In recent years cyber security has become a key focus in the UAE. “The UAE has vastly improved its fibre network and now ranks as one of the most advanced countries in the world in terms of its network infrastructure,” Khaled Obaid Al Othman Al Ali, CEO of the Al Fahad Group, an Abu Dhabi-based defence and security company, told OBG. As one of the best-connected places in the Middle East, the UAE is at particular risk from electronic attacks and other digital threats, and the government is working to address this. Indeed, the late 2012 issuance of a handful of new laws to shore up the country’s electronic defences was widely considered to be a major step forward in combating digital threats to national security.
Current Status
In recent years Middle Eastern countries have been at the receiving end of a number of cyber attacks. In August 2012 Saudi Aramco – Saudi Arabia’s national oil giant – lost many of its digital capabilities after it was struck by a piece of malicious software, or malware, known as Shamoon. The programme also affected Qatar’s RasGas, the world’s second-largest producer of liquefied natural gas. In 2010 Iranian industrial control systems were targeted by a similar malware attack, known as Stuxnet.
The UAE has also faced attacks. According to a mid-2013 report by the US-based digital security company Symantec, an estimated 50% of smartphone users in the UAE had suffered some type of cybercrime attack over the course of the previous year, and 56% of smartphone users underestimate the risk of malware being installed on their mobiles. The report stated that the UAE is subject to more than 200 cyber attacks per day, a considerable percentage of which target the financial sector, largely through so-called phishing schemes that aim to acquire usernames and passwords from bank customers. Public sector institutions have also been targeted. In early 2012 digital services at the Central Bank of the UAE were temporarily interrupted by a denial-of-service attack that overwhelmed the network with empty requests to shut out real traffic.
Public & Private Sector Response
In recent years the government has taken steps to strengthen the UAE’s digital defences. In late 2012 it passed two new laws relating to digital security, namely Law No. 5, known as the Cyber Crimes Law, and Law No. 3, which formally established the National Electronic Security Authority (NESA), a new government entity with a mandate to “organise protection for the communication network and information systems in the state”. The law covers a wide range of offenses, including electronic forgery, phishing and hacking, electronic blackmail and network interference of various kinds. Additionally, it addresses a number of issues related to intellectual property, the creation and distribution of offensive content, and threats to state security. The Cyber Crimes Law will be implemented and enforced by NESA. The authority will work alongside and in conjunction with other relevant government entities, including the UAE Computer Emergency Response Team, which was established by the country’s Telecommunications Regulatory Authority in 2007. In a 2012 report released by the International Institute for Management Development, a Swiss business school, ranked the UAE first in the Middle East and fourth in the world in terms of cyber security preparedness, out of nearly 60 developed nations.
The private sector is also increasingly considered to be a major demand driver for digital security technology. “With cybercrime on the rise, there is a pressing need for financial institutions to review and, where necessary, heighten security,” said Al Othman Al Ali. “Currently, adoption rates among financial institutions for information technology-based security solutions lag behind those of the developed world. Therefore, we anticipate a significant increase in investment in advanced information technology solutions to address the threat.” Banks and other local financial institutions are in the process of implementing top-tier digital security defences throughout the country. Additionally, with the Shamoon malware incident in mind, the UAE’s energy sector is now prioritising cyber security.
Read More from OBG
