Secure Industrial Radio Certification
Securing Industrial Radio for Critical Infrastructure
View the Whitepaper
Introducing SIR Certification - The UK's Cybersecurity Standard for Industrial Radio Systems
The Hidden Cyber Gap in Critical Infrastructure
We’ve made enormous strides in securing digital infrastructure. Fibre, cellular, and IP networks now come bundled with advanced protections—firewalls, TLS encryption, intrusion detection, and formal compliance standards like ISO 27001 or Cyber Essentials. But across many critical industries, one layer has been quietly left behind: industrial radio communications.
These signals may not carry emails or bank data—but they do carry life-critical control commands: turn pumps on, adjust chemical dosing, shut off turbines, open floodgates. And unlike their digital counterparts, many of these radio systems still transmit simple, unauthenticated messages. No encryption. No verification. No way to know if a message has been spoofed.
This presents a unique cybersecurity blind spot—one that spans utilities, manufacturing, transport, and heavy industry. For regulators, it’s a resilience concern. For risk managers and insurers, it’s a silent exposure. For the public, it means essential services could be tampered with remotely—without a trace.
SIR Certification – Cybersecurity for the Signals We Forgot
Secure Industrial Radio (SIR) Certification closes this gap with the UK’s first dedicated framework for securing radio-based control systems. Designed to be vendor-neutral, testable, and applicable to both new and retrofit installations, it introduces tiered protections that mirror what’s expected in other communications channels.
SIR Certification helps asset owners answer the question: “Is my radio network secure?” It provides a clear benchmark for encryption, authentication, secure key rotation, and replay-attack mitigation, giving engineers a practical implementation path and regulators a way to recognise verified systems.
For insurers and compliance officers, SIR offers a measurable way to assess cyber risk in operational environments. For the public, it delivers the assurance that vital services—like clean water, stable energy, and transport signalling—are protected from invisible interference.
In a world where cyber attacks can jump air gaps, spoof wireless signals, and trigger real-world outcomes, SIR Certification ensures the invisible layer of infrastructure is no longer overlooked.
Video Introduction to SIR Certification
Watch how a single intercepted radio signal could disrupt critical infrastructure—and how SIR stops it.
From Baseline to Advanced: The Three Levels of SIR Certification
Level 1 – Basic Protection
For minimal-risk, legacy-friendly upgrades
-
Unique device IDs to prevent generic “any device” control
-
Removal of default passwords and insecure factory settings
-
Fail-safe defaults so equipment reverts to a secure state if communications are lost
-
Basic access control to prevent unauthorised local connections
This level raises the absolute minimum bar, ensuring even basic radios are not completely exposed.
Level 2 – Intermediate Protection
For critical functions where secure communications are essential
-
AES-128 or AES-256 encryption of all radio traffic
-
Message authentication codes (MACs) to verify integrity
-
Protection against replay attacks through nonce/counter mechanisms
-
Secure over-the-air firmware updates with signed images
-
Role-based access control for operator and maintenance accounts
Level 2 stops most RF interception and manipulation attacks, making it suitable for most modern industrial sites.
Level 3 – Advanced Protection
For high-risk environments, compliance, and regulator assurance
-
Strong AES-256 encryption with dynamic key rotation
-
Digital signatures on every command for full authentication
-
Device whitelisting by IP, MAC, or serial number
-
Continuous anomaly detection and tamper alerts
-
Secure, centralised provisioning and diagnostics
This level is designed for the most critical sites, where disruption or tampering could cause major environmental, financial, or safety impacts.