The United Arab Emirates (UAE) announced the adoption of cybersecurity standards for government agencies as it revealed the budget for the next five years (2022-2026), which is the largest in the history of the Gulf state.
The announcement was made by Sheikh Mohammed bin Rashid Al Maktoum, ruler of Dubai and vice president of the UAE, who stressed that cybersecurity is a sovereign priority, noting that cyberspace needs protection and updates.
On his Twitter account, Maktoum wrote, “Our borders in cyberspace are sovereign borders that we always need to protect and consolidate their defenses.”
The new federal budget with a total expenditure of 290 billion dirhams ($79 billion) was released after a Cabinet meeting held at the UAE pavilion of Expo 2020 Dubai, which was opened Oct. 1, aiming to bring world leaders together for the future and tackling challenges facing humanity.
The budget announcement by Maktoum did not give details about the cybersecurity standards, but it comes 10 months after the formation of the UAE Cyber Security Council.
In January, in the midst of the coronavirus pandemic, the newly formed Cyber Security Council held its first meeting to emphasize the importance of enhancing cybersecurity, as the pandemic emphasized the necessity of digital transformation for the future, even though it involves high risks.
During this meeting, the council discussed the development and modernization of the national cybersecurity strategy in order to respond to attacks and threats for the next five decades, as well as sharing information related to cybersecurity between different entities and sectors locally and internationally.
The pandemic and digital transformation were not the only reasons for the UAE’s endeavor to secure its cyberborders, but also developments in the region and the world were strong motives for the Gulf state.
Member of the Federal National Council, the parliamentary body of the UAE, Dherar Belhoul Al Falasi, told Al-Monitor that the UAE is looking toward the future and does not wait for a disaster to occur in order to move and to develop a sector, although the UAE has no current concerns that push it to move to secure its cyberspace.
“The futuristic thinking is what characterizes the UAE leadership, and cyberattacks pose a threat to every single part of the world. We have witnessed the recent cyberattacks on the United States that targeted big companies and so we have to be ready,” he said.
However, Mohamed al-Kuwaiti, head of UAE Government Cyber Security stated that cyberattacks related to the pandemic have increased significantly with the digital transformation in various areas of life, noting that the Middle East is facing what could be described as a "cyberpandemic."
“The UAE has seen at least 250% increase in cyberattacks, as the pandemic has forced organizations to embrace online work,” Kuwaiti said during a conference in Dubai in December 2020.
He noted that the sources of these attacks were varied and came from the entire region, but one was from Iran.
Falasi believes that these attacks mostly come from hackers affiliated with organizations that have become more organized in recent years, and they could be described as “lone wolves” that have malicious goals to target economic sectors, financial institutions and even the health sector.
On Oct. 11, Microsoft revealed that an Iranian hacking group was behind the cyberattacks in July that targeted companies in the United States, defense technology institutions in Israel, ports in the Arabian Gulf and shipping companies with a presence in the Middle East.
The comments by the UAE cybersecurity chief, and the revelation by Microsoft, provide an overview of the cybersecurity risks that surround that part of the world, which contains 50% of the world's oil reserves.
Falasi noted, “The announcement of the adoption of cybersecurity standards — along with the announcement of the highest budget in the history of the UAE — sends a message to the world and all those who might think to harm the country that we are prepared now and for the next five decades.”
In 2019, the UAE announced its National Cybersecurity strategy, which aims to create a safe and strong cyberinfrastructure that enables the support of citizens and empowers businesses to thrive.
The strategy also aims to train more than 40,000 cybersecurity professionals, and encourages students to pursue a career in this field. In addition, the strategy focuses on protecting assets in nine essential sectors in the government and in the fields of energy, finance, insurance, information and communications technology, and health services.
Walid Hajjaj, information security expert, said that the UAE has a very good infrastructure that qualifies it to implement cybersecurity projects for years to come, and it has prepared for that earlier than most countries in the Middle East.
He told Al-Monitor, “The UAE has jumped 33 places to rank 5th in the Global Cybersecurity Index 2020.”
He said that the new cybersecurity standards include developing a legal and regulatory framework to cover all current and future types of cybercrime, as well as secure existing and emerging technologies.
Hajjaj, editor of Hackershunter blog, believes that threats for the Middle East and Gulf region do not come only from individuals or hacking groups, but the most dangerous threats might come from terrorist groups that have been stationed in the region for years.
He noted that these groups have the technological expertise and competencies that enable them to attack the infrastructures of countries in the region, including the UAE, which stands clearly against terrorism.
He concluded, “The UAE has strongly supported Egypt in combating terrorist groups, and this determination in fighting terrorism must push it to secure its interests against any hack or cyberattacks that might target its critical sectors.”