The energy transition in Cabo Verde is promising. But there is an invisible enemy growing in the shadow of this progress: cybersecurity.
Protecting our power grid is more than a technical issue; it is about safeguarding sovereignty, trust, and security in a country that aspires to be modern and digital.
Cabo Verde has been taking steady steps toward a green future. The goals are ambitious – more than 50% renewable energy by 2030 – and the sustainable vision is a source of pride. Yet, while we look to the sun and the wind, we may be overlooking a silent risk: the digital vulnerability that accompanies every technological advance.
When energy meets vulnerability
The digitalisation of energy is fascinating. Smart sensors, algorithms that predict consumption, real-time communication between power plants and consumers – everything points toward a more efficient and modern system.
But there is a less visible and far more dangerous side. Every cable, every smart meter, every internet-connected system is also a door that can be opened by those with malicious intent.
This concern is not theoretical.
During my academic journey, while completing a Master’s degree in Energy Decarbonisation in Emerging Countries, I developed my final thesis entitled “An analysis of cybersecurity in smart grids with renewable energy: Study of the SCADA system and smart metering in Cabo Verde”.
In this research, I analysed how the modernisation of power grids through Smart Grids and Smart Metering can represent a new national vulnerability if it is not accompanied by a robust reinforcement of digital security.
It was through this reflection that I began to see cybersecurity not merely as a technical topic, but as a true matter of sovereignty.
International examples confirm this concern. In 2015, Ukraine was targeted by a cyberattack that left 225,000 people without electricity. In 2017, the Triton malware nearly caused an industrial catastrophe in the Middle East. And closer to home, island nations such as Mauritius, Fiji, Samoa, and Puerto Rico have faced major blackouts and serious digital failures in recent years—some caused by storms, others exacerbated by cyber intrusions into automated networks.
In 2023, for example, Mauritius experienced several hours without electricity due to a cascading failure in a digital monitoring system.
In Puerto Rico, following hurricanes, newly deployed smart grids became targets of attempted cyberattacks.
In Fiji and Samoa, digital communication failures showed how modernisation without security can turn progress into risk.
And if all this seems distant, we only need to look at ourselves.
Recurring power outages on the island of Santiago have affected homes, hospitals, and small businesses. Often, the cause is technical or operational—but the outcome is the same: vulnerability. And with the increasing digitalisation of the energy utility, the risk of a future cyber failure is not fiction.
Imagine an attack that shuts down substations—entire medium-voltage networks connected to the energy dispatch control system—or manipulates real-time data. The consequences would be immediate and severe.
Uma rede elétrica exposta num país insular
Cabo Verde, as an archipelago, faces a unique challenge. Each island depends on its own energy infrastructure. There is no national backup grid, nor immediate redundancy. This reality, combined with outdated technologies and a shortage of locally certified and experienced energy cybersecurity specialists, significantly increases risk.
The truth is that energy security is still viewed as a technical matter, when it should be treated as a national issue.
Modernisation cannot happen without digital protection. And the introduction of thousands of smart meters – however innovative it may be – will not protect us if SCADA networks, communications, and authentication protocols remain fragile.
Learning from global warnings—and from our own experience
The digital revolution brings new risks.
International reports, such as the AI Risk Repository, warn about the dangers of irresponsible use of artificial intelligence: manipulation, fraud, deepfakes, cyberattacks, and sabotage of critical infrastructure.
The energy sector is not exempt from these threats.
This is not just about protecting data. It is about protecting lives. Hospitals, schools, communications, water supply – everything depends on energy.
That is why this debate must move beyond technical rooms and enter the public conversation.
Energy is a common good. Therefore, its security must be as well.
We cannot continue reacting only after problems occur. It is time to prevent – and to act.
Three pillars for secure energy
To ensure a secure energy future, Cabo Verde needs its national energy cybersecurity strategy to be translated into real action.
Three pillars can support this path:
1. Technological modernisation
The modernisation of Cabo Verde’s electricity system is not merely a matter of innovation; it is a strategic necessity.
It is essential to segment SCADA systems and implement secure and reliable communication networks such as LoRaWAN, NB-IoT and LTE-M, which enable remote equipment management, consumption monitoring and fault anticipation without compromising data security.
These technologies combine low energy consumption, long-range coverage and encrypted communication, making them particularly suitable for archipelagic contexts such as Cabo Verde, where distance and topography challenge traditional connectivity.
In parallel, investment should be made in hybrid networks that integrate dedicated links and protected VPNs to connect SCADA centres and key nodes of the electricity grid, ensuring redundancy and operational continuity even in the event of system failure.
Electrical interconnection between islands should not be viewed solely as an energy efficiency goal. It is also a national resilience strategy, capable of strengthening the security, stability and autonomy of the electricity system.
2. Local training and capacity building
Digital sovereignty is built through people. Cabo Verde needs professionals trained in energy cybersecurity, with hands-on experience, simulations and integration into technical education.
Permanent reliance on external consultancies is not sustainable.
We need local trust, local expertise and local response capacity.
3. Strategic planning with real execution
The legal framework already exists — Decree-Law No. 9/2021 and Regulatory Decree No. 1/2021, which established the CSIRT[1], are good examples.
However, implementation still falls short. It is urgent to achieve operational coordination between the energy, telecommunications and security sectors.
Investment must focus on execution, not only regulation. Technologies such as blockchain and artificial intelligence can strengthen protection, but only if applied ethically and with a clear focus on public security.
Digital security is energy sovereignty
Cabo Verde’s energy future can and should be green. But above all, it must be secure.
Cybersecurity is not a technical luxury. It is the foundation of the energy transition and of national trust.
A country that aspires to sustainability must also protect its ambitions with security. Because, in the end, protecting energy is protecting everything else.
Biographical note:
Nilton Antunes is an Electrical Engineer and holds a Master’s degree in Energy Decarbonization in Emerging Countries. He works in the fields of energy, security, and sustainability, with a focus on solutions for Cabo Verde’s energy and climate resilience.
[1] CSIRTs (the English acronym for Computer Security Incident Response Team) are good examples.