The UAE Telecommunications Regulatory Authority rolled out its first National Cybersecurity Strategy on Monday to create a legal framework that safeguards emerging technologies and the nation’s critical infrastructure, as the government boosts cybersecurity investments across the Emirates.
“We will identify all existing cybersecurity laws and also draft new regulations required to cope with emerging cybercrimes,” said Mohammad Al Zarooni, the TRA’s director of policies and programmes.
“A couple of potential areas that draw our immediate attention include data security and online chat protection.”
The new strategy includes 60 initiatives that will be executed across different sectors over the next three years, and then further evaluated.
More than 3.7 million individuals in the UAE were affected by cybercrime in 2017, totalling a financial loss of close to Dh3.86 billion, according to a security insights report by cybersecurity specialist Norton. Total time per consumer lost to cybercrime was almost two days, it said.
According to the TRA, besides providing a resilient cyber infrastructure, the strategy will create new opportunities in the cybersecurity sector that is currently worth Dh1.8bn in the UAE - almost 10 per cent of the entire Middle East and North Africa market.
The TRA is also drafting regulations to ensure the safety of emerging technologies - including cloud computing, artificial intelligence, Internet of Things, digital signatures and blockchain.
“Once ready, regulations [for emerging technologies] will be rolled out in phases, depending on the urgency and market requirements. We will ensure a balance to have a smooth nationwide implementation,” said Mr Zarooni.
The TRA, which regulates the UAE’s telecom sector and enables government entities in the field of "smart" transformation, has developed its strategy after consulting more than 50 relevant global publications and studying other countries' cutting-edge national programmes to incorporate best global practice in the UAE.
The regulator has identified nine different sectors, including energy, telecoms, transportation, health and utilities, as “critical” and dedicated programmes will come up for their security. Critical infrastructure constitutes assets that are essential for the well-being of any nation’s economy and security.
“Critical infrastructure is our priority … even an outage of only couple of hours will impact thousands of people in one go,” said Mr Zarooni, adding, “There will be a unified mechanism to report and respond to minimise damage in case of any breach.”
As part of the strategy, the TRA will work on developing capabilities of more than 40,000 cybersecurity professionals through further training and opening new job avenues in the field of cybersecurity.