Securing the Airwaves: SIR Certification Submitted to the NPSA for National Review

Securing the Airwaves: SIR Certification Submitted to the NPSA for National Review

In a move aimed at strengthening the UK’s cyber resilience, Spotcom has officially submitted the Secure Industrial Radio (SIR) Certification framework to the National Protective Security Authority (NPSA) for consideration as part of national critical infrastructure protection.

While other communication layers—like Ethernet, cellular, and SCADA—have seen cybersecurity frameworks develop around them, radio remains the last ungoverned frontier in many industrial environments. This submission aims to change that.

Why Now?

From water and energy to transport and manufacturing, radio signals silently power much of the UK’s critical infrastructure. These RF links start pumps, open valves, move equipment, and transmit data—often without encryption, authentication, or any intrusion detection.

In recent years, there’s been a surge in awareness around replay attacks, signal spoofing, and RF jamming, especially as tools like SDR dongles become increasingly accessible. Yet, many of the UK's radio-controlled systems still operate as they did 20 years ago—unencrypted and unauthenticated.

Why It Matters

The submission highlights a key national security gap:

✅ There is no mandated cybersecurity baseline for industrial RF control systems

✅ RF attacks are cheap, quiet, and increasingly common

✅ Many sites don’t even know they’re using radios—let alone unsecured ones

✅ Modern radios can meet high security standards—but guidance and accountability are needed

Unlike traditional IT systems, radio networks operate in an open-air domain. Anyone within signal range can intercept and replay commands unless proactive protections are in place.