África Oriental · Região CEA · IEC 62443 · Kenya DPA 2019 · Alinhado EPRA

Exercícios de Cibersegurança OT/ICS de Classe Mundialpara Infraestrutura Crítica da África Oriental

65 ready-to-run tabletop exercises aligned to global standards — IEC 62443, NIST SP 800-82, NIS2, ISO 27001 — and layered with East African regulatory context (Kenya DPA 2019, EPRA, EAC frameworks). Purpose-built for Telecomunicações, Energy, Fintech, Water, and Ports sectors.

Começar Grátis — 3 Exercícios Solicitar Demo Empresarial Ver Plataforma Completa

✓ IEC 62443 ✓ NIST SP 800-82 ✓ CISA CTEP-Aligned ✓ NIS2 & DORA ✓ Kenya DPA 2019 ✓ EPRA (Energy) ✓ EAC Framework

Padrões Globais — Incluídos em Cada Exercício

Os Frameworks Internacionais aos Quais a Sua Organização Já Responde

From Nairobi to Kampala to Addis Ababa — these are the global standards governing OT/ICS cybersecurity best practice. Every exercise maps to them, ensuring East African operations meet the same bar as global counterparts and satisfy corporate audit requirements.

IEC 62443

Industrial Cybersecurity Standard

The global benchmark for IACS security — referenced by East African energy, telecoms, and water sector operators. Scenarios map to security levels and control domains.

NIST SP 800-82

ICS Security Guide (Rev. 3)

NIST's definitive OT security guide — widely adopted by East African fintech and telecoms multinationals. Threat scenarios reference Rev. 3 controls across all sectors.

CISA CTEP

Cyber Tabletop Exercise Program

All 65 exercises align to CISA CTEP objectives with CPG 2.0 framework mapping and structured After Action Report export for regulatory defensibility.

ISO 27001

Segurança da Informação Management

Widely required by East African banking regulators and international investors. Scenarios support Annex A controls for risk assessment and incident response.

NIS2

EU Network & Segurança da Informação Directive

European multinationals with East African operations must comply with NIS2 globally. Pro plan includes NIS2 compliance filters for essential and important entities.

DORA

Digital Operational Resilience Act

Pan-African banks and fintech firms with EU exposure apply DORA globally. Scenarios address ICT risk management and resilience testing requirements.

NERC CIP

Critical Infrastructure Protection

Energy sector multinationals with East African geothermal, hydro, and power generation assets apply NERC CIP across all sites globally.

NIST CSF 2.0

Framework de Cibersegurança

Exercises cover all CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond, Recover — the universal baseline applied across the EAC region.

East African Regulatory Context

Layered with Local Regulatory Alignment

Global standards form the foundation — East African regulations add the regional layer. Your teams exercise in context of both, producing evidence defensible to every regulator from Nairobi to Kampala.

Kenya DPA 2019

Kenya Data Protection Act 2019 & CA Cybersecurity Directives

Kenya's comprehensive data protection law and the Communications Authority's cybersecurity directives govern incident notification and data handling for critical infrastructure operators across the EAC hub.

EPRA

Energy & Petroleum Regulatory Authority (Kenya)

EPRA regulates cybersecurity requirements for electricity, petroleum, and renewable energy sectors in Kenya. Energy sector exercises reference EPRA reporting obligations and operational continuity requirements.

EAC Framework

East African Community Framework de Cibersegurança & Regional Standards

The EAC provides the regional coordination framework for cross-border incident response across Kenya, Tanzania, Uganda, Rwanda, Burundi, and South Sudan — exercises reflect cross-border notification complexity.

UCC / TCRA

Uganda Communications Commission & Tanzania Communications Regulatory Authority

Telecomunicações and internet infrastructure operators in Uganda and Tanzania are subject to UCC and TCRA cybersecurity regulations — exercises address incident reporting obligations for regional telecoms operators.

For Multinationals with East African Operations

Global HQ. East African Sites. One Plataforma.

O Desafio

Your Nairobi, Kampala, or Dar es Salaam facility must meet both: corporate global standards AND Kenya DPA / EAC obligations

Telecomunicações multinationals, energy developers, and pan-African banks with EAC operations don't choose between IEC 62443 and Kenya DPA 2019 — they answer to both simultaneously. Generic exercises address neither properly.

HQ mandates IEC 62443, ISO 27001, and NIST compliance globally
Kenya DPA 2019 and CA directives apply to Nairobi operations
EAC cross-border incident notification adds regional coordination complexity
Geothermal, hydro, and solar energy assets bring EPRA obligations

A Solução CyberICS

One exercise library. Global standards built in. East African regulatory context layered on top.

Every scenario maps to IEC 62443, NIST SP 800-82, ISO 27001, and DORA. East African teams run the same quality exercises as European and US counterparts — with Kenya DPA, EPRA, and EAC regulatory framing included.

Global compliance evidence for corporate audit and international investors
Local context for Kenya DPA 2019, EPRA, UCC, and EAC frameworks
After Action Reports defensible to both HQ and East African regulators
English support across all EAC member states

Key East African Sectors

Built for Your Industry's OT Environment

Scenarios designed for the threat actors, control systems, and regulatory obligations facing East African critical infrastructure operators.

Telecomunicações & Internet Infrastructure

Geothermal & Hydro Power (Kenya, Ethiopia)

Fintech & Mobile Money (M-Pesa scale)

Water Treatment & Distribution

Ports & Maritime Logistics (Mombasa)

Petróleo & Gás (Uganda, Tanzania)

Aviation & Transport Infrastructure

Banking & Financial Services

📁

65 Cenários Prontos a Executar

From Mombasa port SCADA attacks to mobile money infrastructure disruptions — scenarios grounded in the real threat landscape facing East African OT operators.

📄

EAC & Kenya DPA Framing

Exercises explicitly reference Kenya DPA 2019 notification timelines, EPRA reporting obligations, and EAC cross-border coordination — alongside global IEC 62443 controls.

🌐

English & French Support

Full support in English for EAC Anglophone members and French for Rwanda's bilingual environment — covering the full East African operational landscape.

Exemplos de Cenários — EAC Relevant

Exercises Built for the East African Threat Environment

From geothermal power control system attacks to mobile money infrastructure compromise — exercises reflecting the actual threat landscape and regulatory obligations of East Africa.

OT / ICS

Geothermal Power Station SCADA Attack

A threat actor targets turbine control systems at a major geothermal facility. EPRA reporting obligations and EAC cross-border grid coordination are tested alongside IEC 62443 incident response.

ICS/SCADA IEC 62443 EPRA Notification

⏳ 3–4 Hours 👥 8–15 Players Avançado

Cross-Sector

Mobile Money Infrastructure Compromise

A ransomware attack disrupts mobile money clearing systems, cascading to affect utility bill payments and critical service disbursements across multiple EAC member states.

Ransomware NIST CSF 2.0 Kenya DPA 2019

⏳ 3–4 Hours 👥 10–20 Players Avançado

Executive

Board Crisis: Port Disruption & Multi-Regulator Response

A cyberattack disrupts Mombasa port SCADA systems, triggering simultaneous obligations to Kenya DPA, EPRA, EAC protocols, and parent company NIS2/ISO 27001 reporting requirements.

Executive EAC / Kenya DPA ISO 27001

⏳ 2–3 Hours 👥 5–10 Players Intermediário

Unlock All 65 Scenarios →

Consulta Empresarial

Solicitar uma Demo África Oriental

Conte-nos sobre a sua organização. Mapearemos a plataforma às suas exigências de conformidade Kenya DPA, EPRA, EAC e normas globais para o seu setor específico.

Nome Completo *

Título Profissional

Organização *

E-mail Profissional *

Tamanho da Equipa

Setor Principal

Quais são os seus principais motores de conformidade ou objetivos de exercício?