I am working on critical cyber physical systems, and my work and research lead me to some questions. In the following, I assume that the attacker is not able to change the hardware of your system and can only attack it remotely.
Many researchers / engineers / "experts" argue that an old hardware, because of its lack of processing power is a system weakness, which can lead to an exploitation by an attacker.
Why is this true? In my opinion, this can happen only if your system has been poorly designed, e.g. you add tasks to a processor than cannot handle them, leading to deadline missed and then faults. But in critical domains such as transport, this never happen anymore. I don't have experience with ICS, but I suppose that even if these systems are not secure against attacks, they are designed to be safe against non intentional faults. What can be a source of remote weaknesses is an obsolete firmware (if your hardware even has one), not the processing power of your processor I suppose.
This lead to a more general question: how does a hardware affect the security of the softwares / processes it hosts? It does affect the operational availability, which is a safety metric, but is it also able to affect the possibility to discover a weakness / vulnerability in the processes?
Thanks a lot for your experience.