This white paper describes solutions which organisations may use to improve the security of their legacy process control systems. When we refer to a legacy system, we generally refer to old methodologies, technologies, computer systems or applications which are still in use, despite the fact that new technologies or more efficient methods are available. Legacy systems are characterised by the fact that for some reasons they cannot be adequately secured in the regular way against new threats regarding availability, integrity and confidentiality. Examples are: missing or incomplete support from the supplier and a lack of security updates. Another reason may be the loss of (the required amount of) knowledge and expertise within the organisation, for instance, because of staff turnover. It is essential to be familiar with the organisation’s particular environment. With regards to this, it is important to know which process control systems are used in the organisation, how critical these are to the continuity of the business processes and which vulnerabilities these systems contain.