How do RTUs differ from PLCs?

RTUs are optimized for remote monitoring and control over long-distance communication links — they excel at data collection from dispersed field sites and are typically connected via serial, cellular, or radio communication to a central SCADA system. PLCs are optimized for high-speed local process control with deterministic timing. RTUs are common in utilities and infrastructure; PLCs are common in manufacturing and process industries. The distinction has blurred in modern IIoT environments.

Definition

RTU (Remote Terminal Unit)

A device that monitors and controls remote field equipment in utilities and energy infrastructure. RTUs are often decades old with limited security capabilities and no vendor-supported patching path.

What is RTU (Remote Terminal Unit)?

A device that monitors and controls remote field equipment in utilities and energy infrastructure. RTUs are often decades old with limited security capabilities and no vendor-supported patching path.

A Remote Terminal Unit (RTU) is a microprocessor-controlled field device that monitors and controls remote equipment in geographically distributed infrastructure — pipelines, power transmission lines, water systems, oil and gas facilities. RTUs collect data from local sensors (flow rates, pressure, temperature, valve positions) and transmit it back to central SCADA systems, while receiving and executing control commands from SCADA operators.

RTUs are deployed in some of the most challenging security environments: remote locations with physical access constraints, communication links over wireless or cellular networks, and operational lifetimes measured in decades. Many RTUs in service were deployed in the 1990s or 2000s and run firmware that has never been updated. Communication protocols (DNP3, Modbus, IEC 60870-5) were designed for reliability over low-bandwidth serial links with no security features.

The security implications of RTU compromise are significant in critical infrastructure. An attacker with RTU access can falsify sensor readings (causing operators to make incorrect decisions), manipulate control outputs (opening valves, adjusting pressure, triggering alarms), or disrupt communication between field equipment and central control. These capabilities translate directly to physical infrastructure disruption — water system contamination, pipeline pressure incidents, grid instability.

Key Facts

RTUs are deployed in water, energy, oil and gas, and transportation critical infrastructure globally
DNP3 and Modbus — the dominant RTU protocols — have no authentication in their base specifications
Many RTUs in active service were deployed 20–30 years ago with no security updates since installation
Internet-exposed RTUs are indexed by Shodan and actively targeted by threat actors

How ORDR Addresses RTU (Remote Terminal Unit)

ORDR discovers RTUs using passive protocol analysis of DNP3, Modbus, and IEC 60870-5 traffic, classifying them by manufacturer, model, and communication pattern. Behavioral baselines for RTU-SCADA communication enable detection of anomalous query patterns, unauthorized command sequences, and unexpected communication sources that may indicate attack activity.

See ORDR in action

Frequently Asked Questions

Back to Glossary

Protect your operational technology.

ORDR discovers and monitors every OT asset in real time—even legacy PLCs and SCADA systems that cannot run agents.

REQUEST A DEMO OT Security Solutions