Secure Industrial Radio Certification
Securing Industrial Radio for Critical Infrastructure
Introducing SIR Certification
Security and Resilience Assurance for Industrial Radio Systems
Addressing an overlooked layer of operational technology
Across the UK and internationally, significant progress has been made in securing digital and IP-based infrastructure. Fibre, cellular, and networked systems are now routinely protected through established cybersecurity frameworks, standards, and controls.
However, in many operational technology (OT) environments, one critical layer has historically received far less attention: industrial radio communications.
These radio systems are widely used to carry control commands and telemetry between control rooms and remote or unmanned sites. They support essential services across sectors including utilities, transport, energy, and industrial operations.
Why industrial radio matters
Industrial radio communications often form part of an operational or safety-related control loop. They are used to start and stop equipment, adjust processes, and respond to changing conditions in real time.
Many radio systems currently in service were designed in an era when cybersecurity threats were not a primary consideration. As a result, some deployments lack modern protections for confidentiality, integrity, or authenticity of communications.
This creates a potential gap in otherwise mature OT cybersecurity programmes — one that is not always visible through traditional network monitoring or compliance approaches.
What SIR Certification is
Secure Industrial Radio (SIR) Certification is an independent assurance framework focused specifically on the security and resilience of radio communications used within OT environments.
It provides a structured, technology-neutral approach for assessing whether industrial radio systems are capable of supporting appropriate security controls, aligned with their operational role and risk profile.
SIR Certification is designed to be:
-
Vendor-neutral
-
Testable and evidence-based
-
Applicable to new and existing installations
-
Aligned with established OT cybersecurity principles
What SIR Certification is not
SIR Certification is not a regulatory requirement, and it does not replace existing standards, regulations, or spectrum management regimes. It does not mandate specific products or technologies.
Instead, it complements existing governance and cybersecurity approaches by addressing an area that is often out of scope: the radio communications layer itself.
Supporting confidence and accountability
For asset owners and operators, SIR Certification supports informed decision-making and documentation of risk.
For insurers and compliance professionals, it provides a measurable basis for assessing communications-related exposure.
For regulators and the public, it contributes to confidence that essential services are not dependent on unexamined or unassured communications links.
In an environment where cyber risks increasingly have physical consequences, SIR Certification helps ensure that industrial radio systems are no longer an implicit assumption, but an explicit part of operational assurance.
A more detailed explanation of the SIR framework and its tiered assurance model is available in our ‘How SIR Works’ article.
Video Introduction to SIR Certification
Watch how a single intercepted radio signal could disrupt critical infrastructure—and how SIR stops it.
SIR Certification is an independent assurance framework for assessing the security and resilience of industrial radio communications used within operational technology environments. It provides a structured, vendor-neutral approach to understanding communications risk where radio systems support monitoring, control, or safety-related functions.