The National Policy for the Internet of Things Security was adopted to enhance the UAE’s global standing in the field of IoT security and to support the protection of the UAE's cyberspace. This policy outlines the main directives for the cybersecurity system, assigning essential tasks and responsibilities to improve its operational capabilities, ensuring an optimal response to cyber incidents.
This policy supports the adoption of emerging technologies, cloud computing, and the IoT. It also ensures that IoT service providers meet security requirements and guarantees a level of protection for all IoT users, when purchasing or using services. This aims to mitigate the potential negative impacts that can accompany reliance on modern technologies.
Objectives of the policy
The objectives of the policy are to:
- reduce the number of critical or serious incidents
- establish a unified approach for responding to cybersecurity incidents
- strengthen the cybersecurity ecosystem across all targeted vital sectors nationwide
- define the primary directives for the cybersecurity ecosystem and assign critical functions with the aim of safeguarding the UAE cyberspace through emerging technologies, while fostering the adoption of cloud computing and the Internet of Things
- improve the operational capacity of the cybersecurity ecosystem to achieve optimal incident response and boost situational awareness
- establish a successful accreditation system based on rigorous standards to instill confidence in the cybersecurity service providers’ systems within the UAE.
Priorities and key components
The priorities and key components of the policy revolve around 5 principles which were developed to help the IoT consumers and IoT service providers in their purchasing and operating decision-making process. The principles are:
- security and privacy by design - use certified devices, tailor-made operating systems, services managed by recognised service providers, and skilled resources to support the development, optimal utilisation, and operation of secure IoT applications
- identify security priorities based on impact - consider potential implications of service outages, breaches, or malicious activities faced by consumers when developing and establishing security measures, and assigning responsibilities to mitigate the resulting serious implications
- strong defence - develop a comprehensive approach to security, based on activating a multi-layered defence mechanism against cybersecurity threats in the design of IoT applications and their ecosystem
- guidance on best practices - leverage global best practices to provide security and enhance compliance efficiencies
- a collaborative and transparent ecosystem - share information about security vulnerabilities with manufacturers, service providers, industrial consumers, and regulators to increase awareness.
Expected outcome
The policy is expected to achieve the following outcome:
- ensure the secure exchange of information in line with globally recognised best practices
- secure systems integral to vital sector operations and ensure the resilience of their protective measures
- mitigate the impact of cyber-attacks through adherence to standardized criteria aimed at reducing known risks and vulnerabilities
- establish unified cyber foundations at the national level to support security requirements for IoT technology
- foster increased collaboration and cooperation between the public and private sectors through standardisation efforts
- safeguard IoT systems used by all entities and organisations while ensuring the durability of their protection systems.
- decrease the number of technical incidents associated with IoT technology and reduce susceptibility to cybercrime
- bolster public confidence in IoT technology.