Edge platforms, which provide a liaison between networks and legacy equipment, can provide a layer of cybersecurity protection without infrastructure modifications
Chemical processing facilities worldwide are connecting decades-old equipment to modern networks for real-time monitoring and optimization. While this digital transformation and the associated industrial internet of things (IIoT) promise significant benefits, such as predictive maintenance, reduced downtime and data-driven optimization, it also exposes critical vulnerabilities. Most industrial control systems were designed in an era when security meant locked doors and fence lines, not encryption and firewalls.
The challenge is particularly acute in chemical processing. A distillation column running on 1990s-era controllers likely speaks Modbus — a protocol from 1979 with no encryption or authentication. Crystallizers maintain precise supersaturation levels through control loops that, if manipulated, could produce off-specification products or cause massive fouling. Polymerization reactors operate near runaway boundaries where unauthorized setpoint changes could trigger dangerous exothermic reactions. These systems have operated reliably for decades, but they were never designed to face threats from the internet.
The stakes extend beyond operational disruption. Process knowledge embedded in control strategies represents billions of dollars’ investment in research and development. Proprietary catalyst formulations, optimized reaction conditions and carefully tuned process sequences constitute intellectual property that competitors and nation-state actors actively target. A single compromised batch recipe in pharmaceutical manufacturing could expose trade secrets worth hundreds of millions of dollars.
The 2017 TRITON/TRISIS attack on a Middle Eastern petrochemical facility [1] demonstrated that these are not theoretical risks. In this case, the malware specifically targeted Triconex safety instrumented systems, potentially enabling physical damage and harm to personnel. It represented a watershed moment: attackers had crossed from disrupting operations to threatening safety systems designed to prevent catastrophic failures.
With production downtime that can cost hundreds of thousands to millions of dollars per day, depending on facility size, and sophisticated threats emerging from both criminal groups and nation-states, chemical facilities need practical security solutions that do not require wholesale infrastructure replacement (Figure 1). The challenge is finding approaches that enhance security while respecting the operational realities of continuous processes, validated systems and equipment designed to run for decades.
FIGURE 1. Complex chemical manufacturing complexes require high-performance security protection that can withstand the rigor of continuous processes without demanding a great deal of modifications to existing infrastructure
Security via edge computing
Edge computing has emerged as a proven approach to modern cybersecurity challenges, enabling facilities to secure their digital transformation without replacing legacy infrastructure. Edge platforms serve as secure intermediaries between legacy equipment and modern networks, adding essential security capabilities while preserving the reliability of proven control systems. They act as industrial translators that accept insecure legacy protocols on one side while implementing modern security standards on the other.
For chemical engineers implementing IIoT technologies, edge platforms deliver critical advantages. They normalize data from disparate sources, whether a 1979 Modbus transmitter measuring reactor temperature or a modern wireless sensor monitoring pump vibration. These normalized data then transmit securely to cloud analytics platforms, historians or remote monitoring centers. Edge platforms provide the encrypted communications, user authentication and detailed audit trails that legacy equipment simply cannot support.
Crucially for validated environments, edge platforms add these capabilities without modifying existing control logic. In pharmaceutical manufacturing, where changing a single line of code might trigger months of revalidation under federal regulatory requirements, this non-intrusive approach proves invaluable. The edge platform taps into existing data streams through read-only connections, adding security and analytics capabilities while leaving the validated control system untouched.
Industrial-grade edge platforms should include redundancy, failsafe designs and bypass capabilities to ensure they enhance rather than compromise reliability. When properly implemented, edge computing provides the security foundation that makes IIoT transformation both safe and practical.
Both commercial and open-source industrial-grade edge-platform implementations have emerged over the last few years. These have reached a level of maturity such that they now offer the chemical industry a range of viable alternatives. For example, a key open-source initiative with broad cross-industry support is the Linux Foundation’s LF Edge (www.lfedge.org). The objective of LF Edge is to establish an open, interoperable framework for edge computing. EdgeX Foundry (www.edgexfoundry.org) is one of the largest projects under the LF Edge umbrella. It provides a flexible and scalable open software platform that facilitates interoperability between operational technology (OT) devices and applications at the edge. EdgeX Foundry and its commercial derivatives are seeing increasing adoption across industrial sectors [2].
Legacy protocol vulnerabilities
Many chemical plants run on industrial protocols that were designed before cybersecurity was a consideration. A typical refinery might have hundreds of Modbus devices transmitting critical process variables in clear text — temperatures, pressures, flowrates and valve positions all flowing without encryption or authentication. DNP3, another common protocol, was designed for reliability in the electric utility sector, but lacks modern security features. Even newer protocols like OPC Classic transmit data without adequate protection.
Edge platforms solve this challenge by encapsulating these communications, adding encryption and authentication for external transmission while maintaining complete compatibility with existing equipment. Consider a distillation column where tray temperatures and reflux ratios flow from legacy controllers to advanced process control software. An edge platform secures this entire data path without modifying the controllers or disrupting the optimization algorithms that took years to develop and tune.
Modern edge platforms handle the subtle protocol variations between vendors seamlessly. Different manufacturers might encode data differently even when claiming standard Modbus compatibility. Advanced edge platforms manage these variations while maintaining the precise timing requirements that process control demands, ensuring that critical temperature readings in reaction control scenarios arrive without delay.
Validation and compliance
Pharmaceutical manufacturers face particular challenges under the U.S. Food and Drug Administration’s criteria for electronic recordkeeping, FDA 21 CFR Part 11, where any change to validated systems can trigger extensive revalidation costing millions of dollars (Figure 2). Edge platforms provide an elegant solution through their “wrapper” approach that has proven effective across validated environments.
FIGURE 2. In pharmaceutical manufacturing plants and other facilities requiring high levels of validation, edge platforms can help ensure compliance and avoid re-work
By tapping into existing data streams through read-only connections — often using the same serial ports or network connections already feeding historians — edge platforms add security and analytics capabilities outside the validated boundary. The original control system continues operating exactly as validated, while new capabilities layer on top. This approach has enabled pharmaceutical manufacturers to implement real-time batch record collection, environmental monitoring and overall equipment effectiveness (OEE) calculations without touching validated systems.
Facilities using this approach successfully demonstrate to auditors that validated systems remain unaffected while gaining modern IIoT capabilities. The edge platform becomes part of the quality system, requiring its own validation for critical applications in facilities adhering to the FDA Good Manufacturing Practice (GMP) framework, but this is far more straightforward and cost-effective than revalidating entire control systems.
Chemical manufacturers operating in sectors beyond pharmaceuticals also benefit. Edge platforms provide the audit trails and access controls that are increasingly mandated by the process safety management (PSM) requirements set forth by the U.S. Occupational Safety and Health Administration (OSHA) and the Risk Management Program defined by the U.S. Environmental Protection Agency (EPA).
Managing third-party access
Chemical facilities routinely provide remote access to various vendors, including catalyst suppliers monitoring regeneration cycles, distillation column vendors requiring access to hydraulic models and process licensors verifying that operations stay within design bounds. Traditional virtual private network (VPN) connections made directly to control systems create unacceptable security risks.
Edge platforms transform this vulnerability into a controlled, auditable process. They create secure access windows, allowing vendors to see only specific datasets relevant to their needs. A catalyst vendor receives regeneration temperature profiles and cycle times without accessing broader process data, for example. Time-based permissions ensure access automatically expires, while detailed audit logs track every interaction.
This granular control extends seamlessly to internal users. Process engineers, operators and maintenance technicians each receive appropriate access levels that legacy control systems cannot provide. Modern edge platforms make role-based access control practical and manageable, preventing the access creep that often compromises security over time.
Operational reliability
Chemical processes demand continuous operation, and an unplanned shutdown might take days to restart and cost millions of dollars in lost production. Edge platforms designed for industrial use include comprehensive bypass capabilities and fail-safe designs that ensure operations continue even if the edge platform requires maintenance.
Process-specific security becomes practical with edge computing. Batch processes making different products each week benefit from flexible security that accommodates recipe changes. Continuous operations running the same process benefit from anomaly detection that identifies subtle deviations indicating potential manipulation.
Material- and energy-balance calculations running on edge platforms provide real-time security monitoring. When inlet and outlet flows don’t match expected values, the system immediately flags potential sensor manipulation or data injection attacks. This local processing provides faster detection than cloud-based monitoring, which is critical for processes where seconds matter.
Real-world deployment
Deploying edge security in chemical facilities requires addressing both technical and organizational factors. The cultural divide between IT and OT teams becomes much more manageable when edge platforms provide solutions that satisfy both groups. IT teams get the security features they require — encryption, authentication and audit trails. OT teams maintain the reliability they demand, with continuous operation, fail-safe designs, and minimal impact on proven systems.
Budget justification becomes straightforward when comparing edge platform investments to potential losses. A single ransomware attack might cost tens of millions of dollars in lost production, remediation costs and regulatory fines. Edge platforms provide measurable risk reduction that justifies the investment. Many facilities demonstrate value through pilot projects in utility systems or non-critical processes before expanding to core operations.
Additionally, skills-gap challenges have practical solutions. Leading edge platform providers offer comprehensive training and support, while system integrators bring expertise in both process control and cybersecurity. The edge platform simplifies security management, making it practical for existing staff to maintain with appropriate training.
Network architecture provides the foundation for edge security success. Proper segmentation — separating process control, supervisory and business networks — combined with edge platforms creates defense-in-depth. Data diodes can enforce one-way data flow for the most critical systems, while edge platforms manage bidirectional communication where needed.
Future-ready technology
Edge technology continues advancing to meet evolving industrial needs. Artificial intelligence capabilities at the edge detect subtle process anomalies that might indicate attacks or equipment issues. Machine-learning models trained on normal operating patterns identify deviations faster and more accurately than rule-based systems. For fast-moving reactions, local intelligence provides the rapid response that cloud-based analysis cannot match.
AI integration in modern edge platforms includes explainability features that help operators understand why the system flagged an anomaly. This builds trust and enables appropriate responses. Models can be updated based on operational experience, becoming more accurate at distinguishing between normal process variability and genuine threats.
Digital-twin integration showcases edge platform capabilities. Edge platforms provide secure, high-fidelity data feeds while protecting the models themselves from manipulation. As facilities adopt advanced process control and real-time optimization, edge platforms enable these benefits while maintaining security.
The IIoT landscape continues evolving with new protocols and standards. Modern edge platforms support this entire ecosystem — from legacy Modbus to modern OPC Unified Architecture (UA) platforms [3] — while maintaining consistent security across all protocols. This flexibility ensures investments remain valuable as technology advances.
Forward-thinking edge-platform providers are preparing for quantum-resistant algorithms, ensuring that investments made today remain secure as quantum computing advances. This future-proofing protects the long-term value of digital transformation initiatives.
Securing the future
IIoT security in chemical processing facilities requires balancing reliability, safety, regulatory compliance and threat protection. Edge computing provides the critical foundation for achieving all of these objectives simultaneously. When properly implemented as part of a comprehensive security strategy, edge platforms enable the full benefits of digital transformation while maintaining the security posture modern threats demand.
Chemical engineers can apply familiar methodologies to cybersecurity challenges. Just as HAZOP studies systematically identify process hazards, cyber-risk assessments using edge platform capabilities uncover digital vulnerabilities. The defense-in-depth philosophy using relief valves, interlocks and containment for physical hazards translates directly to layered cyber defenses through edge platforms, firewalls and network segmentation.
The human element remains crucial for success. Edge platforms provide the technical foundation, but security awareness must become part of operational culture. When integrated into existing safety programs, cybersecurity becomes another aspect of operational excellence rather than an imposed burden.
Chemical facilities implementing edge-based security today position themselves for sustainable competitive advantage. They gain the efficiency benefits of IIoT while maintaining security that satisfies regulators, insurers and corporate stakeholders. The technology is proven, the benefits are clear and the risks of delay continue growing.
The convergence of OT and IT in chemical processing is not just inevitable — it’s essential for remaining competitive. Market pressures demand the efficiency gains that IIoT enables. Regulatory requirements increasingly mandate the traceability that digital systems provide. Edge computing makes this transformation both secure and practical.
By implementing edge computing as the foundation of their IIoT strategy, chemical processing facilities secure their digital future without sacrificing the reliability built through decades of operational experience. The path forward is clear: edge platforms provide the bridge between legacy reliability and modern capability, enabling the secure digital transformation that defines tomorrow’s leading chemical enterprises. ■
Edited by Mary Page Bailey
References
1. Di Pinto, A., Dragoni, Y. and Carcano, A., Triton: The First ICS Cyber Attack on Safety Instrument Systems, Nozomi Networks, Labs, Black Hat USA 2018 research paper.
2. Butcher, J., EdgeX 4.0 Performance Revealed: Leaner, Smarter and ready for the Future, IOTech blog post, July 2025.
3. Finnan, K., Open Process Automation is Gaining Sustainable Momentum, Chem. Eng., January 2023, pp. 39–41.
Author
Andrew Foster is the product director at IOTech Systems (3 Science Square, Newcastle upon Tyne, U.K.; Website: www.iotechsys.com). He has over 20 years of experience developing IIoT and distributed real-time and embedded (DRE) software products. He has held senior roles in product delivery, management and marketing, and frequently speaks at industry conferences on distributed computing, middleware, embedded technologies and IoT. Foster holds an M.S. in computer-based plant and process control and a B.Eng in digital systems.