With cyber threats becoming more advanced and pervasive, attacks on critical infrastructure are increasing, raising the risk of power failures and compromised water systems – resulting in severe economic consequences.
This was the warning from Bernard Chadenga, founder of The Cimplicity Institute, delivering a presentation last week at ITWeb Security Summit 2026.
During the presentation, titled: “Securing Africa’s critical infrastructure: AI, Zero Trust and the energy transition”, Chadenga pointed out governments and organisations across Africa need to recognise that critical infrastructure is becoming a prime target for cyber criminals and hostile actors.
Hackers are increasingly placing growing focus on nations' critical infrastructure, with attacks capable of crippling nations when not caught and stopped in time.
“Nation states, activist groups and politically-motivated attackers may target critical infrastructure to disrupt economies, undermine public confidence or advance specific agendas. Protecting these systems requires a fundamentally different approach from securing conventional enterprise IT environments.
“While businesses often focus on protecting financial assets, customer data and operations, critical infrastructure security is centred on ensuring uninterrupted access to essential services such as water and electricity.”
He explained that critical infrastructure extends far beyond traditional IT systems and includes the essential services that enable society to function daily, such as waterworks, electricity networks, roads and streetlights.
Chadenga referenced a cyber attack on a water treatment facility in Florida, in the US, as a stark example of the risks posed by attacks on operational technology systems. In that incident, attackers gained access to the facility's controls and altered chemical levels used in water treatment.
"The hackers increased the chemical level to maximum, effectively poisoning the entire batch of water. If that water had gone through the pipes into the community, an entire community would have been poisoned."
The disaster was only averted because an employee noticed the abnormal activity and manually intervened before contaminated water entered the public supply.
Chadenga warned that similar attacks could have severe consequences if directed at critical infrastructure in SA or elsewhere on the continent.
"Our biggest challenge in Africa and South Africa is that we haven't fully come to terms with the fact that critical infrastructure is under threat. We focus a lot on business-related attacks, but if there's no water and no electricity, there would be no way for us to function."
While financial gain remains a major motivation for cyber criminals, Chadenga noted that attacks on critical infrastructure are not always driven by money.
"Not all hackers do it for financial reasons. Some do it for sport, for entertainment or for bragging rights. Others may be motivated by political causes or ideological beliefs."
AI advantage
The growing adoption of artificial intelligence (AI) is further intensifying cyber security risks.
Chadenga stated that cyber criminals are increasingly using AI-powered tools to automate attacks, identify vulnerabilities and launch more sophisticated campaigns against public organisations.
"Every time we have a new piece of technology, the bad guys get it too," he said. "They've created AI engines and agents that can continuously search for vulnerabilities and try to compromise infrastructure."
The challenge is compounded by the rapid expansion of renewable energy infrastructure and data centres needed to support AI technologies.
According to Chadenga, this creates both opportunities and risks. "More data centres, more energy-producing plants and more renewable energy options mean more jobs, more work and more infrastructure to be built.
"But as that happens, we have to understand where cyber security fits into the equation and how we ensure the resilience of our energy systems."
He stressed that governments, regulators and industry stakeholders must work together to ensure cyber security is embedded into future infrastructure projects from the outset.
"We need solutions that allow us to utilise technologies like AI while ensuring we don't cripple the country because of our new energy needs."
As cyber threats evolve, he believes cyber security must increasingly be viewed as a matter of national resilience rather than simply an IT concern.
“The consequences of a successful attack on critical infrastructure could extend far beyond financial losses, affecting public health, economic stability and the ability of communities to function. As a result, organisations and governments can no longer afford to treat critical infrastructure security as a secondary priority,” he warned.
Share
