A computer-implemented method includes: monitoring, by a computing device, communication flows within an industrial processing system; identifying, by the computing device, a hazardous command based on monitoring the communication flows, wherein identifying the hazardous command includes running a simulation with the communication flows as an input to the simulation; generating, by the computing device, a set of one or more mitigating commands based on identifying the hazardous command; and outputting, by the computing device, the set of one or more mitigating commands to components within the industrial processing system, wherein outputting the set of the one or more mitigating commands reduces a level of hazard caused by the hazardous command.

A programmable logic controller for an industrial control system is disclosed which includes an application logic execution layer and at least one of an update checking layer and an output checking layer. The application logic layer is configured for processing sensor input data to generate an output parameter for an actuator. The output checking layer is configured for outputting only an allowed output parameter to the actuator. The update checking layer is configured for verifying whether application logic update defined by application logic update data corresponds to an application logic update in a list of allowed logic updates, and the application logic is updated only if the update data is allowed application logic update data.

A computer-implemented method includes: monitoring, by a computing device, communication flows within an industrial processing system; identifying, by the computing device, a hazardous command based on monitoring the communication flows, wherein identifying the hazardous command includes running a simulation with the communication flows as an input to the simulation; generating, by the computing device, a set of one or more mitigating commands based on identifying the hazardous command; and outputting, by the computing device, the set of one or more mitigating commands to components within the industrial processing system, wherein outputting the set of the one or more mitigating commands reduces a level of hazard caused by the hazardous command.