65 ready-to-run tabletop exercises aligned to global standards — IEC 62443, NIST SP 800-82, NIS2, ISO 27001 — and layered with East African regulatory context (Kenya DPA 2019, EPRA, EAC frameworks). Purpose-built for Télécommunications, Energy, Fintech, Water, and Ports sectors.
From Nairobi to Kampala to Addis Ababa — these are the global standards governing OT/ICS cybersecurity best practice. Every exercise maps to them, ensuring East African operations meet the same bar as global counterparts and satisfy corporate audit requirements.
The global benchmark for IACS security — referenced by East African energy, telecoms, and water sector operators. Scenarios map to security levels and control domains.
NIST's definitive OT security guide — widely adopted by East African fintech and telecoms multinationals. Threat scenarios reference Rev. 3 controls across all sectors.
All 65 exercises align to CISA CTEP objectives with CPG 2.0 framework mapping and structured After Action Report export for regulatory defensibility.
Widely required by East African banking regulators and international investors. Scenarios support Annex A controls for risk assessment and incident response.
European multinationals with East African operations must comply with NIS2 globally. Pro plan includes NIS2 compliance filters for essential and important entities.
Pan-African banks and fintech firms with EU exposure apply DORA globally. Scenarios address ICT risk management and resilience testing requirements.
Energy sector multinationals with East African geothermal, hydro, and power generation assets apply NERC CIP across all sites globally.
Exercises cover all CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond, Recover — the universal baseline applied across the EAC region.
Global standards form the foundation — East African regulations add the regional layer. Your teams exercise in context of both, producing evidence defensible to every regulator from Nairobi to Kampala.
Kenya's comprehensive data protection law and the Communications Authority's cybersecurity directives govern incident notification and data handling for critical infrastructure operators across the EAC hub.
EPRA regulates cybersecurity requirements for electricity, petroleum, and renewable energy sectors in Kenya. Energy sector exercises reference EPRA reporting obligations and operational continuity requirements.
The EAC provides the regional coordination framework for cross-border incident response across Kenya, Tanzania, Uganda, Rwanda, Burundi, and South Sudan — exercises reflect cross-border notification complexity.
Télécommunications and internet infrastructure operators in Uganda and Tanzania are subject to UCC and TCRA cybersecurity regulations — exercises address incident reporting obligations for regional telecoms operators.
Télécommunications multinationals, energy developers, and pan-African banks with EAC operations don't choose between IEC 62443 and Kenya DPA 2019 — they answer to both simultaneously. Generic exercises address neither properly.
Every scenario maps to IEC 62443, NIST SP 800-82, ISO 27001, and DORA. East African teams run the same quality exercises as European and US counterparts — with Kenya DPA, EPRA, and EAC regulatory framing included.
Scenarios designed for the threat actors, control systems, and regulatory obligations facing East African critical infrastructure operators.
From Mombasa port SCADA attacks to mobile money infrastructure disruptions — scenarios grounded in the real threat landscape facing East African OT operators.
Exercises explicitly reference Kenya DPA 2019 notification timelines, EPRA reporting obligations, and EAC cross-border coordination — alongside global IEC 62443 controls.
Full support in English for EAC Anglophone members and French for Rwanda's bilingual environment — covering the full East African operational landscape.
From geothermal power control system attacks to mobile money infrastructure compromise — exercises reflecting the actual threat landscape and regulatory obligations of East Africa.
A threat actor targets turbine control systems at a major geothermal facility. EPRA reporting obligations and EAC cross-border grid coordination are tested alongside IEC 62443 incident response.
A ransomware attack disrupts mobile money clearing systems, cascading to affect utility bill payments and critical service disbursements across multiple EAC member states.
A cyberattack disrupts Mombasa port SCADA systems, triggering simultaneous obligations to Kenya DPA, EPRA, EAC protocols, and parent company NIS2/ISO 27001 reporting requirements.
Parlez-nous de votre organisation. Nous adapterons la plateforme à vos exigences de conformité Kenya DPA, EPRA, CAE et aux normes internationales pour votre secteur spécifique.
Rejoignez les équipes d'infrastructures critiques de la CAE qui réalisent des exercices professionnels alignés sur les normes internationales et la réglementation locale.