47 ready-to-run tabletop exercises aligned to global standards — IEC 62443, NIST SP 800-82, NIS2, DORA — and layered with North African regulatory context (NTRA Egypt, ANRT Morocco, HAICA Tunisia, AU frameworks). Available in English, French, and Arabic. Purpose-built for Energy, Transport, Finance, and Telecoms sectors.
North Africa is strategically positioned between Europe, the Middle East, and Sub-Saharan Africa — making it subject to global compliance standards from multiple directions simultaneously. Every exercise maps to them all.
The global benchmark for IACS security — essential for North African oil, gas, and power sector operators working with European and US parent companies. Scenarios map to all security levels.
Widely adopted by North African energy sector multinationals. Threat scenarios reference Rev. 3 controls across OT and ICS environments in all sectors.
European multinationals with North African operations apply NIS2 globally. Given proximity and trade ties, NIS2 is particularly relevant across Morocco, Tunisia, and Egypt operations.
North African financial institutions with EU exposure apply DORA globally. Scenarios address ICT risk management and resilience testing requirements for financial sector operators.
All 47 exercises align to CISA CTEP objectives with CPG 2.0 framework mapping and structured After Action Report export for regulatory defensibility.
Energy sector multinationals with North African power generation, LNG, and pipeline assets apply NERC CIP standards globally — exercises address all relevant standards.
Exercises cover all CSF 2.0 functions: Govern, Identify, Protect, Detect, Respond, Recover — universally applicable across North African organizations and sectors.
Increasingly required by North African banking regulators and European business partners. Scenarios support Annex A controls for risk assessment and incident response.
Global standards form the foundation — North African regulations add the regional layer. With proximity to the EU, North Africa uniquely bridges European and AU regulatory frameworks, and exercises reflect both dimensions.
Egypt's NTRA and the National Cybersecurity Authority (NCSA) govern cybersecurity obligations for critical infrastructure operators. Exercises cover NTRA reporting requirements and sector-specific NCSA directives for telecoms, energy, and finance.
Morocco's ANRT and the DGSSI (national cybersecurity authority) set cybersecurity standards aligned with EU practice. Morocco's EU association agreement creates NIS2-adjacent obligations — exercises cover both ANRT and EU-facing requirements.
Tunisia's ANSSi governs critical infrastructure cybersecurity with EU-aligned frameworks given the country's EU association. Exercises reference Tunisian reporting obligations for telecom, energy, and financial sector operators.
The AU Malabo Convention on Cybersecurity provides the continental baseline. All North African operators benefit from exercises aligned to AU frameworks, national data protection acts, and sector-specific cybersecurity requirements.
North Africa's unique geopolitical position creates dual regulatory exposure: European business partners and EU-associated trade agreements impose NIS2-adjacent standards, while national authorities (NTRA, ANRT, ANSSi) impose local requirements.
Every scenario maps to IEC 62443, NIST SP 800-82, NIS2, DORA, and ISO 27001. North African teams run the same quality exercises as their European counterparts — with NTRA, ANRT, ANSSi, and AU framework alignment included.
Scenarios tailored for the critical infrastructure sectors, threat actors, and regulatory obligations unique to the North African operational environment.
From Suez Canal SCADA disruption to North African LNG pipeline attacks — scenarios reflecting the actual threat landscape facing North African OT operators and regional energy infrastructure.
Full exercise support in English and French — essential for Francophone North Africa (Morocco, Tunisia, Algeria) and bilingual Anglophone/Francophone multinational teams operating across the region.
Exported AARs reference both global standards (IEC 62443, NIS2, ISO 27001) and North African national frameworks (NTRA, ANRT, AU Convention) — defensible to every regulator.
From Suez Canal maritime SCADA attacks to North African LNG infrastructure compromise — scenarios reflecting actual threats and dual regulatory obligations.
A threat actor targets port management and vessel traffic systems at the Suez Canal zone. IEC 62443 controls, NTRA reporting, and international maritime incident coordination are all tested.
An adversary disrupts pipeline control systems supplying gas to European markets via Algeria or Egypt. NERC CIP, IEC 62443, EU energy security obligations, and national reporting requirements converge.
A major OT breach at a Casablanca HQ triggers both EU NIS2 notification (for European clients) and ANRT/DGSSI Moroccan national reporting — simultaneously under board-level scrutiny and media pressure.
Tell us about your organization. We'll map the platform to your NIS2, NTRA, ANRT, and global compliance requirements for your specific sector and country.
Join critical infrastructure teams across North Africa running professional exercises aligned to global, EU, and national regulatory frameworks simultaneously.