Algeria’s Grid at a Crossroads
Algeria’s energy sector is undergoing its most significant infrastructure transformation in decades. Sonelgaz, the state-owned electricity and gas utility serving nearly 12 million electricity customers across 2.38 million square kilometers, commenced a comprehensive overhaul of its Supervisory Control and Data Acquisition (SCADA) systems in 2026. Energy Minister Mourad Adjal confirmed the initiative in October 2025, citing rising demand, network expansion, and the need for modernized communication and monitoring infrastructure.
Simultaneously, GE Vernova is equipping 134 high-voltage substations across Algeria with digital protection, control, and automation systems under a contract booked in Q2 2024 through the GEAT joint venture, with completion expected by 2028. Integration work is based at the Ain Yagout facility in Batna.
These investments sit within a broader $60 billion energy-sector spending plan for 2025-2029, with 80% directed toward hydrocarbon exploration and production through Sonatrach and the remainder toward refining, petrochemicals, and grid infrastructure. Algeria also targets 15 GW of renewable energy capacity by 2035, requiring a grid capable of managing bidirectional power flows and distributed generation.
The modernization is essential. But every digital sensor, IP-connected relay, and cloud-integrated monitoring system added to the grid expands the attack surface for adversaries who have repeatedly demonstrated the ability and willingness to target energy infrastructure.
The Threat Landscape: Energy Under Siege
The cybersecurity threat to energy infrastructure is current, escalating, and geographically indiscriminate.
Resecurity’s 2025 threat analysis documented a 146% year-over-year increase in disrupted energy-sector sites, with over 1,000 sites experiencing operational and physical consequences in 2024 alone. The Dragos/Marsh McLennan 2025 OT Security Financial Risk Report modeled potential global OT cyber losses at up to $329.5 billion in a severe tail scenario, with business interruption accounting for $184.5 billion of that exposure.
Fortinet’s 2025 State of OT and Cybersecurity Report found that 50% of organizations experienced at least one OT cybersecurity incident in the past year, with half of those causing operational outages. Only 13% of organizations have implemented advanced access controls such as session recording or OT-aware authentication.
The core vulnerability is IT-OT convergence. Legacy OT systems — SCADA, PLCs, RTUs — were designed for isolated, proprietary networks. Their protocols (Modbus, DNP3, IEC 61850, IEC 104) carry no built-in authentication or encryption. Modern grid modernization necessarily connects these systems to IP networks, exposing them to threats they were never designed to withstand.
Attacks That Changed the Calculus
Several landmark incidents demonstrate the consequences when OT security fails:
Ukraine, December 2015. Russian-linked Sandworm attackers used spear-phishing to compromise three distribution companies, pivoting from IT to SCADA systems and remotely opening circuit breakers. Approximately 225,000 customers lost power in the first confirmed cyberattack to cause a grid outage.
Saudi Arabia, 2017. The Triton/TRISIS malware targeted Schneider Electric Triconex Safety Instrumented Systems at a petrochemical plant, attempting to disable the last line of defense against catastrophic physical failure. A bug in the malware prevented what could have been a release of toxic hydrogen sulfide gas.
United States, May 2021. The Colonial Pipeline DarkSide ransomware attack did not directly target OT, but the operator shut down pipeline operations because IT-OT segmentation was insufficient to confirm the compromise had not spread. The $4.4 million ransom payment demonstrated to the cybercriminal ecosystem that energy operators are high-value targets.
Each incident is directly relevant to Algeria. The protocols being targeted — IEC 61850, IEC 104 — are the same protocols being deployed in the 134 new substations.
Advertisement
Algeria’s Specific Exposure
Algeria faces a unique combination of factors that elevate its OT cybersecurity risk.
Scale and simultaneity. The SCADA overhaul, 134-substation project, and upstream energy expansion are occurring in parallel across multiple entities, contractors, and geographies. The attack surface is not 134 substations — it is the thousands of intelligent electronic devices within them, the communication links between them, the remote access channels for maintenance, and the integration points with Sonelgaz’s central SCADA.
Legacy fleet coexistence. Algeria’s grid includes SCADA systems dating back 25-30 years, often running obsolete operating systems, using industrial protocols without authentication, and lacking logging capabilities. When modern and legacy systems share network segments, the legacy systems become entry points for attacks on the entire grid.
Regulatory gap. Presidential Decree 25-321 (December 2025) approves Algeria’s national information systems security strategy for 2025-2029, and Decree 26-07 (January 2026) establishes cybersecurity units within public institutions. However, sector-specific OT cybersecurity standards for the energy sector — the technical requirements, audit mandates, and compliance timelines — remain under development. Sonelgaz and Sonatrach are making billion-dollar infrastructure decisions while the regulatory framework that should govern those decisions is still being finalized.
Skills deficit. OT cybersecurity requires interdisciplinary expertise spanning industrial control systems and cybersecurity. The global cybersecurity workforce gap exceeds 3.4 million positions, and OT security is among the most acute specializations. Algeria’s universities produce capable IT security graduates, but OT cybersecurity is not part of any standard curriculum. The professionals with this expertise have typically acquired it through international postings.
Building OT Security Into the Modernization
Algeria’s grid modernization is still in early stages. There is time to embed cybersecurity as a design principle rather than a retrofit.
Network segmentation. The Purdue Model should govern all deployments, with industrial demilitarized zones (iDMZ) isolating field devices from supervisory control, data diodes enforcing one-way OT-to-IT data flow, and protocol-aware firewalls at every convergence point.
The 134-substation opportunity. Each new substation should deploy IEC 62351 for securing industrial communications, centralized SIEM for cross-grid event correlation, cryptographic firmware verification, and integrated physical-cyber security monitoring. GE Vernova’s contract should include explicit cybersecurity requirements and post-deployment security support obligations.
Dedicated OT SOC. Sonelgaz needs a purpose-built OT Security Operations Center with OT-specific detection (anomalous process values, unauthorized protocol commands), real-time asset inventory, and 24/7 monitoring. An IT SOC cannot adequately monitor OT environments — the detection signatures, response playbooks, and operational constraints are fundamentally different.
Workforce development. Algeria should establish a national OT cybersecurity training program, potentially through the Ecole Nationale Polytechnique or ESI, targeting OT engineers who need cybersecurity skills, IT security professionals who need industrial knowledge, and new graduates who can be trained in the interdisciplinary skillset from the start.
Incident response planning. A dedicated OT Cyber Incident Response Plan must address SCADA compromise, ransomware containment across IT-OT boundaries, supply chain compromise, and coordinated physical-cyber attacks. Regular exercises should involve Sonelgaz, Sonatrach, dz-CERT, and relevant government agencies.
The Cost of Inaction
International benchmarks indicate that cybersecurity should represent 5-8% of IT budgets for critical infrastructure operators, with OT-heavy organizations advised to allocate toward the higher end. Applied to Algeria’s grid modernization, this translates to hundreds of millions of dollars — a fraction of the $60 billion energy investment, and a fraction of what a single major grid disruption would cost an economy of 45 million people.
Algeria is building the energy infrastructure it will depend on for the next 30 years. The cybersecurity decisions made in the next 24 months will determine whether that infrastructure is resilient or permanently vulnerable.
Frequently Asked Questions
What is SCADA and why does Algeria’s overhaul matter for cybersecurity?
SCADA (Supervisory Control and Data Acquisition) is the industrial control system that monitors and manages Algeria’s electricity grid in real time — collecting data from sensors across substations, pipelines, and generators while allowing operators to issue control commands remotely. Sonelgaz’s 2026 overhaul replaces aging systems with modern, IP-connected infrastructure. While this enables better monitoring and efficiency, every new digital connection creates a potential entry point for cyber adversaries. Without embedded security controls, modernization simultaneously increases both capability and vulnerability.
How realistic is a cyberattack on Algeria’s energy infrastructure?
Highly realistic. Energy infrastructure cyberattacks have occurred in Ukraine (2015 grid outage affecting 225,000 customers), Saudi Arabia (2017 Triton malware targeting safety systems), and the United States (2021 Colonial Pipeline shutdown). Resecurity documented a 146% year-over-year surge in disrupted energy sites globally, and the industrial protocols being deployed in Algeria’s 134 new substations (IEC 61850, IEC 104) are the same protocols targeted in these attacks. Algeria’s expanding digital connectivity increases the attack surface available to adversaries.
What should Algeria prioritize first in OT cybersecurity?
The highest immediate priorities are network segmentation between IT and OT environments using industrial demilitarized zones and protocol-aware firewalls; a comprehensive asset inventory of every OT device on the grid including firmware versions and known vulnerabilities; secure remote access controls with multi-factor authentication and session recording for vendor and engineering access; and OT-specific network monitoring that can detect anomalous industrial protocol commands rather than relying solely on IT-style malware signatures.
Sources & Further Reading
- Sonelgaz Launches SCADA System Overhaul for National Grid Modernization — Ecofin Agency
- GE Vernova Secures Major Order for Grid Equipment and Solutions in Algeria — GE Vernova
- Cyber Threats Against Energy Sector Surge as Global Tensions Mount — Resecurity
- 2025 OT Security Financial Risk Report — Dragos / Marsh McLennan
- 2025 State of Operational Technology and Cybersecurity Report — Fortinet
- CISA Alert: Cyber-Attack Against Ukrainian Critical Infrastructure — CISA
- Algeria Strengthens Cybersecurity Framework to Protect National Infrastructure — TechAfrica News
- Algeria Commits $60 Billion to Energy Sector Expansion — African Energy Council
