top of page
Search

Correspondence with the National Protective Security Authority on Industrial Radio Security

  • spotcom
  • Aug 4, 2025
  • 2 min read

Updated: Jan 19

As part of ongoing engagement on the security of industrial radio communications, the Secure Industrial Radio (SIR) Certification framework has been formally shared with the UK’s National Protective Security Authority (NPSA) for awareness and consideration.


This submission formed part of broader information-sharing on the use of radio communications within operational technology (OT) environments and the potential risks associated with legacy deployments.


Context for the submission


Across many sectors, cybersecurity frameworks and guidance have evolved to address IP-based networks, connected systems, and digital infrastructure. However, industrial radio communications — particularly those used for control and telemetry — are not always explicitly considered within existing assurance or governance models.


Radio systems continue to play a critical operational role in environments such as water, energy, transport, and manufacturing. These systems often support remote or unmanned sites and may operate for long periods without change.


The submission of SIR Certification to the NPSA was intended to support visibility of this area of risk and to contribute to wider discussions on infrastructure resilience.


Why industrial radio warrants attention


Industrial radio links are frequently used to:

  • Transmit control commands and telemetry

  • Support time-sensitive operational processes

  • Enable remote monitoring and intervention


Many long-standing radio systems were designed at a time when cybersecurity threats were not a primary design consideration. As a result, some deployments may lack mechanisms to authenticate messages, protect against interception, or detect unintended reuse of commands.


At the same time, the tools required to observe and analyse radio communications have become more accessible, increasing the importance of understanding how these systems behave in practice.


What the submission addressed


The information shared with the NPSA outlined:

  • The continued operational reliance on industrial radio communications

  • The diversity of radio technologies and deployment models in use

  • The absence of a consistent assurance approach focused specifically on radio communications

  • The role of SIR Certification as a technology-neutral, tiered assurance framework


The intention was not to propose regulation or mandate specific solutions, but to highlight a gap in existing assurance coverage and to support informed discussion.


What this does — and does not — mean


The submission of SIR Certification to the NPSA:

  • Does not imply endorsement, approval, or adoption

  • Does not constitute regulatory recognition

  • Does not change the voluntary nature of SIR Certification


It reflects engagement and transparency on an area of operational technology risk that has historically received limited attention.

Ongoing engagement


SIR Certification is intended to support constructive dialogue with industry, regulators, insurers, and other stakeholders involved in infrastructure protection and resilience.

As with all aspects of the framework, its development and application are informed by practical experience, evolving threat awareness, and responsible engagement with the wider OT community.

 
 
 

SIR Certification

+44 (0)1329 448161

 

© 2025 Spotcom Ltd. All rights reserved.
SIR Certified™ and its associated certification levels are trademarks of Spotcom Ltd.
The name, logo, and certification marks are protected under UK intellectual property law.
Unauthorised use, reproduction, or distribution of these marks is strictly prohibited.
You are welcome to share or reference this content for awareness or educational purposes, provided attribution to Spotcom Ltd. is maintained and the material is not altered or misrepresented.

 

bottom of page