When Energy Meets Instability: The Total Security Challenge in Mozambique's $20 Billion LNG Restart

I've been watching the energy security space for years, but this week's news from Mozambique caught my attention in a way that should concern every security professional. TotalEnergies just announced they're restarting their massive $20 billion LNG project this summer. This is the same project they were forced to abandon in 2021 when insurgent attacks made operations impossible.

Now, you might be thinking this is just another story about corporate resilience or energy market dynamics. But here's what really keeps me up at night: while TotalEnergies talks about "improved security measures," I'm willing to bet those measures focus almost entirely on physical threats. And that's exactly the kind of thinking that's going to get people hurt and cost billions in the coming years.

Let me explain why Mozambique represents something much bigger than just another energy project. This is a perfect case study of how our industry still thinks about security in silos, when the reality is that physical and cyber threats don't just coexist – they amplify each other in ways that most organizations are completely unprepared for.

When TotalEnergies suspended operations three years ago, they didn't just scale back their cybersecurity infrastructure – they had to completely evacuate personnel and mothball billions of dollars in physical assets. Think about what that means from a security perspective. You've got sophisticated industrial control systems sitting unmonitored in a region where ISIS-affiliated groups have demonstrated they can coordinate complex attacks. You've got supply chains that were severed and now need to be rebuilt in an environment where every convoy, every personnel transport, every equipment delivery is a potential target.

The numbers tell us everything we need to know about the threat landscape they're walking back into. Energy companies already face 70% more cyberattacks than other industries. But energy infrastructure in conflict zones? We're seeing attack rates spike by over 300% for both physical and cyber incidents. And here's the kicker, the insurgency that originally forced TotalEnergies out hasn't disappeared. They've had three years to study the facility, map the infrastructure, and potentially develop both physical and digital attack capabilities.

I keep coming back to one fundamental truth that our industry seems to ignore: geographic isolation plus high-value targets plus political instability equals maximum security risk across every domain. It's not just cyber risk or just physical risk. This is converged risk that requires a completely different approach than what most organizations are prepared for.

Let me paint you a picture of what TotalEnergies is really facing, because the challenges here aren't unique to Mozambique – they're becoming the norm for any organization operating in challenging geopolitical environments.

From a physical security standpoint, imagine trying to secure thousands of acres of critical infrastructure in a region where local security forces have limited capability and the nearest reliable backup is hours or days away. Traditional perimeter security – your fencing, lighting, surveillance systems – becomes exponentially more complex when you can't rely on local emergency response. Every supply convoy becomes a potential target, every personnel transport is a vulnerability, and every piece of equipment that arrives could have been compromised during transit.

But here's where it gets really interesting from a cybersecurity perspective. Those physical vulnerabilities create digital vulnerabilities that most people never consider. Reduced on-site personnel means fewer eyes on critical systems. Compromised supply chains can introduce malicious hardware or infected devices. And when your physical infrastructure fails – which it will in an environment like Mozambique – your cyber defenses often fail right along with it.

I've been consulting with energy companies for years, and I consistently see this disconnect between physical and cyber security teams. They operate in separate silos, use different threat models, and rarely coordinate their response strategies. But insurgent groups and cybercriminal organizations don't think in silos. They're increasingly working together because they understand something our industry hasn't figured out yet: a successful physical breach can bypass even the most sophisticated cybersecurity measures, and a successful cyber attack can disable the physical security systems that everything else depends on.

Consider what happened to Colonial Pipeline in 2021 – a single ransomware attack shut down the largest fuel pipeline system in the United States for six days. But Colonial Pipeline was operating in a stable, well-connected region with extensive emergency response capabilities and robust backup systems. Now imagine a coordinated attack on Mozambique's LNG infrastructure that combines both physical and cyber elements. Picture insurgents targeting supply lines while cybercriminals simultaneously attack control systems, all in a region where local law enforcement has limited investigation capabilities, internet connectivity is unreliable, backup systems are thousands of miles away, and political instability makes coordinated response nearly impossible.

We saw coordinated drone strikes and cyber reconnaissance at Saudi Aramco in 2019. We saw how physical assaults on gas facilities in Mozambique forced complete project suspension in 2021. We saw suspected sabotage of European pipeline infrastructure in 2022 that reshaped geopolitical relationships overnight. The pattern is clear: attackers are evolving faster than our defenses.

So what does this mean for organizations trying to operate in these environments?

I think there are some fundamental principles that apply whether you're developing LNG facilities in East Africa or running operations anywhere the traditional security assumptions break down.

First, you have to start with the assumption that you're going to be attacked, and those attacks are going to come from multiple vectors simultaneously. Your security architecture needs to be designed not just to prevent breaches, but to detect them quickly, contain them effectively, and recover from them rapidly. This means layered perimeter defense with multiple security zones, progressively restricted access controls, and early warning systems that integrate physical and digital monitoring.

Personnel protection becomes absolutely critical, not just from a human safety perspective, but from an operational security perspective. Compromised personnel can become unwilling insider threats. Your people need secure transportation, hardened living quarters, and continuous threat monitoring. But you also need emergency evacuation procedures that account for what happens to your digital security posture when your human security assets have to leave.

Supply chain security takes on a completely different dimension in these environments. You need verified vendor networks, secured transportation routes, and inspection protocols that check for both physical threats and malicious hardware or software. Every piece of equipment that arrives at your facility represents a potential attack vector that needs to be validated both physically and digitally.

From a cybersecurity perspective, network segmentation becomes absolutely essential, but it has to be backed up by physical access controls. Your critical operational systems need to be isolated from corporate networks and protected by both digital firewalls and physical barriers. A compromised laptop in a worker dormitory shouldn't be able to access LNG processing controls, period.

You need satellite-based backup communications because traditional internet connections can be physically severed or digitally compromised. You need local threat intelligence partnerships with regional security firms and government agencies because attackers in different regions use different combinations of physical and cyber tactics. And you need 24/7 security operations centers that monitor both cybersecurity alerts and physical security systems as an integrated whole.

But here's the most important point: your physical security team and your cybersecurity team have to work as one unit. A breach of your physical perimeter should immediately trigger enhanced cyber monitoring. A detected cyber intrusion should immediately activate physical security protocols. This is operational integration.

The companies that are going to succeed in environments like Mozambique are the ones that view integrated security as a strategic enabler of operations, not just a cost center. They understand that security risk management, both physical and cyber, isn't separate from operational risk. It's fundamental to it.

Even if you're not developing energy infrastructure in East Africa, the lessons from Mozambique apply to any organization with international operations. Geopolitical instability amplifies all security risks, and you need to factor that into your security budget and strategy across both physical and cyber domains. Remote operations require integrated security approaches because what works in stable environments often fails completely in challenging regions. Supply chain security becomes exponentially more complex with both physical and digital vulnerability points that multiply in unstable environments. And your incident response plans have to account for limited local resources and infrastructure that may not be available when you need them most.

The energy sector has always been about managing risk to ensure reliable supply. But in today's threat landscape, security threats don't respect the boundaries between physical and digital domains. As Mozambique's LNG project moves forward, it's going to serve as a real-world test case for integrated security in one of the world's most challenging operating environments. The lessons learned – both the successes and the failures – are going to shape how the global energy industry approaches comprehensive security for decades to come.

The question isn't whether threats will target critical infrastructure in unstable regions. The question is whether we'll be ready when they do – with defenses that work against attackers who don't distinguish between physical and cyber domains.

Does your organization have operations in geopolitically challenging regions? Red Cell Security specializes in helping companies build resilient security strategies that address both physical and cyber threats in high-risk environments. Our team understands the unique challenges of protecting critical infrastructure when traditional security assumptions don't apply – and when threats don't respect the boundaries between digital and physical domains.

Ready to assess your integrated security resilience in challenging operating environments? Let's discuss how to protect your most critical assets, regardless of where they're located or what form the threats take.

Keith Pachulski

Red Cell Security, LLC

keith@redcellsecurity.org

www.redcellsecurity.org

📅 Book time with me