@THEUAETRA

www.tra.gov.ae

National

Cybersecurity

Strategy

@THEUAETRA

www.tra.gov.ae

Rationale for a

Cybersecurity strategy

Worldwide has doubled in the past year, resulting in a significant cost to the global economy

The number of cybersecurity Incidents

3

2x Number of cybersecurity incidents globally

42%Increase in number of reported data breaches globally

Annual global cost of cybercrime to the

Average total cost of a data breach

($USD Billion, 2014-2017)

(2016-2017)

(2015-2017)

($USD Million, 2017-2018)

608

3.9

The impact of cybersecurityincidents extends beyond economic losses

4

Impact onServices

Direct FinancialImpact

Client Impact ReputationalImpact

To develop the National CybersecurityStrategy for the UAE, we leveraged

3 key sources of insights

5

Benchmarked 10 leadingcybersecurity ecosystem

Analysed +50 globalindices and publications

Global industryreports

Cybersecurityexperts

10 benchmarkcountries

Global panel of experts

with deep knowledge oncybersecurity topics

Our aspirations for the

National Cybersecurity Strategy

7

Our vision for UAE’s National Cybersecurity strategyTo create safe and resilient cyber infrastructure in the UAE that enables

citizens to fulfil their aspirations and empowers businesses to thrive

Our vision will impact all segments of the society

8

Provide confidence to citizens

to securely participate in the digital world

Celebrate contributions to innovation in cybersecurity

Foster a culture of entrepreneurship in cybersecurity

Enable SMEs to safeguard themselves

against most common cyber attacks

Protect critical information infrastructure assets

of the country

Build a world-class cybersecurity workforce in the UAE

Aspirations

Strategy pillars

To achieve these aspirations, we will mobilize the wholeecosystem to deliver ~60 initiatives across 5 pillars

10

Address all types of cybercrimes

Secure existing and emerging technologies

Support protection of SMEs

Cybersecurity laws& regulations

Support startups and promote R&D in cybersecurity

Develop cybersecurity capabilities

Drive citizen cybersecurity awareness

Encourage excellence in cybersecurity

Vibrant cybersecurityecosystem

Single point of contact for victims of cyber incidents

Standardized severity assessment and agency mobilization plan

Cross-agency information sharing

National CyberIncidentResponse plan

Identify critical assets in the UAE

Establish world-class risk management standards

Create robust processes for reporting, compliance and response CIIP program

Public sector

Private sector

Academia

International consortiums

Partnerships

Cybersecurity laws & regulations

Designing a comprehensive cybersecurity legaland regulatory framework

12

Online Child Protection Laws

Procedural Laws

Substantive Laws

Cloud Services Artificial Intelligence

IoT BlockchainDigital Signatures

Laws

Existing and EmergingTechnologies

Will be achieved through a comprehensivelegal and regulatory frameworkOur aspirations

Create legal frameworkto addressall types of cybercrimes

Build regulatory frameworkthat will secure existing andemerging technologies

Data Protection and Privacy Laws

Supporting protection of SMEs in the UAE

13

Provide guidelines to protectagainst most common cyber threats

Our aspirations

Offer incentives to implementthe recommended guidelines

Establish support systems to enableSMEs to implement guidelines

Develop essential cybersecuritystandard for SMEs

Will be achieved through3 key initiatives

Mandate Cybersecurityimplementation certification forgovernment suppliers

Build one-stop portal for SMEs toenable SMEs to implementthe standard

Vibrant cybersecurity ecosystem

Enabling the ecosystem to capture the hugecybersecurity opportunity

15

Drivingdemand

Ease-of-doingbusiness

Culture andmindset

Access tofinancing

Businesssupport

Educationand skilldevelopment

Innovation andtechnology adoption

Tap into the AED 1.8bnUAE cybersecurity market

Our aspirations

Capture the AED 18bn MENAcybersecurity market

Will be achieved through24 initiatives across 7 pillars

Developing capabilities of +40,000 cybersecurity professionals

16

Encourage professionals andstudents to pursue a career incybersecurity

Individuals

Trainingproviders

Our aspirations

Develop necessary cybersecuritycapabilities to meet aspirations ofthe country

Foster a vibrant ecosystem ofcybersecurity training providers

7 initiatives

Will be achieved through12 initiatives

5 initiatives

Creating cybersecurity citizen awareness in the UAE

17

Enable citizens to realizethe risks related to the cyberspace

Children & Teens

College students

Professionals

Homemakers & Senior citizens

Our aspirations

Influence citizen mindsets topractice cyber hygiene

Encourage institutions to activelyspread cyber awareness

Will be achieved through 12 initiatives

targeting citizen segments

People with determination

Rewarding excellence in cybersecurity througha national awards program

18

Encourage organizations to drivecybersecurity programs

Entities

Individuals

6 awards

6 awards

Our aspirations

Inspire entrepreneurs to innovatein cybersecurity

Support cutting-edge researchundertaken by academic institutions

Will be achieved through 12 initiativestargeting citizen segments

Motivate students to pursuecybersecurity careers

National Cyber Incident Response plan

Establishing a robust National Cyber Incident Response plan toenable swift and coordinated response to cyber incidents in the UAE

20

Streamline cybersecurity incidentdetection and reporting

Single Point of Contact

Advisories to protectagainst threats

Active Monitoring forcyber threats

Cross-Agency IntelligenceSharing

Establish standardized severityassessment matrix to mobilize therequired support

Build world-class capabilities torespond to all types ofcyber incidents

Will be achieved through4 key initiativesOur aspirations

CIIP program

Protecting critical assets of the UAE in 9 sectors

22

To safeguard assets in 9 critical sectorsof the UAE:

Our aspirations

Identify critical sectors,assets and associated risks

Will be achieved through a robustCIIP program

Establish world-class riskmanagement standards

Implement robust processesfor reporting, complianceand response

Food &Agriculture

Electricity &Water

Finance &Insurance

GovernmentEnergy ICT

Emergencyservices

TransportationHealthServices

Partnerships

Mobilizing the whole ecosystem through localand global partnerships

Partnerships are a core enabler in jointly achieving cybersecurity goals and ambitions

24

Public sector Private sector

Academia International consortiums

Types ofpartnerships

Governance

For successful implementation of the National Cybersecuritystrategy, we will establish multiple governance vehicles

26

9 sector committees to implementthe CIIP program…

And 2 vehicles for the NationalIncident Response plan

Take strategic decisionsrelated to the NationalIncident Responseprogram

Enable intelligence sharingbetween agencies forbetter visibility overcybersecurity threats

NationalIncident

ResponseCommittee

(NRC)

CyberIntelligenceUnit (CIU)

Food &Agriculture

Electricity &Water

Finance &Insurance

GovernmentEnergy ICT

Emergencyservices

TransportationHealthServices

TRA will monitor progress and impact of the National Cybersecuritystrategy through ~20 clearly defined key performance metrics

27

Internal TRA data – Data outputsfrom TRA initiative teams, aeCERT,etc.

1

2 Strategic KPIs

National Cybersecurity strategyProgress update

17 Operational KPIs

Collate data frommultiple sources

Ecosystem data- CIIP sectorcommittees, NRC, CIU, lawenforcement agencies, etc.

Global data - Reports, threatintelligence, etc.

Will enable TRA to track the progressof the strategy

2

3

www.tra.gov.ae