West Africa · ECOWAS Region · IEC 62443 · NDPR · NIS2-Aligned

World-Class OT/ICS Cybersecurity Exercises for West African Critical Infrastructure

47 ready-to-run tabletop exercises aligned to global standards — IEC 62443, NIST SP 800-82, NIS2, DORA — and layered with West African regulatory context (NDPR, ECOWAS, DPA Ghana). Purpose-built for Oil & Gas, Telecoms, Energy, and Banking sectors.

Start Free — 3 Exercises Request Enterprise Demo View Full Platform

✓ IEC 62443 ✓ NIST SP 800-82 ✓ CISA CTEP-Aligned ✓ NIS2 & DORA ✓ NDPR (Nigeria) ✓ ECOWAS Framework ✓ DPA (Ghana)

Global Standards — Included in Every Exercise

The International Frameworks Your Organization Already Answers To

Whether your HQ is in Lagos, London, or Houston — these are the global standards that define best practice for OT/ICS cybersecurity. Every exercise maps to them, so your West African operations meet the same bar as your global peers.

IEC 62443

Industrial Cybersecurity Standard

The global benchmark for IACS security. Scenarios map to IEC 62443 security levels and control domains for all industrial automation and control systems.

NIST SP 800-82

ICS Security Guide (Rev. 3)

NIST's definitive guide for OT security. Threat scenarios reference Rev. 3 controls for industrial control system environments across all sectors.

CISA CTEP

Cyber Tabletop Exercise Program

All 47 exercises align to CISA CTEP objectives with CPG 2.0 framework alignment and structured After Action Report export.

NERC CIP

Critical Infrastructure Protection

Energy sector exercises align to NERC CIP standards — the same framework applied by multinationals with African power generation assets.

NIS2

EU Network & Information Security Directive

European multinationals operating in West Africa must comply with NIS2 across all sites. Pro plan includes NIS2 compliance filters for essential entities.

DORA

Digital Operational Resilience Act

Financial institutions with EU exposure apply DORA across their African operations. Scenarios address ICT risk management and incident classification.

NIST CSF 2.0

Cybersecurity Framework

Exercises cover all CSF 2.0 core functions: Govern, Identify, Protect, Detect, Respond, and Recover — the universal resilience baseline.

ISO 27001

Information Security Management

Scenarios support ISO/IEC 27001 Annex A controls for information security risk assessment and incident response across all industries.

West African Regulatory Context

Layered with Local Regulatory Alignment

Global standards form the foundation — West African regulations add the regional layer. Your teams practice in context of both, so exercises are defensible to every regulator.

NDPR / NCC

Nigeria Data Protection Regulation & Nigerian Communications Commission

Nigeria's primary data protection framework and telecom regulator. Exercises cover NCC cybersecurity directives for telecom and critical national infrastructure operators.

ECOWAS

Economic Community of West African States — Supplementary Act on Cybersecurity

The ECOWAS Supplementary Act on Personal Data Protection provides the regional framework for all 15 member states — exercises reference its incident response obligations.

DPA Ghana

Data Protection Act 2012 (Ghana)

Ghana's Data Protection Authority regulates critical infrastructure data handling. Scenarios address notification requirements and operational continuity under Ghanaian law.

BCEAO / UEMOA

Central Bank West Africa — Financial Sector Cybersecurity Directives

BCEAO and UEMOA directives govern cybersecurity resilience for Francophone West African financial institutions — exercises address ICT risk and incident notification timelines.

For Multinationals with West African Operations

Global HQ. West African Sites. One Platform.

The Challenge

Your Lagos or Accra facility must meet both: corporate global standards AND local regulation

Multinationals with African operations don't get to choose between IEC 62443 and NDPR — they answer to both. Generic tabletop exercises address neither properly.

HQ mandates IEC 62443 compliance across all sites globally
Local NCC / NDPR / ECOWAS obligations apply to Nigerian & West African operations
Incident notification timelines differ between regulators
Local operators need exercises in English and French

The Skyhigh Solution

One exercise library. Global standards built in. Regional context layered on top.

Every scenario in the platform is already mapped to IEC 62443, NIST SP 800-82, NIS2, and NERC CIP. West African teams run the same quality exercises as European and North American counterparts — with local regulatory framing included.

Global compliance evidence for corporate audit teams
Local context for NDPR, NCC, and ECOWAS requirements
4-language support: English & French for bilingual West African teams
After Action Reports defensible to both HQ and local regulators

Key West African Sectors

Built for Your Industry's OT Environment

Scenarios designed for the actual control systems, threat actors, and regulatory regimes facing West African critical infrastructure operators.

Oil & Gas (Nigeria upstream/downstream)

Electric Power Generation & Distribution

Telecoms & Internet Infrastructure

Banking & Financial Services (BCEAO)

Ports & Maritime Logistics

Water Treatment & Distribution

Mining (Bauxite, Gold, Phosphate)

Manufacturing & Industrial Automation

📁

47 Ready-to-Run Scenarios

OT/ICS Core, Cross-Sector Threats, Sector-Specific, and Executive & Leadership. Each includes complete facilitator guides, timed injects, and discussion prompts.

🌐

English & French Support

Full exercise support in English and French — essential for bilingual West African teams spanning Anglophone Nigeria, Ghana and Francophone Côte d'Ivoire, Senegal, Mali.

📄

Dual-Compliance After Action Reports

Exported AARs reference global standards (IEC 62443, NIST) and note local regulatory alignment (NDPR, ECOWAS), giving you defensible evidence for every regulator.

Scenario Examples — West Africa Relevant

Exercises Built for Your Threat Environment

From upstream oil & gas SCADA attacks to telecom infrastructure compromise — scenarios that reflect the actual threat landscape facing West African operators.

OT / ICS

Upstream Oil & Gas SCADA Compromise

A threat actor exploits a vendor remote access connection to penetrate SCADA systems at an offshore platform. Production safety systems are at risk of manipulation.

ICS/SCADA Intrusion IEC 62443 NDPR Notification

⏳ 3–4 Hours 👥 8–15 Players Advanced

Cross-Sector

Ransomware: Telecoms Infrastructure Attack

Ransomware disrupts a national telecom operator's network management systems, cascading to affect financial transaction clearing and power grid SCADA communications.

Ransomware BAUXITE NIST SP 800-82

⏳ 3–4 Hours 👥 10–20 Players Advanced

Executive

Board-Level Crisis: Dual Regulatory Notification

A major OT breach at a multinational's Lagos facility triggers simultaneous obligations: 72-hour NCC notification, NDPR data breach notice, and HQ NIS2/corporate reporting.

Executive NCC / NDPR NIS2

⏳ 2–3 Hours 👥 5–10 Players Intermediate

Unlock All 47 Scenarios →

Enterprise Inquiry

Request a West Africa Demo

Tell us about your organization. We'll show you exactly how the platform maps to your West African regulatory requirements and sector needs.

Full Name *

Job Title

Organization *

Work Email *

Team Size

Primary Sector

What are your primary compliance drivers or exercise objectives?

What Happens Next

①

Response within 1 business day A specialist who understands West African regulatory requirements will contact you directly.

②

Tailored platform walkthrough We map specific exercises to your IEC 62443 / NDPR / ECOWAS obligations and sector.

③

Free trial — no credit card Start immediately with 3 complete exercises. No commitment required.

④

Enterprise pricing & multi-site packages Custom packages for organizations with multiple West African or pan-African sites.

Prefer to schedule directly?

📅 Book a Live Demo