In November 2020, the UAE Cabinet agreed to establish the UAE Cybersecurity Council with the aim of developing a comprehensive cybersecurity strategy and creating a safe and strong cyber infrastructure in the UAE.
The council will be chaired by the Head of Cyber Security for the UAE Government and will contribute to creating a legal and regulatory framework that covers all types of cybercrimes, securing existing and emerging technologies and establishing a robust ‘National Cyber Incident Response Plan’ to enable swift and coordinated response to cyber incidents in the country.
The UAE maintains digital security of individuals through the UAE Pass app,Emirates ID and SmartPass.
The UAE Pass app
The UAE Pass app is the first national digital identity and signature solution that enables users to identify themselves to government service providers in all emirates through a smartphone-based authentication. It also enables users to sign documents digitally with a high level of security. The app is available on iTunes and Google Play.
Federal Authority for Identity and Citizenship (FAIC), earlier known as Emirates Identity Authority (EIDA) succeeded in launching electronic identity cards for the whole population in the country including nationals and residents. The card carries biometric details of the holders an, in order to verify and confirm the identity of each individual through the personal number and the smart card related to the biological features of the individual.
For more information about identity protection by EIDA, refer to the following links from newspapers:
SmartPass enables access to the UAE Government’s online services through a single account, using one username and password. The benefit of SmartPass is that one does not need to have multiple usernames and passwords to get government services. Having multiple usernames and passwords often leads to misplacing and/or resetting them. Even then, the concern of maintaining multiple usernames and passwords exists. SmartPass eliminates such hassles.
To use SmartPass, one needs to register. Citizens and residents holding Emirates ID cards can register with their Emirates IDs. In this case, the SmartPass account not only carries accurate information about the user relating to name, birth date etc. but also provides a secure digital identity. SmartPass is also available for use by visitors or those living outside the UAE.
H. H. Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Chairman of Executive Council of Dubai launched Dubai Cyber Index, an initiative aimed at supporting the efforts of Dubai Government entities to ensure the highest standards of cyber security. Being the first initiative of its kind in the world, the index seeks to establish Dubai as the city with the safest cyber space in the world.
The index is aligned with the goal of Dubai Cyber Security Strategy to protect Dubai from a range of cyber security risks and support the emirate’s economic growth. It is also part of the city’s efforts to drive rapid technological progress and digital transformation. Dubai Cyber Index seeks to promote healthy competition among government entities in the field of cyber security and encourage the development of capabilities and excellence in this area.
The index was developed by Dubai Electronic Security Center (DESC) as part of its mandate to implement a government information security policy that provides the highest benchmarks of cyber security in the emirate. DESC monitors government entities to ensure that they comply with the information security requirements in order to ensure effective and secure communication networks and information systems.
Ministry of Interior and the National Programme for Happiness and Wellbeing launched the ‘Child Digital Safety’ initiative in March 2018, in a joint effort to raise awareness among children and school students about online threats and challenges, and promote a safe and constructive use of the internet.
The initiative also familiarises parents and educators with solutions they can use to address these challenges and ensure the safety of their children and students. It includes developing educational material on digital safety, facilitating children with global best practices in that domain, and providing advice to parents and teachers to enhance digital safety for their children at home and in the learning environment.
Four sub-initiatives to enhance digital safety of children
This initiative consists of four main sub-initiatives. They are:
Interactive Children’s Camp, where children between 5 and 18 years can learn how to use the internet and social media safely
Digital Wellbeing Portal, which provides tools and information to help parents face the challenges of the digital world
training workshops, where parents and teachers can be trained to address digital challenges and threats and
a support platform to answer urgent queries from parents regarding digital safety.
Protection of children's data online
Article 29 of Federal Law No. 3 of 2016 Concerning Child Rights, also known as Wadeema's Law (PDF, 250 KB), states: The telecommunications companies and internet service providers shall notify the competent authorities or the concerned entities of any child pornography materials being circulated through the social media sites and on the Internet and shall provide necessary information and data on the persons, entities or sites that circulate such material or intend to mislead the children.
In addition, the Dubai Data Law (Law No. 26 of 2015 on the Organization of Dubai Data Publication and Sharing, PDF 250 KB) aims for data protection and privacy of all individuals including that of children.
The UAE introduced FedNet which provides available, convenient, on-demand network access to a shared pool of configurable computing resources for all federal government entities. One of the features of FedNet is its secure architecture which enhances the UAE’s cyber security. This is done through the secured and private network, Multiprotocol Label Switching (MPLS) cloud.
The FedNet team is responsible for observing and monitoring the events and procedures of the FedNet round the clock, ensuring that the necessary actions are taken in case of errors or violations. A Security Information and Event Management (SIEM) system is operated by a dedicated 24/7/365 security operations centre (SOC) to manage all security events within FedNet.
The UAE is taking several other efforts to maintain and strengthen cyber security. Some of these efforts are mentioned below.
The UAE dedicated a Computer Emergency Response Team (aeCERT) to improve the standards of information security in the UAE and protect the IT infrastructure from potential risks and violations. aeCERT aims to support and ensure a safer cyber space for the UAE nationals and residents and disseminate information about threats, vulnerabilities and cyber security incidents. Public may report any cyber security incidents through aeCERT.
The goal of this initiative is to spread knowledge about cyber safety to the entire community and have a generation that has integrated knowledge about information security and is mindful when conducting activities online.
UAE Ambassadors for electronic security
This initiative from TRA aims to train top UAE students to serve as ambassadors in promoting and spreading cyber security awareness across the UAE. Read about other cyber security initiatives in the UAE.
In 2016, the Dubai Police’s Al Ameen service in cooperation with the UAE's Telecommunications Regulatory Authority (TRA) organised a cyber-blackmail awareness campaign. The campaign aims to protect victims from blackmailing by chasing all criminals in all parts of the world, in addition to issuing requests to the Interpol to hunt these criminals wherever they are. Read more on cyber blackmailing and how to stay safe.
Cyber C3 is an initiative that aims to develop ‘digital citizens’ who are able to benefit from online participation while taking responsibility for self-protection and the potential consequences of their online behaviour. Cyber-citizenship goes beyond safety and risk. It calls for positive engagement in the online environment.
The programme targets students from grades 9 to 12, college and university students, professionals, parents and family foundations. The UAE cybercrime laws are embedded in the curriculum to foster the understanding of these laws through local case studies.
The UAE’s National Cybersecurity strategy (PDF 18.7 MB) aims to create a safe and strong cyber infrastructure in the UAE that enables citizens to fulfill their aspirations and empowers businesses to thrive. The updated version of the strategy was launched in 2019 by Telecommunications Regulatory Authority (TRA), the entity which is responsible for the ICT sector and digital transformation in the country. The strategy is based on 5 pillars and 60 initiatives aiming to mobilise the whole cybersecurity ecosystem in the UAE.
The emirate of Dubai launched the Dubai Cyber Security Strategy (PDF, 2.67 MB) which aims to strengthen Dubai's position as a world leader in innovation, safety and security. One of the main domains of the plan is to build a secure cyber space by establishing controls to protect the confidentiality, credibility, availability and privacy of data. Read more on the Dubai Cyber Security Strategy.
Implementing cyber laws
Studies showed that cyber criminals often choose to operate in countries with weak or non-existent cybercrime laws and within communities that lack awareness about the subject. Hence, the UAE issued may laws and regulations to counter cybercrimes.
Under the Federal Law No. 5 of 2012 on Combatting Cybercrimes (PDF, 120 KB) and its amendment by Federal Law No. 12 of 2016, the UAE criminalises the use of the internet to invade privacy of another person, the recording of audio or video conversation or communication, photographing others or copying the same and publishing news, statements or information. Violation of the law will be punishable with imprisonment and/or a fine between AED 500,000 and AED 2,000,000. Read about other cyber laws and regulations in the UAE.
UAE Information Assurance (IA) Regulation
In light of the rapidly evolving cyber threats, including hacktivists and organised cybercrime groups that challenge national security and compromise critical information assets, Telecommunications Regulatory Authority developed the ‘UAE Information Assurance Regulation’ to provide requirements to raise the minimum level of protection of information assets and supporting systems across all entities in the UAE. The regulation seeks a trusted digital environment throughout the UAE.
eSignature and digital certification
What is an eSignature?
An eSignature is used in electronic messages to identify the signatory (the sender of the message) and distinguish them from everyone else. An eSignature also proves that the message received is the same message that was sent by the signatory and that nothing has been added, deleted or amended. It may consist of letters, marks, symbols, numbers, sounds or images.
An eSignature is as legally binding as a signature executed by hand.
Federal Law No. 1 of 2006 on Electronic Commerce and Transactions approves the use of eSignatures in the UAE. To create an eSignature, you need an electronic signature creation device, and a digital certificate to be authorised to use this device. Certification services providers issue digital certificates. These certificates confirm the identity of the signature device holder.
Read more on eSignatures on the website of Judicial Department in Abu Dhabi.
What is a digital certificate?
A digital certificate is a certificate issued by a certification service provider, which confirms the identity of the person or entity holding an electronic signature creation device. An electronic signature creation device is a uniquely configured device or electronic information that enables a person to apply his e-signature in the form of electronic keys and symbols.
What is a digital certification service provider (DCSP)?
A digital certification service provider is an accredited or authorised natural person or legal entity that issues digital certificates and offers digital signature-related services.
How to apply for a DCSP license?
You can apply for a DCSP license through Telecommunications Regulatory Authority (TRA). Obtaining a licence from TRA is required for all digital certificate service providers operating in the UAE with respect to eRecords, eDocuments and eSignatures related to eTransactions and/or eCommerce. To apply for a DCSP licence, you need to submit the following documents to TRA:
your company’s memorandum and Articles of Association
details of your company’s organisational and ownership structure
the commercial licence authorising you to act as a DCSP
a statement of your commercial activities
details of the company's accounts and financial resources for the previous two years (or less if your company has been trading for less than two years)
an insurance policy which shows you have sufficient cover for your activities as a DCSP.
Digital signature and timestamp service
Federal Authority for Identity and Citizenship (ICA) offers digital signature and timestamp service. The service enables entities and individuals to sign documents and transactions digitally using their ID card, with a timestamp on the signature that shows the date and exact time of the signature. The timestamp cannot be changed or altered even by the owner of the digital signature which gives undisputed accuracy of document and transaction creation and updates.
ICA Validation Gateway-VG
To simplify the usage of the Emirates ID card and its certificates, Federal Authority for Identity and Citizenship (ICA) set up a Validation Gateway(VG). VG enables governments, organisations as well as individuals to make use of the Emirates ID card in an online scenario. The VG is a service available online that offers a wide variety of digital functionality related to the Emirates ID card. After approval from ICA, users can connect to the VG and perform online services using the Emirates ID cards for authentication and signing. Read more about ICA’s Validation Gateway.