65 ready-to-run tabletop exercises aligned to global standards — IEC 62443, NIST SP 800-82, NIS2, DORA — and layered with West African regulatory context (NDPR, ECOWAS, DPA Ghana). Purpose-built for Petróleo & Gás, Telecomunicações, Energy, and Banking sectors.
Whether your HQ is in Lagos, London, or Houston — these are the global standards that define best practice for OT/ICS cybersecurity. Every exercise maps to them, so your West African operations meet the same bar as your global peers.
The global benchmark for IACS security. Scenarios map to IEC 62443 security levels and control domains for all industrial automation and control systems.
NIST's definitive guide for OT security. Threat scenarios reference Rev. 3 controls for industrial control system environments across all sectors.
All 65 exercises align to CISA CTEP objectives with CPG 2.0 framework alignment and structured After Action Report export.
Energy sector exercises align to NERC CIP standards — the same framework applied by multinationals with African power generation assets.
European multinationals operating in West Africa must comply with NIS2 across all sites. Pro plan includes NIS2 compliance filters for essential entities.
Financial institutions with EU exposure apply DORA across their African operations. Scenarios address ICT risk management and incident classification.
Exercises cover all CSF 2.0 core functions: Govern, Identify, Protect, Detect, Respond, and Recover — the universal resilience baseline.
Scenarios support ISO/IEC 27001 Annex A controls for information security risk assessment and incident response across all industries.
Global standards form the foundation — West African regulations add the regional layer. Your teams practice in context of both, so exercises are defensible to every regulator.
Nigeria's primary data protection framework and telecom regulator. Exercises cover NCC cybersecurity directives for telecom and critical national infrastructure operators.
The ECOWAS Supplementary Act on Personal Data Protection provides the regional framework for all 15 member states — exercises reference its incident response obligations.
Ghana's Data Protection Authority regulates critical infrastructure data handling. Scenarios address notification requirements and operational continuity under Ghanaian law.
BCEAO and UEMOA directives govern cybersecurity resilience for Francophone West African financial institutions — exercises address ICT risk and incident notification timelines.
Multinationals with African operations don't get to choose between IEC 62443 and NDPR — they answer to both. Generic tabletop exercises address neither properly.
Every scenario in the platform is already mapped to IEC 62443, NIST SP 800-82, NIS2, and NERC CIP. West African teams run the same quality exercises as European and North American counterparts — with local regulatory framing included.
Scenarios designed for the actual control systems, threat actors, and regulatory regimes facing West African critical infrastructure operators.
OT/ICS Core, Cross-Sector Threats, Sector-Specific, and Executive & Leadership. Each includes complete facilitator guides, timed injects, and discussion prompts.
Full exercise support in English and French — essential for bilingual West African teams spanning Anglophone Nigeria, Ghana and Francophone Côte d'Ivoire, Senegal, Mali.
Exported AARs reference global standards (IEC 62443, NIST) and note local regulatory alignment (NDPR, ECOWAS), giving you defensible evidence for every regulator.
From upstream oil & gas SCADA attacks to telecom infrastructure compromise — scenarios that reflect the actual threat landscape facing West African operators.
A threat actor exploits a vendor remote access connection to penetrate SCADA systems at an offshore platform. Production safety systems are at risk of manipulation.
Ransomware disrupts a national telecom operator's network management systems, cascading to affect financial transaction clearing and power grid SCADA communications.
A major OT breach at a multinational's Lagos facility triggers simultaneous obligations: 72-hour NCC notification, NDPR data breach notice, and HQ NIS2/corporate reporting.
Tell us about your organization. We'll show you exactly how the platform maps to your West African regulatory requirements and sector needs.
Join critical infrastructure teams across West Africa running professional tabletop exercises aligned to global standards and local regulation.