The average firmware version on operational IoT devices in commercial energy deployments is 3.2 years old. That number comes from our own field observations across sites we have audited and worked with. The devices are not running old firmware because operators are negligent. They are running old firmware because nobody has built a safe, reliable mechanism for updating them in production.
Consumer IoT solved this problem by accepting update risk. A smart thermostat that reboots mid-update and comes back with corrupted firmware is a nuisance. A battery management system that loses power mid-update and bricks itself is an outage. The risk calculus is completely different in OT environments, and the tooling has not caught up.
The update process for a Modbus RTU device in a production energy site typically looks like this: schedule a maintenance window, dispatch a technician, physically access the device, apply the update manually, verify functionality, restore to service. For a portfolio of 200 devices across 15 sites, this process is essentially never completed — the maintenance windows required would consume the entire operations team.
The consequence is a fleet of devices running known-vulnerable firmware indefinitely. CVEs get published for the firmware versions running in production. The operator knows about them. The vendor may have issued patches. But the update cannot be safely applied without a process that does not exist at scale.
The path forward requires three things. First, OTA update infrastructure that can stage updates, validate checksums, roll back on failure, and report update status per device — without requiring physical access. Second, testing environments that mirror production device configurations so updates can be validated before fleet-wide deployment. Third, platform-level visibility into firmware versions across the entire asset portfolio, so operators know what is running and what is exposed.
GridWatch's edge adapter architecture provides the connectivity layer that makes all three possible. When the platform maintains persistent, authenticated connections to every device, firmware update delivery and validation become platform operations rather than truck-roll operations. The fleet visibility problem is solved as a byproduct of the operational monitoring problem.