As a sales engineer at a manufacturer of remote monitoring equipment, I witness the tension between security and authorized access on a daily basis.

The Remote Terminal Units (RTUs) and master stations that I sell are hardware devices that are integral to remote monitoring systems. They need communication (usually IP/LAN) to be able to help you manage your remote locations.

What are the security risks for the organization and for YOU?

From the perspective of IT security professionals, however, every new device that others want to install represents a potential career-ending mistake. You have to empathize with the reluctance of security people to grant access through the firewall. If your company gets massive ROI from top-notch remote monitoring, it's hard enough for that to get recognized by the C-suite and for the facilities team to get a "pat on the back." Think how radically unlikely it is that an IT security worker gets praised for allowing the necessary ports through the firewall that allowed that to happen.

Is it any surprise, then, that any allowance through the firewall is met with resistance? You have to complete scans, upgrade equipment to more secure standards, and beg the right people internally to complete your remote monitoring project.

Let's review the implications of and interactions between remote monitoring technology and your corporate/agency firewall team. We'll focus on what you can do to make your remote monitoring research, purchase, installation, and usage as smooth as possible.

Best practices for mediating security concerns for remote monitoring systems

RTUs and master stations, along with their underlying software, facilitate the collection, transmission, and analysis of data in real-time from geographically dispersed locations.

However, the very existence of these systems also raises significant cybersecurity concerns. Companies now grapple with the challenge of effectively managing firewalls and security in line with company policies and government regulations.

A brief primer on firewalls (skip if you already know)

It's important that you understand what a firewall is at this stage, so I'm including this information as a reminder, just in case. Feel free to skip this section.

A firewall acts as a gatekeeper between a trusted internal network and untrusted external networks, such as the internet. It uses predetermined rules to allow or block traffic, making it a crucial component in preventing cyber threats. For remote monitoring systems, firewalls can be configured to permit only authorized communications between the RTUs and the Central Master Stations.

Firewalls in conjunction with VPNs can provide additional security by creating a secure tunnel for data transmission, ensuring that only authenticated devices can connect to the network. This is an effective strategy employed by DPS Telecom and can be beneficial for other businesses as well.

Example: IT-to-OT Network Transition

I've been working recently with a long-time DPS client undertaking an important IT-to-OT network transition. It's a large organization, so coordination becomes important.

In this context, we can learn a lot about how to navigate security concerns while preserving monitoring functionality in a way that (mostly) makes every one of your departments happy.

Security risks that you can (and should!) start solving today

The cyber threats associated with remote monitoring systems are diverse and potentially devastating. You have everything from data breaches to system disruptions. An effective cybersecurity strategy for remote monitoring systems should include:

• Regular software updates: Keeping the software of RTUs and Central Master Stations updated is crucial. DPS Telecom, for instance, consistently releases patches and updates for their systems to fix vulnerabilities.
• Strong authentication: Implement techniques like user-level access control, centralized password management, or even multi-factor authentication for all devices and users. This adds an extra layer of security by requiring additional verification beyond just a password.
• Encryption: Encrypt data at rest and in transit to ensure that even if data is intercepted, it cannot be read or used maliciously. We've seen changes in the monitoring industry like SNMPv3 that introduced encryption for the first time. More recently, my clients have been very interested in the availability of TLS 1.2 for the web interfaces of both my NetGuardian RTUs and T/Mon master stations. Depending on the age of the device, this can be either a hardware or a software/firmware upgrade.

Aligning with your company security policies

Every organization must have robust security policies in place, and these policies should extend to remote monitoring systems. In addition to technical security measures, training and awareness programs for employees are key. They should understand the importance of security practices such as not sharing passwords and reporting any suspicious activity.

Something I see from working with my clients is widely varying attitudes for allowing default usernames and passwords to remain on monitoring devices. It's absolutely more convenient to do this, but you'd be hard-pressed to find a security professional who endorses this "time-honored" practice.

In addition to configuration settings and passwords, the selection of remote monitoring hardware and software should align with these policies. For example, if your policy stipulates that only encrypted communication is allowed, then your RTUs and central master stations should support encryption.

Complying with government regulations within your jurisdiction(s)

Various governments have regulations in place to protect data and ensure cybersecurity. For instance, industries like healthcare and finance are subject to strict data protection regulations like HIPAA and GLBA, respectively. These regulations often dictate the minimum security measures that must be in place, and non-compliance can lead to severe penalties.

In this regard, your remote monitoring systems should be designed and operated in compliance with relevant regulations. This might mean ensuring that data collected by RTUs is stored and transmitted securely, or that access to Central Master Stations is strictly controlled.

Fortunately, as I well know from filling out compliance forms when I'm bidding on monitoring projects, many of these rules are consumer-focused and not relevant for remote monitoring systems. I've never heard of either patient health records or sensitive credit card information being stored on an RTU, for example.

You can expect that you'll need to explain this to the security and compliance teams within your company.

Call me to discuss your remote monitoring security problems

As I've shared here, security has been an increasingly relevant factor during my 17-year career in remote monitoring. There's been even more development during the 37-year history of DPS Telecom.

If you have a security concern triggered by an internal audit or review - or there's just something nagging on your conscience - let's talk about it.

To speak with me (or a similar engineer) about remote monitoring security, just call DPS today.

Call 1-800-693-0351 or email sales@dpstele.com