65 einsatzbereite Tabletop-Übungen, ausgerichtet an globalen Standards — IEC 62443, NIST SP 800-82, NIS2, DORA — und ergänzt mit regionalem regulatorischem Kontext. Speziell entwickelt für Öl & Gas, Bergbau, Telekommunikation und Energie.
Whether your headquarters is in Kinshasa, Yaoundé, Douala, or Paris — these global standards define OT/ICS cybersecurity best practice. Every exercise covers them, enabling Central African operators to reach the same level as their global counterparts.
The global benchmark for IACS systems — essential for mining, oil & gas, and energy operators in Central Africa working with international partners. Scenarios mapped to all security levels.
The definitive NIST guide for OT cybersecurity — adopted by multinationals operating in Central Africa across extractive and energy sectors. Threat scenarios based on Rev. 3 controls.
All 65 exercises align with CISA CTEP objectives with CPG 2.0 mapping and structured After Action Report export for regulatory defensibility.
Multinational energy companies with power generation assets in Central Africa apply NERC CIP globally — exercises cover all relevant standards.
European multinationals with Central African operations apply NIS2 across all sites. Particularly relevant for telecoms and energy operators with European parent companies.
Financial institutions with EU exposure apply DORA globally. Scenarios covering ICT risk management and resilience for banking subsidiaries in Central Africa.
Exercises cover all CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond, Recover — the universal benchmark applicable to all sectors.
Increasingly required by banking regulators and international business partners. Scenarios covering Annex A controls for risk assessment and incident response.
Global standards form the foundation — Central African regulations add the regional layer. Your teams exercise in the context of both, producing defensible evidence for every regulator.
The CEMAC framework harmonizes financial regulations and sectoral directives for Cameroon, Congo, Gabon, Equatorial Guinea, CAR, and Chad. Exercises integrate CEMAC notification and operational continuity obligations.
ARTEC regulates cybersecurity for telecommunications and critical ICT infrastructure in Cameroon. Exercises cover ARTEC cybersecurity directives and incident reporting obligations for telecoms operators.
The AU Malabo Convention on cybersecurity provides the continental framework. Combined with national data protection laws of CEMAC member states, it creates the applicable multi-layered regulatory framework.
Financial regulatory authorities (COBAC) and sectoral authorities of CEMAC states impose specific cybersecurity obligations on financial institutions, energy operators, and mining companies operating in the region.
Mining conglomerates, oil producers, and energy groups with Central African operations don't choose between IEC 62443 and CEMAC — they must meet both simultaneously.
Every scenario is mapped to IEC 62443, NIST SP 800-82, ISO 27001, and NIS2. Central African teams run the same world-class exercises as their European counterparts — with the CEMAC, ARTEC, and AU Convention framework built in.
Scenarios tailored to the industrial control systems, threat actors, and regulatory obligations specific to Central African critical infrastructure operators.
From SCADA attacks on DRC coltan mines to oil infrastructure compromises in Gabon — scenarios grounded in the real threat landscape for Central African operators.
All exercises available in French — the dominant operational language for OT, IT, and management teams in francophone Central Africa (Cameroon, Congo, Gabon, CAR, Chad, DRC).
Exported After Action Reports reference global standards (IEC 62443, ISO 27001, NIS2) AND CEMAC/ARTEC/AU Convention frameworks — defensible before every relevant regulator.
From attacks on mining control systems in Congo to oil infrastructure compromises in Gabon — scenarios reflecting the real threats and regulatory obligations of the region.
A threat actor compromises ventilation and transport control systems in a deep mine. IEC 62443 security levels, CEMAC notification obligations, and parent company safety requirements all converge simultaneously.
Ransomware targets the control systems of an offshore oil platform. NERC CIP procedures, IEC 62443, and CEMAC obligations for notifying national authorities and the European parent company are all tested.
A major OT breach at Douala headquarters simultaneously triggers NIS2 obligations (for the European parent company), ARTEC (Cameroon), and AU Convention requirements. Leadership faces bilingual FR/EN media and regulatory pressure.
Tell us what your organization needs. We'll map the platform to your CEMAC, ARTEC, IEC 62443 obligations, and your international parent company's standards.
Join the Central African critical infrastructure teams running professional exercises aligned to global standards and regional regulations.