What is a DIY weather station?

A DIY weather station is a self-built device for measuring environmental parameters such as temperature and humidity, featuring IoT capabilities.

Why is OT/IoT security important?

OT/IoT security protects devices from unauthorized access and failures, ensuring system continuity.

Why does the project emphasize a 'Security-focused' approach?

I apply 'Security by Design' principles to minimize the risk of implementing insecure components in an OT/IoT environment.

ESP32 OT/IoT Environmental Monitoring Station

Introduction and project objective

In industrial environments, incorrect environmental data or limited operational visibility can critically affect process stability, asset condition, and business continuity.

I built my own monitoring station as a Proof-of-Concept (PoC) and a personal research and development platform. My goal was to translate theoretical security requirements (such as ISO 27001 and TISAX) into practical implementation, experimenting with IoT system integration, HMI interface design, and secure configuration methods for edge devices.

Technical scope

Central unit: ESP32 microcontroller – the heart of the system managing telemetry.
User interface: Nextion 3.5" HMI panel – dedicated real-time parameter visualization.
Cybersecurity: multi-layer authentication and access protection for configuration.
Integration: remote data access over the network while preserving segmentation rules.
Hardware: custom assembly, precise soldering, and a dedicated 3D-printed enclosure.

Security-by-Design approach

In the project I applied hardening and protective practices typical for industrial systems:

Access segmentation: clear separation of monitoring functions from system management functions.
Interface control: deliberate management of exposed network services and physical ports.
Integrity protection: mechanisms blocking unauthorized changes to operational parameters.
Resilience-oriented design: designing for robustness and stability of readings.

The first screen shown below is the higher-privilege admin panel that was initially exposed without a proper lock. It demonstrates why strict access control is essential in OT HMI environments.

Admin-level HMI panel without access lock — Higher-privilege admin panel displayed without a secure lock.

The next image shows the additional security layer added later: a dedicated password-protected entry screen replacing the two unlocked masks.

Password-protected security layer for OT HMI — Additional password-protected layer for enhanced OT HMI security.

Insights and reflections (Expert perspective)

Building the station was more than a technical challenge – it was a lesson in practical GRC:

Practice vs audit theory: Having worked for 18 years in a single industrial facility, I know that during an audit you cannot always inspect OT systems as deeply as you would like. This test platform allows me to understand the mechanisms I normally assess only through documentation.

A lesson in humility (Home “disco”): Early in the project, I did not implement proper privilege segmentation. The result? My children gained access to control functions by playing with the panel, turning the house into a disco. This amusing incident is a perfect metaphor for industrial risk: a lack of strict HMI access control can lead to unforeseen process disruptions.

Privilege philosophy: The project confirmed that the principle of least privilege is essential. An operator should see only what is necessary for safe operation – critical functions must remain in a higher, protected layer.

What next?

OT systems are increasingly supporting people, and that role will continue to grow. The next step for the station will be exploring artificial intelligence (AI) in OT monitoring. I see great potential for predictive maintenance, but also new security risks that we as GRC experts must start addressing now.

Q&A: ESP32 OT/IoT Environmental Monitoring Station

Why is this project important for industrial security?

The project can be seen as a small-scale educational model inspired by industrial control system (ICS) concepts. It helped me better understand practical OT topics such as secure configuration, interface protection, telemetry visibility, and network segmentation.

It is also an opportunity to deepen the Security-by-Design approach in a hardware-oriented environment and to better understand concepts commonly associated with frameworks and standards such as ISO 27001, TISAX, and modern OT/IoT security practices.

What is HMI?

HMI (Human-Machine Interface) is an operator panel that allows a person to interact with a machine or system. In OT environments, HMI displays process data and accepts user input, often via a touchscreen. In this project, a Nextion 3.5" display with resistive touch serves as the HMI, providing real-time environmental data visualization and touch-based navigation between screens.

What is ESP32?

ESP32 is a low-cost, low-power microcontroller with built-in Wi-Fi and Bluetooth, widely used in IoT projects. It supports multiple communication protocols and offers enough processing power to handle sensor data acquisition, network connectivity, and serial communication with external devices such as HMI panels.

How does the display communicate with the microcontroller?

The Nextion HMI display communicates with the ESP32 via UART (Universal Asynchronous Receiver-Transmitter) serial interface. The connection uses GPIO16 (RX) and GPIO17 (TX) at a baud rate of 115200. This allows bidirectional data exchange: the ESP32 sends sensor readings and commands to the display, while the display sends touch events and user input back to the microcontroller.