Rules and Guidelines
Want to participate in the discussions? Please read our Community Rules and Guidelines. Need some help? Visit Support and Answers.

  • Replies 3 replies
  • Subscribers 18 subscribers
  • Views 263 views
  • Users 0 members are here
Options
You may also be interested in

Retrofitting Legacy Control Systems to Tackle Evolving OT Cyber Threats

Taimur

Hi everyone,

I’m new to the EngX community and looking forward to learning from you all. I’d like to start a conversation about something I think many of us face and that is updating legacy control systems in power plants and other critical infrastructure, especially when it comes to growing OT cyber threats.

Lot of these systems were designed decades ago, with reliability in mind but little thought given to cybersecurity. Today, they’re exposed to new risks that weren’t imagined back then. The challenge is finding a way to retrofit these systems efficiently and without tearing everything apart or causing long periods of downtime.

In the UK, where our energy and infrastructure systems are heavily relied upon, even a small disruption can create big problems. So how do we make these updates both secure and practical?

I’m particularly interested in hearing how others have approached efficient retrofitting and what worked, what didn’t, and how you balanced the iron triangle of cost, time, quality and scope. Are there certain strategies or tools that helped modernize your systems without overhauling them completely.

Would love to hear your thoughts and experiences.

Thanks,

Taimur | MIET 

  • If it were up to me I would seriously consider banning all microprocessor relays from swtichgear feeding critical infrastructure - or at least mandate a electromagnetic back-up relays.

    Anything that contains a microchip is subject to supply chain attacks. For example, imagine a hidden backdoor in the chip that renders it inoperable after x years of use etc. etc. If this were to be installed without detection it could cause total chaos given the highly centralized supply of such devices.

    We are constantly being told by our own government that our threat model should include state actors. State actors are more than capable of inserting hardware back doors into devices.

    The fact is that older simpler control systems - particularly if air-gaped - have a much smaller attack surface and are therefore much more resilient to cyber threats.

  • Hi everyone, and thank you for starting this important discussion.

    As someone working in the ICS/OT domain, I’ve seen first-hand how challenging it is to modernise legacy control systems in critical infrastructure—especially in sectors like power generation, where uptime, safety, and compliance are non-negotiable.

    You're absolutely right—many of these systems were built for reliability and longevity, not cybersecurity. But today, with increasing OT cyber threats and growing interconnectivity, we can't afford to ignore the risks. That said, a full system overhaul isn’t always feasible. I’ve found that successful retrofitting lies in balancing risk reduction with practical constraints like time, cost, and operational disruption.

    Here are a few approaches I’ve seen work in practice:

    Small blue diamond Risk-based retrofits using tools like Cyber-PHA or CyberHAZOP to prioritise high-impact upgrades.
     Small blue diamond Network segmentation and DMZs to isolate legacy equipment from enterprise IT and internet-connected systems.
     Small blue diamond Compensating controls such as protocol-aware intrusion detection, application whitelisting on HMIs, and read-only historian interfaces.
     Small blue diamond Secure remote access using jump servers with multi-factor authentication, session recording, and time-bound permissions.
     Small blue diamond Standards-based frameworks like IEC 62443 and NCSC’s Cyber Assessment Framework (CAF) to structure retrofit plans and align with regulatory expectations.

    One strategy that’s worked particularly well is the “wrapper” approach—layering modern protections and interfaces around legacy assets, allowing phased upgrades and limiting downtime. Conversely, what hasn't worked well is trying to lift-and-shift IT tools into OT environments without accounting for latency, determinism, or vendor lock-in.

    I'd be really interested to hear from others here:

    • Have you used similar strategies, or different ones that worked better?

    • What lessons have you learned in terms of balancing security, cost, and uptime during upgrades?

    - Simha

  • Control systems many decades old are likely entirely immune to cyber threats - being simpler electronic or electromechanical systems with little or no "smart" components and certainly no internet connection. Therein lies a lesson I think. As for existing more vulnerable systems, building rings of security around them - e.g. either physically separating them from the internet completely or at least hiding them behind multiple layers of firewalls or similar, together with physical access security, will keep the majority of the black hats out. Nothing's ever 100% secure though -  as has been demonstrated relatively recently in the middle east, with enough time, money, effort and determination, anything can be infiltrated - even if it means going back to original equipment manufacturing where destructive components can be incorporated before the end users even take possession of them.

       - Andy.

Community Rules & Guidelines