The business case for replacing aging industrial control systems rarely gets written until something breaks badly enough to force the conversation. Until that point, legacy infrastructure tends to persist on the basis of a deceptively simple argument: the system still works, replacement is expensive and disruptive, and the organization has more pressing priorities.
What this framing consistently misses is that legacy infrastructure is not a neutral holding position. It is an active cost center with expenses that accumulate across maintenance budgets, energy performance, staffing, security exposure, and operational capability. For multi-site operators, those costs multiply with every additional site running on outdated control systems. Understanding the full picture requires looking well beyond the visible line items.
The Maintenance Cost Spiral
The most visible cost of legacy industrial control infrastructure is the maintenance burden, and it grows in predictable ways as systems age. Original equipment manufacturers phase out support for older platforms over time. When support ends, the operator’s options narrow: pay premium rates for extended support contracts, locate and stockpile spare parts before they become unavailable, or rely on a shrinking pool of engineers with the specialized knowledge to service the equipment.
Each of these paths is more expensive than standard maintenance on a supported system. Extended support contracts for end-of-life platforms can cost significantly more than standard support for equivalent functionality on a modern system. Spare parts for obsolete controllers and sensors become progressively harder to source, with longer lead times and higher prices. And the institutional knowledge required to service equipment that is no longer taught in engineering curricula concentrates in a small number of increasingly senior technicians whose eventual retirement represents a knowledge risk as much as a staffing one.
According to a 2024 analysis of legacy system maintenance costs, enterprises maintaining legacy systems spend considerably more on operational overhead compared to those running on supported modern platforms, with maintenance costs on aging infrastructure increasing substantially after warranty expiration. For industrial operators managing multiple sites, this overhead is not a one-time expense. It is a recurring cost that compounds annually across every facility still running on unsupported or near-end-of-life control systems.
Downtime Exposure at Aging Facilities
Legacy control infrastructure also creates downtime risk that is structurally different from the risk associated with modern systems. When a supported controller fails, the repair path is typically well-defined: the fault is identified, a replacement part is ordered, and the system is restored within a predictable timeframe. When an unsupported controller fails, the path forward may involve sourcing a legacy component from a secondary market, locating documentation for a system that predates digital record-keeping, or waiting for one of the few remaining specialists who understands the original architecture to become available.
The Siemens True Cost of Downtime 2024 report documents that unplanned downtime now costs the world’s 500 largest companies 11% of their annual revenues, totaling approximately $1.4 trillion, a figure that has grown substantially over the past five years. Critically, the mean time to repair, the average duration from failure to restoration, has lengthened, not shortened, for major manufacturers. For facilities running legacy control infrastructure, longer repair windows are not a coincidence. They are a structural consequence of reduced parts availability, fewer qualified technicians, and systems that cannot be diagnosed or reconfigured remotely.
For multi-site operators, the downtime risk of legacy infrastructure is concentrated at the sites with the oldest equipment and amplified by the fact that a failure at one facility may draw on the same limited pool of specialized resources needed by another.
The Visibility Gap
A less quantified but operationally significant cost of legacy control infrastructure is what it prevents operators from knowing. Modern industrial monitoring platforms are built on the assumption that control systems can communicate their state continuously, feed real-time data to analytics layers, and trigger alerts or responses when conditions deviate from defined parameters. Legacy systems, particularly those built before network connectivity was a design consideration, were not built to support this kind of data flow.
The result is a visibility gap. Sites running older infrastructure tend to generate less operational data, in less structured formats, with less reliability than sites running modern systems. Anomalies that would be detected early by a connected monitoring layer go undetected until they manifest as visible performance problems or equipment failures. Energy inefficiencies that would be surfaced by continuous consumption monitoring persist because the data needed to identify them is not available.
For multi-site operators trying to compare performance across their portfolio, this gap is particularly disruptive. Benchmarking requires consistent data. Sites that cannot generate comparable operational data cannot be meaningfully compared against sites that can, which means the portfolio’s analytical and governance capabilities are limited by the weakest link in its infrastructure.
The Cybersecurity Dimension
Legacy industrial control systems carry cybersecurity exposure that has grown substantially as OT environments have become more connected. Systems designed in an era of physical isolation, when air-gapping was standard practice and network connectivity was not a consideration, were not built with authentication, encryption, or patch management as design requirements.
As NIST has documented in its guidance on digital transformation with legacy components, legacy systems frequently cannot support modern communication security standards, and legacy network segmentation designed to isolate industrial control system components from broader IT infrastructure now creates barriers to integration that conflict with digital transformation goals. The result is a difficult choice: maintain the isolation that protects legacy systems from cyber exposure but accept the operational limitations it imposes, or connect legacy systems to modern infrastructure and accept the security risk created by equipment that cannot be patched or updated.
The Knowledge Concentration Risk
Neither option is without cost. And neither addresses the underlying issue, which is that the legacy system itself is the source of the constraint. For multi-site operators with a mix of older and newer facilities, this creates a two-tier operational capability that is difficult to manage: modern sites can participate in portfolio-level data integration and analytics, while legacy sites remain operationally isolated regardless of investment in monitoring or connectivity at the enterprise layer.
The cybersecurity exposure of legacy OT is not theoretical. Industrial control systems running unsupported firmware and proprietary protocols that lack basic authentication are documented targets for threat actors, and an incident at a single facility can have consequences that extend well beyond that site if it shares network infrastructure with others in the portfolio.
What Multi-Site Operators Actually Spend
Aggregating the costs of legacy industrial control infrastructure across a multi-site portfolio requires looking at several categories simultaneously: the direct maintenance premium over what modern supported systems would cost, the downtime exposure from longer repair windows on unsupported equipment, the energy inefficiency that goes undetected without adequate operational visibility, the labor cost of specialized knowledge that is not scalable, and the opportunity cost of operational capabilities the portfolio cannot access because its infrastructure does not support them.
As MaintainX’s 2026 maintenance research documents, the average age of industrial fixed assets is at its highest point in nearly 70 years. Organizations with aging infrastructure are navigating an environment where parts availability is tightening, specialist labor is concentrating among an older workforce, and the gap between legacy and modern operational capability is widening with every year that replacement is deferred.
The argument for deferral is understandable. Control system replacement is capital-intensive, operationally disruptive, and requires careful planning to avoid production impact. But the argument that legacy infrastructure represents a neutral holding position, costing the organization nothing while it waits for a better time to invest, is not supported by a complete accounting of what that infrastructure actually costs to operate, protect, and work around.
For multi-site operators, the conversation is not whether legacy infrastructure has costs. It does. The more productive question is which of those costs are visible in the current budget, which are distributed across other categories and therefore not attributed to the infrastructure directly, and what the cumulative total looks like compared to the cost of a planned, staged modernization that does not require a crisis to justify it.
