A railway maintenance company contacted us recently needing new industrial PCs that could run Windows XP. Not as a one-off legacy recovery. As an ongoing requirement.

Their operations depend on specialist software that only runs on XP, and their existing PCs are ageing out. We were able to build replacements, but only because one of our manufacturers had remaining stock of older motherboards that still support XP. When that stock is gone, there will be no more.

This situation is common across Australian industry. Windows XP, Windows 7 and Windows 10 are still running critical processes in manufacturing, utilities, transport and mining. These systems work. But the ground underneath them is eroding.

The risks of legacy operating systems

The risks of running critical processes on legacy systems are not always obvious. These include:

• Cybersecurity vulnerabilities

Windows XP has been out of support since 2014. Windows 7 since 2020. Windows 10 Pro reached end of support in October 2025. After that, no more security patches. Known vulnerabilities remain permanently open, and new ones accumulate.

The standard response is reasonable – “it’s not connected to the internet, so it doesn’t matter.”

For a genuinely air-gapped system with no network connectivity, no USB access and no data exchange, the direct cybersecurity risk is limited.

But genuinely air-gapped systems are rarer than people think. Many are connected to plant networks for data collection or remote monitoring. Some have USB ports used for updates or data extraction. Every touchpoint is a potential vector, and on an unpatched OS, the attack surface is wide open. The 2017 WannaCry ransomware attack demonstrated this clearly, hitting industrial targets worldwide, including organisations that believed their systems were adequately isolated.

• Disappearing expertise

Unsupported operating systems also create a less obvious vulnerability. The engineers and technicians fluent in XP-era driver models, registry configurations and hardware compatibility are retiring or moving on. Recruiting someone who can troubleshoot a Windows XP industrial environment is already difficult. In five years, it may be nearly impossible.

This is a human single point of failure. The system depends not just on obsolete hardware and software, but on people who understand them. We see this regularly: a PC fails, the person who understood the system is gone, and a straightforward hardware replacement becomes a forensic recovery exercise costing many times more than the PC itself.

• Hardware availability issues

Modern industrial motherboards do not include driver support for Windows XP or, increasingly, Windows 7. The chipsets, BIOS architectures and I/O interfaces have moved on. You can’t install XP on a new industrial PC and expect it to work.

Replacement hardware for legacy OS environments depends entirely on remaining old stock from manufacturers. That stock is finite and is not being replenished. For organisations still running critical processes on XP or Windows 7, the window to secure compatible hardware is closing now.

• Compliance complexities

Standards covering industrial control systems, including ISA/IEC 62443 and sector-specific regulations, increasingly reference the need for supported and patchable components. An unsupported OS does not automatically mean you fail an audit, but it does mean demonstrating compensating controls that are documented, maintained and genuinely effective. For many organisations, that effort exceeds the effort of migrating.

What are some practical solutions?

Most organisations running legacy operating systems are not doing so by choice. They are locked in by application software that will not run on anything newer. These are real constraints. But there are still options.

1. Secure replacement hardware now. If you need to continue running a legacy OS, sourcing compatible hardware now and holding spares is a practical short-term strategy. Availability is declining and will not improve.
2. Create full disk images of every legacy system. A complete image captures the OS, software, drivers and configuration in a restorable state. This is the single most valuable insurance for a legacy system.
3. Evaluate virtualisation. Some legacy applications can run inside a virtual machine on modern hardware. This does not work for every application, particularly those with direct hardware dependencies or real-time requirements, but where viable it buys significant time.
4. Plan the application migration. The long-term answer is almost always migrating to software on a supported OS. This is the most expensive option in the short term, but it eliminates the compounding risks of hardware obsolescence, security exposure and knowledge loss.
5. Consider virtualised PLCs. Virtualised PLCs are software based PLCs that run on standard industrial PCs. Many modern virtual PLCs support real time operation, and usually use external I/O modules instead of directly attached I/O. With this kind of setup, the PLC configuration becomes independent of the hosting industrial PC platform and operating system. This means the host PC and operating system can be updated over time without changing the functionality and operation of the PLC logic. Platforms are also emerging that use AI to make it easy to transition existing code from a legacy PLC to a new virtual PLC.

How ESIS can help

We build industrial PCs for both current and legacy environments and understand the constraints of running older operating systems in production. Whether you need compatible legacy hardware, help with OS configuration or advice on transition planning, we can help you assess your situation and plan a practical path forward.

Contact us to discuss your requirements and get a recommendation from our engineers.