An Overview of Dubai's First and Second Cybersecurity Strategy

In 2019, Binu Manaf, the CEO and managing director of Dubai's Cheers Exhibition, received an alarming email in which he was told his company's ongoing clients, or those with outstanding payments, were asked to pay into an overseas account instead of a local bank in Dubai.

Unfortunately, a Russian client of the company had remitted over $50,000 into an overseas account before the damage could be undone, and it went down as one of Dubai's most elaborate phishing attacks.

This is one of the many successful cyberattacks that have occurred in the United Arab Emirates over the last decade: UAE has consistently remained the country with the second highest cyber-breach rate from 2018 till 2022.

Source: IBM Security

A quick scan through IBM's "Cost of a Data Breach Study" from 2018 to 2022 shows that the UAE has lost more than $32 million to cyberattacks and data breaches. Perhaps the reason why cybercriminals have concentrated their efforts in the UAE is because it is one of the six Gulf countries that is making tremendous growth in digital innovation.

No smart city stands without a strong fortress in cyberspace, and because of this, Dubai has rolled out two cybersecurity strategies to protect the data of the government and citizens.

Dubai's First Cybersecurity Strategy

Dubai's cybersecurity journey officially started in 2017, but in 2014 the Dubai Electronic Security Centre (DESC) was founded. This center's core objective was to "protect Dubai digitally by securing and protecting the emirates' information, telecommunication networks, and information systems."

Three years later, in June 2017, the ruler of Dubai launched the first phase of its cybersecurity strategy to focus on five main domains:

1. Cyber-Smart Nation

This was aimed to raise cyber awareness among its residents and develop the skills required to manage cybersecurity risks among government, private institutions, and individuals in Dubai.

The public sector, schools, and universities were urged to work together to increase the number of cybersecurity experts among the Emiratis. To achieve this, the DESC set up strategic planning that would allow schools and universities to include cyber-specific subjects and courses in their curricula.

2. Innovation

This domain focused on promoting research and developments in cybersecurity as a means to establish a free, fair, and secure cyberspace.

Because Dubai is a smart city, it's run by new technologies such as the Internet of Things (IoT), which, although it provides huge opportunities in the city, can also pose risks as attackers might use these technologies to their advantage.

3. Cybersecurity

This domain focused on building safe cyberspace by providing controls to protect the confidentiality, integrity, availability, and privacy of data within the city. At this stage, the Information Security Regulation (ISR) version 2 was released, too.

Furthermore, the private sector and organizations that are part of the Critical Information Infrastructure were urged to implement the just-released Information Security Regulation (ISR) version 2 or other applicable security standards into their information security management systems.

4. Cyber Resilience

This domain focused on maintaining the flexibility of Dubai's cyberspace. It was implemented to ensure IT systems and expertise continuity and availability during cyberattacks in Dubai. To achieve this, a platform was set up for exchanging information about cyber incidents and supporting the management of these incidents.

5. International Collaboration

This domain focused on a partnership between local, international, public and private entities to help Dubai achieve all the above objectives in cybersecurity. It included the establishment of cybersecurity legislation and regulations to cover all forms of cybercrime, ranging from cyber bullying to violation of intellectual property.

Dubai's Second Phase of Cybersecurity Strategy

Around six years later, on July 12, 2023, Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Chairman of the Executive Council of Dubai, launched the second phase of Dubai's Cybersecurity Strategy.

This second phase came almost a month after he launched Dubai's Digital Strategy on June 21. This was centered on seven key pillars: digital city, digital economy, data and statistics, digital talent, digital infrastructure, cybersecurity, and digital competitiveness.

The second cybersecurity strategy phase is centered on four main domains to back up its first phase and Digital Dubai's seven objectives. Here are the four domains:

1. Cyber-Secure Society

This would include cultivating cyber skills in the citizens of Dubai and making cybersecurity easily accessible to them.

2. Incubator for Innovation

This would promote an ecosystem backed with cybersecurity research and innovation to ensure the security of emerging technologies in Dubai.

3. A Resilient Cyber City

This domain would shape how Dubai's cyberspace is governed, making it resilient enough to swiftly manage cybersecurity crises and incidents.

4. Cyber Collaboration

This last domain aims to extend collaborations and contributions between local and international cybersecurity organizations to keep abreast of cybersecurity-related trends. This domain aligns with Digital Dubai's objectives to ensure its citizens' development, safety, happiness, well-being, and prosperity.

Why You Should Care

Noting the close resemblance between the five main domains in the first cybersecurity strategy launch and the four main domains in the second, it seems that Dubai is simply repeating strategies that has helped improve its cybersecurity stance over the last six years.

For example, shortly after the first strategy launch in 2017, the Hack The Box competition made a comeback after an eight-year hiatus, while Dubai hosted dozens of cybersecurity events, attracting global cybersecurity decision-makers and business leaders, and a new cybersecurity platform aiming to scan Dubai government websites for threats.

And in 2020, the Crown Prince of Dubai launched the Dubai Cyber Index to show the government's readiness to deal with cyber crises and emergencies. This Cyber Index was founded as part of the DESC's mandate of implementing an information security policy in the Emirate of Dubai and monitoring compliance with this policy.