How do you approach securing legacy ICS/SCADA devices that do not support modern encryption or patching?