You need to see DPS gear in action. Get a live demo with our engineers.
Have a specific question? Ask our team of expert engineers and get a specific answer!
Sign up for the next DPS Factory Training!
Whether you're new to our equipment or you've used it for years, DPS factory training is the best way to get more from your monitoring.Reserve Your Seat Today
As a sales engineer at a manufacturer of remote monitoring equipment, I witness the tension between security and authorized access on a daily basis.
The Remote Terminal Units (RTUs) and master stations that I sell are hardware devices that are integral to remote monitoring systems. They need communication (usually IP/LAN) to be able to help you manage your remote locations.
From the perspective of IT security professionals, however, every new device that others want to install represents a potential career-ending mistake. You have to empathize with the reluctance of security people to grant access through the firewall. If your company gets massive ROI from top-notch remote monitoring, it's hard enough for that to get recognized by the C-suite and for the facilities team to get a "pat on the back." Think how radically unlikely it is that an IT security worker gets praised for allowing the necessary ports through the firewall that allowed that to happen.
Is it any surprise, then, that any allowance through the firewall is met with resistance? You have to complete scans, upgrade equipment to more secure standards, and beg the right people internally to complete your remote monitoring project.
Let's review the implications of and interactions between remote monitoring technology and your corporate/agency firewall team. We'll focus on what you can do to make your remote monitoring research, purchase, installation, and usage as smooth as possible.
RTUs and master stations, along with their underlying software, facilitate the collection, transmission, and analysis of data in real-time from geographically dispersed locations.
However, the very existence of these systems also raises significant cybersecurity concerns. Companies now grapple with the challenge of effectively managing firewalls and security in line with company policies and government regulations.
It's important that you understand what a firewall is at this stage, so I'm including this information as a reminder, just in case. Feel free to skip this section.
A firewall acts as a gatekeeper between a trusted internal network and untrusted external networks, such as the internet. It uses predetermined rules to allow or block traffic, making it a crucial component in preventing cyber threats. For remote monitoring systems, firewalls can be configured to permit only authorized communications between the RTUs and the Central Master Stations.
Firewalls in conjunction with VPNs can provide additional security by creating a secure tunnel for data transmission, ensuring that only authenticated devices can connect to the network. This is an effective strategy employed by DPS Telecom and can be beneficial for other businesses as well.
I've been working recently with a long-time DPS client undertaking an important IT-to-OT network transition. It's a large organization, so coordination becomes important.
In this context, we can learn a lot about how to navigate security concerns while preserving monitoring functionality in a way that (mostly) makes every one of your departments happy.
The cyber threats associated with remote monitoring systems are diverse and potentially devastating. You have everything from data breaches to system disruptions. An effective cybersecurity strategy for remote monitoring systems should include:
Every organization must have robust security policies in place, and these policies should extend to remote monitoring systems. In addition to technical security measures, training and awareness programs for employees are key. They should understand the importance of security practices such as not sharing passwords and reporting any suspicious activity.
Something I see from working with my clients is widely varying attitudes for allowing default usernames and passwords to remain on monitoring devices. It's absolutely more convenient to do this, but you'd be hard-pressed to find a security professional who endorses this "time-honored" practice.
In addition to configuration settings and passwords, the selection of remote monitoring hardware and software should align with these policies. For example, if your policy stipulates that only encrypted communication is allowed, then your RTUs and central master stations should support encryption.
Various governments have regulations in place to protect data and ensure cybersecurity. For instance, industries like healthcare and finance are subject to strict data protection regulations like HIPAA and GLBA, respectively. These regulations often dictate the minimum security measures that must be in place, and non-compliance can lead to severe penalties.
In this regard, your remote monitoring systems should be designed and operated in compliance with relevant regulations. This might mean ensuring that data collected by RTUs is stored and transmitted securely, or that access to Central Master Stations is strictly controlled.
Fortunately, as I well know from filling out compliance forms when I'm bidding on monitoring projects, many of these rules are consumer-focused and not relevant for remote monitoring systems. I've never heard of either patient health records or sensitive credit card information being stored on an RTU, for example.
You can expect that you'll need to explain this to the security and compliance teams within your company.
As I've shared here, security has been an increasingly relevant factor during my 17-year career in remote monitoring. There's been even more development during the 37-year history of DPS Telecom.
If you have a security concern triggered by an internal audit or review - or there's just something nagging on your conscience - let's talk about it.
To speak with me (or a similar engineer) about remote monitoring security, just call DPS today.
Call 1-800-693-0351 or email firstname.lastname@example.org