In light of the rapidly evolving cyber threats, including hacktivists and organised cybercrime groups that challenge national security and compromise critical information assets, Telecommunications and Digital Government Regulatory Authority developed the ‘UAE Information Assurance Regulation’ to provide requirements to raise the minimum level of protection of information assets and supporting systems across all entities in the UAE. The regulation seeks a trusted digital environment throughout the UAE.
The IA Regulation provides management and technical information security controls for entities to establish, implement, maintain, and continuously improve information assurance. TDRA will designate the critical entities as per the UAE CIIP Policy to implement the IA Regulation and apply its requirements to the use, processing, storage and transmission of information or data, and the systems and processes used for those purposes. This includes information in physical or electronic form that may be owned, leased, or otherwise in the possession, custody, or control of the entities.
In particular, the IA Regulation provides:
description of how information assurance is achieved at the national, sector and entity levels
a risk-based approach for the implementation of the IA
an outline of the roles and responsibilities of key stakeholders for the planning, development, implementation and ongoing monitoring and improvement of IA
a reference catalogue of common information security controls to defend against common threats that exploit known cyber security vulnerabilities
a realisation for sectorial requirements through the provision of specialised controls to address sector-specific information assurance requirements
a phased implementation approach to address the most common threats, facilitate the incremental adoption of IA and optimise the value realised through implementation of IA
a definition of compliance from the perspective of IA and describes the approach that will be adopted by TDRA to assess compliance
an enabler for inter-entity and cross-sector communication to support information sharing and build national situational awareness.
The UAE introduced FedNet which provides available, convenient, on-demand network access to a shared pool of configurable computing resources for all federal government entities. One of the features of FedNet is its secure architecture which enhances the UAE’s cybersecurity. This is done through the secured and private network, Multiprotocol Label Switching (MPLS) cloud.
The FedNet team is responsible for observing and monitoring the events and procedures of the FedNet round the clock, ensuring that the necessary actions are taken in case of errors or violations. A Security Information and Event Management (SIEM) system is operated by a dedicated 24/7/365 security operations centre (SOC) to manage all security events within FedNet.
The UAE is taking several other efforts to maintain and strengthen cybersecurity. Some of these efforts are mentioned below.
The UAE dedicated a Computer Emergency Response Team (aeCERT) to improve the standards of information security in the UAE and protect the IT infrastructure from potential risks and violations. aeCERT aims to support and ensure a safer cyberspace for the UAE nationals and residents and disseminate information about threats, vulnerabilities and cybersecurity incidents. Public may report any cybersecurity incidents through aeCERT.
The goal of this initiative is to spread knowledge about cyber safety to the entire community and have a generation that has integrated knowledge about information security and is mindful when conducting activities online.
UAE Ambassadors for electronic security
This initiative from TRA aims to train top UAE students to serve as ambassadors in promoting and spreading cybersecurity awareness across the UAE. Read about other cybersecurity initiatives in the UAE.
In 2016, the Dubai Police’s Al Ameen service in cooperation with the UAE's Telecommunications Regulatory Authority (TRA) organised a cyber-blackmail awareness campaign. The campaign aims to protect victims from blackmailing by chasing all criminals in all parts of the world, in addition to issuing requests to the Interpol to hunt these criminals wherever they are. Read more on cyber blackmailing and how to stay safe.
Cyber C3 is an initiative that aims to develop ‘digital citizens’ who are able to benefit from online participation while taking responsibility for self-protection and the potential consequences of their online behaviour. Cyber-citizenship goes beyond safety and risk. It calls for positive engagement in the online environment.
The programme targets students from grades 9 to 12, college and university students, professionals, parents and family foundations. The UAE cybercrime laws are embedded in the curriculum to foster the understanding of these laws through local case studies.
The UAE’s National Cybersecurity strategy (PDF 18.7 MB) aims to create a safe and strong cyber infrastructure in the UAE that enables citizens to fulfill their aspirations and empowers businesses to thrive. The updated version of the strategy was launched in 2019 by Telecommunications Regulatory Authority (TRA), the entity which is responsible for the ICT sector and digital transformation in the country. The strategy is based on 5 pillars and 60 initiatives aiming to mobilise the whole cybersecurity ecosystem in the UAE.
The emirate of Dubai launched the Dubai Cyber Security Strategy (PDF, 2.67 MB) which aims to strengthen Dubai's position as a world leader in innovation, safety and security. One of the main domains of the plan is to build a secure cyber space by establishing controls to protect the confidentiality, credibility, availability and privacy of data. Read more on the Dubai Cyber Security Strategy.
Implementing cyber laws
Studies showed that cyber criminals often choose to operate in countries with weak or non-existent cybercrime laws and within communities that lack awareness about the subject. Hence, the UAE issued may laws and regulations to counter cybercrimes.
Under the Federal Law No. 5 of 2012 on Combatting Cybercrimes (PDF, 120 KB) and its amendment by Federal Law No. 12 of 2016, the UAE criminalises the use of the internet to invade privacy of another person, the recording of audio or video conversation or communication, photographing others or copying the same and publishing news, statements or information. Violation of the law will be punishable with imprisonment and/or a fine between AED 500,000 and AED 2,000,000. Read about other cyber laws and regulations in the UAE.
The UAE maintains digital security of individuals through the UAE Pass app and Emirates ID.
The UAE Pass app
The UAE Pass app is the first national digital identity and signature solution that enables users to identify themselves to government service providers in all emirates through a smartphone-based authentication. It also enables users to sign documents digitally with a high level of security. The app is available on iTunes and Google Play.
Federal Authority for Identity and Citizenship (ICA), earlier known as Emirates Identity Authority (EIDA) succeeded in launching electronic identity cards for the whole population in the country including nationals and residents. The card carries biometric details of the holders an, in order to verify and confirm the identity of each individual through the personal number and the smart card related to the biological features of the individual.
eSignature and digital certification
What is an eSignature?
An eSignature is used in electronic messages to identify the signatory (the sender of the message) and distinguish them from everyone else. An eSignature also proves that the message received is the same message that was sent by the signatory and that nothing has been added, deleted or amended. It may consist of letters, marks, symbols, numbers, sounds or images.
An eSignature is as binding as a signature executed by hand. Federal Law No. 1 of 2006 on Electronic Commerce and Transactions approves the use of eSignatures in the UAE. To create an eSignature, you need an electronic signature creation device, and a digital certificate to be authorised to use this device. Certification services providers issue digital certificates. These certificates confirm the identity of the signature device holder.
Read more on eSignatures on the website of Judicial Department in Abu Dhabi.
What is a digital certificate?
A digital certificate is a certificate issued by a certification service provider, which confirms the identity of the person or entity holding an electronic signature creation device. An electronic signature creation device is a uniquely configured device or electronic information that enables a person to apply his e-signature in the form of electronic keys and symbols.
What is a digital certification service provider (DCSP)?
A digital certification service provider is an accredited or authorised natural person or legal entity that issues digital certificates and offers digital signature-related services.
How to apply for a DCSP license?
You can apply for a DCSP license through Telecommunications and Digital Government Regulatory Authority (TDRA). Obtaining a licence from TRA is required for all digital certificate service providers operating in the UAE with respect to eRecords, eDocuments and eSignatures related to eTransactions and/or eCommerce. To apply for a DCSP licence, you need to submit the following documents to TRA:
your company’s memorandum and Articles of Association
details of your company’s organisational and ownership structure
the commercial licence authorising you to act as a DCSP
a statement of your commercial activities
details of the company's accounts and financial resources for the previous two years (or less if your company has been trading for less than two years)
an insurance policy which shows you have sufficient cover for your activities as a DCSP.
Digital signature and timestamp service
Federal Authority for Identity and Citizenship (ICA) offers digital signature and timestamp service. The service enables entities and individuals to sign documents and transactions digitally using their ID card, with a timestamp on the signature that shows the date and exact time of the signature. The timestamp cannot be changed or altered even by the owner of the digital signature which gives undisputed accuracy of document and transaction creation and updates.
ICA Validation Gateway-VG
To simplify the usage of the Emirates ID card and its certificates, Federal Authority for Identity and Citizenship (ICA) set up a Validation Gateway(VG). VG enables governments, organisations as well as individuals to make use of the Emirates ID card in an online scenario. The VG is a service available online that offers a wide variety of digital functionality related to the Emirates ID card. After approval from ICA, users can connect to the VG and perform online services using the Emirates ID cards for authentication and signing. Read more about ICA’s Validation Gateway.
Ministry of Interior and the National Programme for Happiness and Wellbeing launched the ‘Child Digital Safety’ initiative in March 2018, in a joint effort to raise awareness among children and school students about online threats and challenges, and promote a safe and constructive use of the internet.
The initiative also familiarises parents and educators with solutions they can use to address these challenges and ensure the safety of their children and students. It includes developing educational material on digital safety, facilitating children with global best practices in that domain, and providing advice to parents and teachers to enhance digital safety for their children at home and in the learning environment.
Four sub-initiatives to enhance digital safety of children
This initiative consists of four main sub-initiatives. They are:
Interactive Children’s Camp, where children between 5 and 18 years can learn how to use the internet and social media safely
Digital Wellbeing Portal, which provides tools and information to help parents face the challenges of the digital world
training workshops, where parents and teachers can be trained to address digital challenges and threats and
a support platform to answer urgent queries from parents regarding digital safety.
Protection of children's data online
Article 29 of Federal Law No. 3 of 2016 Concerning Child Rights, also known as Wadeema's Law (PDF, 250 KB), states: The telecommunications companies and internet service providers shall notify the competent authorities or the concerned entities of any child pornography materials being circulated through the social media sites and on the Internet and shall provide necessary information and data on the persons, entities or sites that circulate such material or intend to mislead the children.
In addition, the Dubai Data Law (Law No. 26 of 2015 on the Organization of Dubai Data Publication and Sharing, PDF 250 KB) aims for data protection and privacy of all individuals including that of children.
The Sannif initiative was launched to enable parents to learn about eGames and assess their impact on their children.
The Digital Life Quality Knowledge Platform was launched to build the digital capacities of community members with focus on students, parents, teachers, people of determination and senior citizens.
In November 2020, the UAE Cabinet agreed to establish the UAE Cybersecurity Council with the aim of developing a comprehensive cybersecurity strategy and creating a safe and strong cyber infrastructure in the UAE.
The council will be chaired by the Head of Cyber Security for the UAE Government and will contribute to creating a legal and regulatory framework that covers all types of cybercrimes, securing existing and emerging technologies and establishing a robust ‘National Cyber Incident Response Plan’ to enable swift and coordinated response to cyber incidents in the country.
The report measured 194 countries for their cybersecurity infrastructure on the following five pillars:
capacity development measures
Each pillar weighs 20 points. The UAE achieved a full score in the 3 pillars of legal measures, capacity development and cooperative measures. Its total score is 98.06 out of 100.
The UAE made a huge jump in its rank from 33rd in the 2019 report to 5th in 2020, where it shares its position jointly with Russia and Malaysia.
Dubai Cyber Index
H. H. Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Chairman of Executive Council of Dubai launched Dubai Cyber Index, an initiative aimed at supporting the efforts of Dubai Government entities to ensure the highest standards of cybersecurity. Being the first initiative of its kind in the world, the index seeks to establish Dubai as the city with the safest cyber space in the world.
The index is aligned with the goal of Dubai Cyber Security Strategy to protect Dubai from a range of cybersecurity risks and support the emirate’s economic growth. It is also part of the city’s efforts to drive rapid technological progress and digital transformation. Dubai Cyber Index seeks to promote healthy competition among government entities in the field of cybersecurity and encourage the development of capabilities and excellence in this area.
The index was developed by Dubai Electronic Security Center (DESC) as part of its mandate to implement a government information security policy that provides the highest benchmarks of cybersecurity in the emirate. DESC monitors government entities to ensure that they comply with the information security requirements in order to ensure effective and secure communication networks and information systems.