE
Bringing Cloud Security Down to Earth: Mapping Controls to Real-World Attacks
Problem: The scale and complexity of cloud environments make defending them a challenge. Existing frameworks do not clearly reflect how adversaries navigate cloud ecosystems, making it hard to pinpoint where defenses should be prioritized or improved.
Solution: Citigroup, CSA, CrowdStrike, Fortinet, and JPMorgan Chase worked with MITRE’s Center for Threat-Informed Defense to map the CSA Cloud Controls Matrix to the MITRE ATT&CK framework. The free mappings help organizations identify gaps and guide investments to build comprehensive threat-informed cloud security programs.
Takeaway: “This work allows defenders to shift focus from checking boxes to building proactive defenses that can anticipate and counter sophisticated attacks in complex cloud environments,” says Leslie Anderson, chief cyber strategist and head of MITRE’s threat-informed defense programs.