When you're managing critical infrastructure, you're responsible for uptime, compliance, and protecting equipment worth millions. And, you're increasingly responsible for satisfying regulatory expectations that weren't even clearly defined a few years ago.

That's the exact situation one of our utility clients found themselves in. They had built their remote site visibility using G5 NetGuardian 420 remotes - devices that have performed reliably for over a decade.

However, as new interpretations of NERC CIP (North American Electric Reliability Corporation - Critical Infrastructure Protection) guidelines started raising eyebrows, the client asked the same question you may be asking yourself right now:

Do we need to upgrade? And if so, how much - and how fast?

Let's walk through how that utility approached the issue, what they learned, and how the NetGuardian G6 platform is helping them address modern cybersecurity expectations while staying fully compatible with legacy deployments.

Step 1: The Growing Pressure of NERC CIP

The NERC CIP standards aren't new. But the way they're being interpreted and enforced continues to evolve - especially when it comes to cybersecurity for remote access and information in transit.

At their core, these standards ask utility providers to:

• Define and protect their electronic security perimeters
• Use strong authentication and encryption for remote access
• Manage software patches, ports, and services
• Monitor for malicious activity
• Secure data in transit

Nowhere in the regulations does it explicitly say, "You must use TLS 1.2" or "You must upgrade to G6 RTUs." Instead, the wording is purposefully broad. That vagueness has created a gray zone that utility managers must navigate.

Some organizations interpret this broadly and feel confident in their perimeter defenses. Others are playing it safe and taking extra steps - replacing or upgrading RTUs that can't support modern encryption standards like TLS 1.2, SSH, or SNMPv3.

The client we spoke with recently had this exact discussion internally: Are our G5s still compliant? Or should we start preparing for the future now?

Step 2: Why G5 Can't Keep Up with Modern Encryption

Let's be clear: the NetGuardian G5 is a battle-tested, ultra-reliable RTU. Thousands of them are deployed nationwide and continue to perform well. But as security requirements continue to tighten, there are hard technical limits that firmware updates just can't overcome.

Specifically, G5 remotes:

• Don't support TLS 1.2, the modern encryption standard required for secure web access.
• Don't support SSH, meaning Telnet (a much less secure method) is the only CLI option.
• Can't run SNMPv3, the encrypted version of the SNMP protocol used in many networks today.
• Have slower processors, which result in sluggish page loads and prevent fast encryption handshakes.

During lab testing, TLS sessions on G5 hardware took several minutes to initialize - far too long for practical secure access. The platform just couldn't have been designed with future security standards in mind.

On G6 hardware, the same connection launches in seconds.

Step 3: What G6 RTUs Bring to the Table

The G6 isn't just a newer version. It's a platform engineered specifically to answer the security and usability challenges of today's utility environments. That includes everything from performance upgrades to a dramatically improved web interface.

The G6 platform ready for modern security and compliance because it offers:

1. Modern Security Protocols

• TLS 1.2: Ensures encrypted access to web interfaces.
• SSH: Secure shell access instead of Telnet.
• SNMPv3: Encrypted SNMP communication with authentication.
• RADIUS support: Centralized user authentication and access control.

These are critical when addressing NERC CIP standards like:

• CIP-005-5 (Electronic Access Points and Remote Access Encryption)
• CIP-007-6 (Port/Service Management, Security Patching)
• CIP-011-1 (Information Protection for data in transit).

2. Drop-In Compatibility

One of the best things about the G6 platform is that it's backward compatible with your existing G5 hardware:

• Same Amphenol connectors
• Same pinouts
• Same T/Mon templates
• Same mounting options
• Same serial ports (RJ45)

As the client we spoke with confirmed, it's easy to begin using G6 RTUs in parallel with G5s without disrupting existing workflows or retraining field teams.

3. A Faster, Modern Web Interface

The old G5 interface is functional, but dated. It uses HTML frames and refreshes every 60 seconds.

G6, in contrast, uses an asynchronous interface with instant navigation. It loads fast, feels modern, and is much easier to use.

This also reduces training time for field techs and increases efficiency during on-site configuration.

Step 4: Clients Are Starting with a Test Batch

During the conversation with the client, they didn't panic or rip and replace. They did what smart organizations do:

They requested a quote for six G6 RTUs to test in their environment.

That small test batch allows them to:

• Compare performance and interface directly with existing G5s
• Evaluate G6 security features against internal IT standards
• Get PTO and field tech feedback before standardizing purchases
• Make informed purchasing decisions for future projects

They also discussed exchanging a recently ordered G5 for a G6, just to get started without waste.

That's how you make forward progress without introducing unnecessary risk.

Step 5: Do You Need to Upgrade for NERC CIP?

This is where things get nuanced.

There's no line in the regulation that says: "Upgrade all RTUs by December 31st." In fact, compliance remains the responsibility of each individual utility, and the language is often deliberately vague.

That's why utilities are adopting different strategies:

• Some rely on external network security layers, like firewalls, to justify keeping older RTUs.
• Others are upgrading to G6 for new deployments only.
• A few are planning phased replacements over several years.
• Government and high-security facilities are moving faster to eliminate any gap in compliance.

The utility in our recent call decided to take the middle path: Evaluate G6 now, decide later how aggressively to deploy.

Whatever your strategy, the key is to understand your current remote access configuration, review the relevant CIP sections, and decide what risk level you're comfortable with.

If you need help reviewing those sections, DPS has already done the homework. We've highlighted how G6 supports specific NERC CIP requirements and can walk you through it.

Why DPS Built the G6 - And Why It Matters

We didn't build the G6 just to "have a new model." We built it because we were hearing from clients, like this one, that wanted:

• Stronger security to meet growing regulatory demands
• Better performance in the field
• Easier access for techs
• Assurance that they wouldn't be forced into forklift upgrades

Finalizing the G6 meant that we had delivered - and not just engineered to create obsolescence.

And since we manufacture in-house, we can respond quickly to special firmware needs, protocol support (like Modbus or SNMP mediation), or build-to-order hardware features.

Ready to Evaluate G6? Here's What to Do Next

If you're in the same position as the utility in our case study, here's your path forward:

1. Ask for a G6 evaluation quote. Start with a few units for testing.
2. Review your internal security policies. Are you required to use TLS or SSH?
3. Read the relevant NERC CIP sections. We'll send you a summary PDF to help.
4. Loop in your IT and compliance teams. They can clarify interpretation standards.
5. Plan your purchasing strategy. Will you use G6 for new installs only? Or phase out G5s?

Our client did all of the above - and they're now on a clear path to protecting the future of their network, one step at a time.

You Don't Need to Be an Expert in NERC CIP

You're probably busy. You might not have time to read dozens of pages of regulatory language. That's OK.

That's where we come in.

We've already mapped G6 capabilities to NERC CIP guidelines. We've helped other utilities interpret the vague language. We'll help you figure out what makes sense - technically, financially, and organizationally.

Whether you're just starting to think about compliance, or you've already flagged TLS 1.2 as an internal requirement, we've got you covered.

Get Help From DPS Telcom

If your job depends on setting up and maintaining reliable, secure, and compliant remote monitoring, let's talk.

Call us now at (559) 454-1600 or email sales@dpstele.com.

We'll send you:

• A quote for G6 evaluation units
• A technical overview of G6 vs. G5
• A NERC CIP mapping guide for your internal team
• Answers to your questions from real engineers

Your job isn't getting easier, but your tools can be. Let's take the first step on your project together.