África Oriental · Región CAE · IEC 62443 · Kenya DPA 2019 · Alineado EPRA

Ejercicios de Ciberseguridad OT/ICS de Clase Mundialpara Infraestructura Crítica de África Oriental

65 ready-to-run tabletop exercises aligned to global standards — IEC 62443, NIST SP 800-82, NIS2, ISO 27001 — and layered with East African regulatory context (Kenya DPA 2019, EPRA, EAC frameworks). Purpose-built for Telecomunicaciones, Energy, Fintech, Water, and Ports sectors.

Comenzar Gratis — 3 Ejercicios Solicitar Demo Empresarial Ver Plataforma Completa

✓ IEC 62443 ✓ NIST SP 800-82 ✓ CISA CTEP-Aligned ✓ NIS2 & DORA ✓ Kenya DPA 2019 ✓ EPRA (Energy) ✓ EAC Framework

Estándares Globales — Incluidos en Cada Ejercicio

Los Marcos Internacionales a los que Su Organización Ya Responde

From Nairobi to Kampala to Addis Ababa — these are the global standards governing OT/ICS cybersecurity best practice. Every exercise maps to them, ensuring East African operations meet the same bar as global counterparts and satisfy corporate audit requirements.

IEC 62443

Industrial Cybersecurity Standard

The global benchmark for IACS security — referenced by East African energy, telecoms, and water sector operators. Scenarios map to security levels and control domains.

NIST SP 800-82

ICS Security Guide (Rev. 3)

NIST's definitive OT security guide — widely adopted by East African fintech and telecoms multinationals. Threat scenarios reference Rev. 3 controls across all sectors.

CISA CTEP

Cyber Tabletop Exercise Program

All 65 exercises align to CISA CTEP objectives with CPG 2.0 framework mapping and structured After Action Report export for regulatory defensibility.

ISO 27001

Seguridad de la Información Management

Widely required by East African banking regulators and international investors. Scenarios support Annex A controls for risk assessment and incident response.

NIS2

EU Network & Seguridad de la Información Directive

European multinationals with East African operations must comply with NIS2 globally. Pro plan includes NIS2 compliance filters for essential and important entities.

DORA

Digital Operational Resilience Act

Pan-African banks and fintech firms with EU exposure apply DORA globally. Scenarios address ICT risk management and resilience testing requirements.

NERC CIP

Critical Infrastructure Protection

Energy sector multinationals with East African geothermal, hydro, and power generation assets apply NERC CIP across all sites globally.

NIST CSF 2.0

Marco de Ciberseguridad

Exercises cover all CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond, Recover — the universal baseline applied across the EAC region.

East African Regulatory Context

Layered with Local Regulatory Alignment

Global standards form the foundation — East African regulations add the regional layer. Your teams exercise in context of both, producing evidence defensible to every regulator from Nairobi to Kampala.

Kenya DPA 2019

Kenya Data Protection Act 2019 & CA Cybersecurity Directives

Kenya's comprehensive data protection law and the Communications Authority's cybersecurity directives govern incident notification and data handling for critical infrastructure operators across the EAC hub.

EPRA

Energy & Petroleum Regulatory Authority (Kenya)

EPRA regulates cybersecurity requirements for electricity, petroleum, and renewable energy sectors in Kenya. Energy sector exercises reference EPRA reporting obligations and operational continuity requirements.

EAC Framework

East African Community Marco de Ciberseguridad & Regional Standards

The EAC provides the regional coordination framework for cross-border incident response across Kenya, Tanzania, Uganda, Rwanda, Burundi, and South Sudan — exercises reflect cross-border notification complexity.

UCC / TCRA

Uganda Communications Commission & Tanzania Communications Regulatory Authority

Telecomunicaciones and internet infrastructure operators in Uganda and Tanzania are subject to UCC and TCRA cybersecurity regulations — exercises address incident reporting obligations for regional telecoms operators.

For Multinationals with East African Operations

Global HQ. East African Sites. One Plataforma.

El Desafío

Your Nairobi, Kampala, or Dar es Salaam facility must meet both: corporate global standards AND Kenya DPA / EAC obligations

Telecomunicaciones multinationals, energy developers, and pan-African banks with EAC operations don't choose between IEC 62443 and Kenya DPA 2019 — they answer to both simultaneously. Generic exercises address neither properly.

HQ mandates IEC 62443, ISO 27001, and NIST compliance globally
Kenya DPA 2019 and CA directives apply to Nairobi operations
EAC cross-border incident notification adds regional coordination complexity
Geothermal, hydro, and solar energy assets bring EPRA obligations

La Solución CyberICS

One exercise library. Global standards built in. East African regulatory context layered on top.

Every scenario maps to IEC 62443, NIST SP 800-82, ISO 27001, and DORA. East African teams run the same quality exercises as European and US counterparts — with Kenya DPA, EPRA, and EAC regulatory framing included.

Global compliance evidence for corporate audit and international investors
Local context for Kenya DPA 2019, EPRA, UCC, and EAC frameworks
After Action Reports defensible to both HQ and East African regulators
English support across all EAC member states

Key East African Sectors

Built for Your Industry's OT Environment

Scenarios designed for the threat actors, control systems, and regulatory obligations facing East African critical infrastructure operators.

Telecomunicaciones & Internet Infrastructure

Geothermal & Hydro Power (Kenya, Ethiopia)

Fintech & Mobile Money (M-Pesa scale)

Water Treatment & Distribution

Ports & Maritime Logistics (Mombasa)

Petróleo & Gas (Uganda, Tanzania)

Aviation & Transport Infrastructure

Banking & Financial Services

📁

65 Escenarios Listos para Usar

From Mombasa port SCADA attacks to mobile money infrastructure disruptions — scenarios grounded in the real threat landscape facing East African OT operators.

📄

EAC & Kenya DPA Framing

Exercises explicitly reference Kenya DPA 2019 notification timelines, EPRA reporting obligations, and EAC cross-border coordination — alongside global IEC 62443 controls.

🌐

English & French Support

Full support in English for EAC Anglophone members and French for Rwanda's bilingual environment — covering the full East African operational landscape.

Ejemplos de Escenarios — EAC Relevant

Exercises Built for the East African Threat Environment

From geothermal power control system attacks to mobile money infrastructure compromise — exercises reflecting the actual threat landscape and regulatory obligations of East Africa.

OT / ICS

Geothermal Power Station SCADA Attack

A threat actor targets turbine control systems at a major geothermal facility. EPRA reporting obligations and EAC cross-border grid coordination are tested alongside IEC 62443 incident response.

ICS/SCADA IEC 62443 EPRA Notification

⏳ 3–4 Hours 👥 8–15 Players Avanzado

Cross-Sector

Mobile Money Infrastructure Compromise

A ransomware attack disrupts mobile money clearing systems, cascading to affect utility bill payments and critical service disbursements across multiple EAC member states.

Ransomware NIST CSF 2.0 Kenya DPA 2019

⏳ 3–4 Hours 👥 10–20 Players Avanzado

Executive

Board Crisis: Port Disruption & Multi-Regulator Response

A cyberattack disrupts Mombasa port SCADA systems, triggering simultaneous obligations to Kenya DPA, EPRA, EAC protocols, and parent company NIS2/ISO 27001 reporting requirements.

Executive EAC / Kenya DPA ISO 27001

⏳ 2–3 Hours 👥 5–10 Players Intermedio

Unlock All 65 Scenarios →

Consulta Empresarial

Solicitar una Demo África Oriental

Cuéntenos sobre su organización. Mapearemos la plataforma a sus requisitos de cumplimiento Kenya DPA, EPRA, EAC y estándares globales para su sector específico.

Nombre Completo *

Cargo

Organización *

Correo Profesional *

Tamaño del Equipo

Sector Principal

¿Cuáles son sus principales motores de cumplimiento u objetivos de ejercicio?