SEPTEMBER 16, 2025
4 MIN.
Legacy by Design: Outdated operating systems on innovative shop floors
Many Windows users are in an uproar. From October 14, 2025, devices running on Windows 10 will no longer receive support or security updates. Production managers in digitalized industrial plants can only smile wearily at this news. They know that even newly delivered machines often still run on much older operating systems, such as Windows XP, Windows CE, or even MS-DOS. This combination of innovative hardware and outdated software isn’t an outlier; it is often systemic. For many companies, this is a difficult risk to assess.
The interface of modern production processes with outdated control architecture creates serious vulnerabilities that have a massive impact on safety and efficiency. In this article, I will explain how companies end up with these constellations, why conventional protective measures are insufficient, and which solutions can be used to combine connectivity with security.
How outdated systems become an integral part of the shop floor
In industrial manufacturing, operating systems aren’t software products that are replaced every two years. In many cases, they form the technical foundation of machines with a lifespan of decades. Many production plants shipped today contain components with control logic based on architectures from the 1990s or early 2000s.
This is due to the structural requirements of mechanical engineering:
- Machine manufacturers prefer proven machines that have been tested in practice for many years, even if their IT systems are outdated.
- Control architectures are usually validated and certified only once for a machine series – any changes would require time-consuming re-certifications, especially in highly regulated industries such as pharmaceuticals or food.
- New hardware must be compatible with legacy platforms to ensure integration into the asset inventory.
Companies aren’t using outdated software components out of technical necessity, but because of economic and regulatory considerations. Or, to put it another way – it is legacy by design.
Why these systems often remain in use for decades
Even if a machine was delivered with an outdated operating system, it often remains in production for decades. This, too, has structural reasons.
Long investment cycles: Machine runtimes are often 20-30 years or longer, and investments are calculated accordingly. Replacing a machine because the software is outdated is not economical.
Support no longer available: Manufacturers may no longer provide updates; some may even no longer exist.
Hardware dependency: New operating systems are incompatible with existing components and control logic
Proprietary systems with no upgrade paths: A hardware retrofit would require extensive modifications and could involve substantial risks of operational downtime.
Legacy by Design – a key security risk
These machines often use outdated protocols, such as SMBv1, Telnet, or OPC DA – all without encryption, authentication, or central control mechanisms. As soon as the machine is connected to a network, a large attack surface is created, with the risk of unauthorized access and malware spreading throughout the company’s network.
This creates a permanent security risk that cannot be sufficiently mitigated using conventional methods such as network segmentation.
The balance between connectivity and security
At the same time, Industry 4.0 is under increasing pressure to digitalize and network operations. Modern production lines continuously generate data – via sensors, controls, or HMI systems. This information provides the foundation for countless data-driven applications, from analysis and optimization of the Overall Equipment Effectiveness (OEE) to predictive maintenance, from energy management to quality monitoring and traceability.
All relevant machines must be integrated to enable these data streams to be tapped, even those running outdated software such as Windows CE, or Windows XP. And this is where the real dilemma begins. For security reasons, the outdated systems should be separated from the rest of the network. This isolation, however, prevents data connectivity – and hinders optimization.
Although many companies already use traditional protective measures such as VLANs for network segmentation, these methods need open network ports for communication, which introduces a weak point.
For many companies, this results in a daily conflict between the need to comprehensively record and evaluate production data and the obligation to secure outdated systems. What is missing is an approach that allows both – secure integration without having to update the hardware or software of existing systems.
Approach: Standardization with simultaneous protection
The OT security solution edge.SHIELDOR by TRIOVEGA offers an approach that does not require machine modification. Based on a protective security layer, similar to the air gap concept, the legacy systems are decoupled from the rest of the network while being integrated into the networked production landscape.
Protocol conversion plays a central role. Outdated protocols, such as SMBv1 or OPCDA –which are considered insecure today – are translated into current standards, such as SMBv3 or OPC UA, within controlled environments. For example, a file provided via SMBv3 from the IT network can be converted into the old SMBv1 format required by the legacy machines, without creating a direct connection with uncontrolled access.
During transmission, the system carries out automated malware scanning to isolate potential threats that might enter the OT network. Communication occurs only via defined, monitored channels that prevent direct access to the existing system.
Well-integrated in existing user administration, this approach creates a security architecture that integrates heterogeneous machinery into the digitalized production environment. It makes data available via homogenized interfaces while significantly increasing cyber resilience.
If you would like to know how edge.SHIELDOR can secure OT networks in your production environment, and enable you to tap into valuable data, book a free consultation. Our experts will be happy to answer all your questions about our innovative solutions for safe and optimized Industry 4.0.
Author: Mareike Redder
Mareike Redder has been working as an IT engineer at TRIOVEGA GmbH since 2018, and has been responsible for product management since 2022.
You want to know more about our products
and solutions?
edge.SHIELDOR
Holistic OT security for industrial plants that enables data connectivity and sustainably reduces costs
service.factoryINSIGHTS
Discover potential and optimize production processes effectively with our data science expertise
This might also interest you:
- AI-supported cyberattacks – new threats to production systems?
AI increases the severity of cyberattacks, particularly against legacy production systems. TRIOVEGA on the risks and possible strategies for more resilient OT security. - Secure software development in manufacturing – A project report from a development manager
Cybersecurity is no longer a buzzword. It is an essential requirement. In the coming years, regulations such as the Cyber Resilience Act (CRA) and NIS-2 Directive will make security for networked products mandatory, including verification across the entire life cycle. - Legacy by Design: Outdated operating systems on innovative shop floorsLegacy by Design: Outdated operating systems on innovative shop floors The interface of modern production processes with outdated control architecture creates serious vulnerabilities that have a massive impact on safety and efficiency. We will tell you which solutions can still combine connectivity and security.
