The development of IoT technology and the popularization of LoRaWAN networks in industry, cities and buildings are progressing at a rapid pace. Today, the LoRaWAN protocol not only facilitates monitoring and automation in large areas with minimal energy consumption - it is also becoming the foundation of critical infrastructure systems. However, in an era of growing cyber threats and tightening EU regulations, a fundamental question arises: is your LoRaWAN infrastructure really safe?
Since October 2024, the NIS2 directive has been in force in Poland, introducing far-reaching obligations in the field of IT security for operators of essential services. The Cyber Resilience Act (CRA) will also soon come into force, which will impose the obligation to design IoT devices in accordance with the "secure by design" principle, i.e. with built-in security mechanisms and long-term support in terms of patching vulnerabilities.
The amended RED directive now also includes cybersecurity requirements for radio equipment. After all, GDPR has also been in force for years, and applies to any case of processing personal data, including by sensors operating in the LoRaWAN network.
These are no longer recommendations – they are hard legal regulations, failure to comply with which can result in serious financial and image consequences. LoRaWAN gateways, as critical elements of the communication infrastructure, should be at the very top of the priority list when implementing security measures.
According to data from the ANSSI Security Agency, the number of attacks on OT (Operational Technology) environments has increased by as much as 70% over the past two years.
In many cases, IoT networks become an entry point for hackers into industrial control systems, city networks or critical infrastructure. An unsecured LoRaWAN gateway can be an easy target – allowing data to be intercepted, falsified or even malware to be installed, which allows further penetration of local systems. In practice, this means that a single vulnerability in the gateway can compromise the security of the entire environment.
In LoRaWAN systems, sensors act as observers, but the gateway is responsible for forwarding data – to the management platform, the cloud, and sometimes also for local processing.
Depending on the system architecture, the gateway can handle session management, encryption keys or authorization, especially when it includes a built-in LoRa Network Server. However, if it works as a simple relay (packet forwarder), it is still responsible for sending data to external servers.
In both cases, its compromise can result in full takeover of the network. That is why it is so important to choose devices designed in accordance with the "secure by design" principle.
There are many LoRaWAN gateways on the market, but few offer real resilience to threats. The Wirnet i-Series from Kerlink is an exception.
These devices are manufactured in accordance with the SSDLC (Secure Software Development Life Cycle), which means that security is an integral part of the entire design and production process. Key mechanisms include Secure Boot, Secure Storage, and transmission encryption using the mTLS protocol.
The whole thing is complemented by compliance with the EN 303645 standard, which is currently the European cybersecurity standard for IoT devices, and a full vulnerability management policy, enabling ongoing software updates.
Importantly, the gateways are designed and manufactured in France, which guarantees full technological sovereignty and no dependence on suppliers outside the European Union.
The implementation of the intelligent transport management system (ITS) in Katowice, carried out in 2022–2023, is proof of the effectiveness of Kerlink solutions in practice.
This technologically advanced undertaking was based on the Wirnet i-Series gateways, supplied by JM elektronik sp. z o.o. – a platinum, authorized distributor of Kerlink on the Polish market. Thanks to this, the project not only met the technical requirements, but also ensured compliance with the growing requirements in the field of cybersecurity of urban infrastructure.
We have many other implementations based on Kerlink gateways to present as valuable references at the next stages of commercial talks about your needs.
In the face of increasingly sophisticated digital threats and existing legal regulations, securing LoRaWAN gateways is not an option – it is an obligation. By choosing Kerlink Wirnet i-Series, you are investing in a proven, durable solution compliant with European standards. Cybersecurity cannot be an addition – it must be the foundation. And it all starts with the gateway.
