top of page

Latest News

OT Cybersecurity Has a Communications Blind Spot

Why legacy and industrial radio systems remain an overlooked risk in modern OT cybersecurity programmes.

Over the past decade, operational technology (OT) cybersecurity has matured significantly. Asset owners are far more aware of the risks associated with insecure remote access, flat networks, and legacy control systems. Frameworks, guidance, and regulation have helped drive meaningful improvements across many industrial sectors. 

 

However, this progress has not been uniform. One area continues to receive comparatively little scrutiny: the communications links that connect remote OT assets to the systems that monitor and control them.

 

​In many environments, these links are radio-based — and in many cases, they remain implicitly trusted.

Where OT cybersecurity efforts typically focus.

Most modern OT cybersecurity programmes rightly prioritise areas such as:

  • Network segmentation between IT and OT

  • Secure remote access and vendor connectivity

  • Hardening of PLCs, RTUs, and control system endpoints

  • Monitoring, logging, and detection within OT networks

  • Governance, asset inventories, and risk management processes

 

These controls are essential and have significantly reduced risk across industrial environments. However, they often stop at the edge of the wired network or the control system itself.

 

What lies beyond — particularly in geographically distributed OT systems — is frequently assumed to be outside the primary threat model.

The overlooked role of industrial radio communications.

Across utilities, transport, energy, and industrial automation, radio communications are widely used to connect remote assets such as:

  • Pumping stations and reservoirs

  • Boreholes and environmental monitoring points

  • Renewable energy installations

  • Remote valves, gates, and control points

 

Many of these radio systems were designed and deployed years — sometimes decades — ago. Their design priorities were availability, reliability, and coverage, not resilience against modern cyber-physical threats.

As a result, legacy and even some modern industrial radio links may lack:

  • Strong authentication

  • Cryptographic integrity protection

  • Protection against replay or signal spoofing

  • Clear visibility within OT security governance

 

In practice, this means the data arriving at a control system is often assumed to be accurate simply because it arrived.

Why this matters more as OT becomes more autonomous.

The risk associated with trusted communications has increased as OT systems evolve.

Embedded AI, advanced control logic, and autonomous optimisation are now being introduced into PLCs and controllers. These systems increasingly make decisions based on trends, predictions, and aggregated telemetry rather than simple threshold alarms.

In this context, communications are no longer just a transport mechanism — they are a direct input into operational decision-making.

If telemetry or control data is delayed, manipulated, replayed, or spoofed at the communications layer, the control system may behave entirely “correctly” — but based on an incorrect view of reality.

As autonomy increases, the integrity of the data driving decisions becomes as critical as the security of the control system itself.

A governance gap, not a technology failure

Most OT cybersecurity frameworks and regulatory guidance acknowledge communications risk, but in practice industrial radio systems are often treated as:

  • Legacy engineering components

  • Specialist telecoms infrastructure

  • Out of scope for cybersecurity assessment

 

This is understandable. Radio systems sit at the intersection of engineering, operations, and security, and they do not always fit neatly into IT-derived security models.

However, as OT environments become more interconnected and more autonomous, this assumption is becoming increasingly difficult to justify.

 

The issue is not that radio systems are inherently insecure — it is that their role in operational risk is often insufficiently understood or documented.

What good looks like in practice

Addressing this blind spot does not require wholesale replacement of legacy systems. Instead, it starts with proportionate, risk-based understanding.

Good practice includes:

  • Clearly defining system boundaries and dependencies

  • Understanding which communications links influence control decisions

  • Assessing integrity, resilience, and failure modes of radio links

  • Documenting assumptions, exclusions, and compensating controls

  • Treating communications trust as an operational risk, not just an engineering detail

 

The goal is not to modernise everything, but to understand where communications trust underpins operational safety and resilience.

Looking ahead

OT cybersecurity is no longer solely about securing networks and devices. It is about understanding how decisions are made — and whether the data driving those decisions can be trusted.

For many organisations, that means taking a closer look at the industrial radio systems they have relied on for years, and recognising them as a critical part of the OT control loop.

Done properly, this approach strengthens resilience without disrupting operations — and closes a gap that is becoming increasingly relevant as OT systems continue to evolve.

Spotcom works with asset owners to provide independent assurance of OT radio communications, helping organisations understand and manage communications risk within wider OT cybersecurity programmes.

Authorised Distributor in the UK and Ireland for ELPRO Radio Equipment

Westermo
Sim Ranger
LCA
clark_elec_logo_bright_red
header1
kilderry logo
SSE-Logo
LOW CARBON HUB LOGO small
Sandhurst_Inst_logo_1L_rgb-1-e1484150881347
bottom of page