Siemens, still smarting from the targeted nation-state attack called Stuxnet that used Step 7 and PCS7 as vehicles, has gone to great pains to point out that their new controller offering, the S7-1500, has integrated security functions built into the firmware of the controller.
Belden, which owns the Tofino device, has announced that GarrettCom's new product has integrated and integral cyber security.
This is what security researchers like Dale Peterson and Eugene Kaspersky and many others have been asking for.
There is good news here, since the ISA has released several levels now of @ISASecure through exida.
There is also bad news...many companies aren't yet getting the idea that in their next design cycles they need to integrate security into the device. A company recently released a new product using JAVA as its operating system.
The other piece of bad news relates to my previous comments about rip and replace not being practical.
Even though we are now seeing products with integrated security functions, it will take a generation (absent a massive security-caused disaster) to replace all the existing systems with ones that have an acceptable level of security ab initio. This isn't because people don't care. It isn't even because people deny there's a threat. It is for two good reasons: first, replacing controllers is often impossible because of the intellectual property embedded there, and second, the replacements are cost prohibitive.