Commissioning a project at a remote facility usually involves a suitcase full of proprietary hardware and a laptop housing months of R&D.
In other words, it usually means moving through the world with what feels like your entire life on your back. You may not be as slow as an IRL snail, but you’re certainly as vulnerable as one…
We are accustomed to air-gapped systems and rigid safety protocols on the factory floor. However, the moment the day ends and we retreat to a hotel, that security posture often relaxes as we rely on guest networks that are fundamentally at odds with the sensitivity of the data we carry.
This is widely referred to as the “last mile” of connectivity. A hotel’s Wi-Fi is designed for high-volume consumer throughput, not for the secure transmission of industrial intellectual property.
Most travelers equate a captive portal – that pop-up page asking for a room number – with a layer of security. In reality, these gateways are often the weakest link since they are rarely encrypted and are frequently managed by third-party vendors who prioritize data collection over user privacy.
The TL;DR? For anyone accessing a remote SCADA system or a sensitive dashboard, an open network is essentially a shared broadcast medium. Hotel Wi-Fi is easily hacked and known as a rich source for malicious third-parties.
The risk isn’t just a targeted attack. It is the unintentional leakage caused by the network’s own architecture since DNS hijacking and transparent proxies are common in these environments, often used to redirect traffic or inject advertisements.
If your machine attempts to sync with a corporate server over a compromised gateway, you are essentially broadcasting your credentials to anyone on the same subnet. It’s like writing company secrets on a billboard.
What’s the Solution?
Relying on a manual connection is a gamble – you need a system that ensures if the secure tunnel fails, the data flow stops instantly. Think of it like an E-stop. Assume components will eventually fail and design for a safe state.
This is where a personal killswitch becomes a critical part of the field kit.
By ensuring that your device never defaults to an unencrypted connection, you maintain the integrity of the “secure island” concept. A reliable VPN acts sort of like an airlock, keeping IP and machine-control credentials away from a compromised public backbone.
This creates an encrypted tunnel that remains invisible to the local network, regardless of how many other guests are connected to the same access point.
The perimeter of the office has effectively disappeared. We are moving between high-security zones and the digital Wild West of public infrastructure.
Maintaining operational security in 2026 requires recognizing that our transit environments are as much a part of the attack surface as the hardware we deploy.
Protecting your connection isn’t just about personal privacy – it is about the stewardship of the projects you represent. By treating every external network as inherently compromised, you ensure that the only way into your system is through the gates you have personally secured.
Main image by Andrew Neel on Unsplash
