Industrial control systems (ICS) remain significantly less mature in cybersecurity compared to IT environments, trailing by 10-15 years, according to ABI Research. Despite increasing regulatory pressure and a growing threat landscape targeting industrial networks, the adoption of secure ICS in operational technology (OT) environments is progressing slowly.
Michela Menting, senior research director at ABI Research, noted that embedding secure hardware is a low priority for industrial organizations due to the lengthy and costly process of deploying secure ICS. Network-level solutions, which do not require immediate hardware changes, are currently more practical for meeting compliance requirements.
Regulatory efforts and standards are pushing for secure-by-design applications, software bill of materials requirements, and supply chain accountability, which are expected to drive the embedded security market over the long term. The long lifespan of ICS means that as legacy equipment is replaced, demand will grow for devices with enhanced digital security features, such as hardware roots of trust, secure boot, trusted execution environments, and secure communication, supported by the secure microcontroller market.
Companies like Siemens, Bachmann, and HMS are integrating security functionalities at the hardware level, including secure-by-design methodologies and software layer protections. Veridify Security is developing post-quantum protocol support, while startups like RDDL, in partnership with Tropic Square, are embedding trust into hardware using blockchain technology for assets like microgrids.
These efforts aim to address the gradual demand for integrated security in industrial environments, fostering more secure OT systems and supporting zero-trust architectures. The findings are detailed in ABI Research’s *Industrial Control Systems: Integrating Embedded Secure Hardware* report, part of its Trusted Devices Solutions research service.





