@THEUAETRA www.tra.gov.ae National Cybersecurity Strategy
@THEUAETRA
www.tra.gov.ae
National
Cybersecurity
Strategy
@THEUAETRA
www.tra.gov.ae
Rationale for a
Cybersecurity strategy
Worldwide has doubled in the past year, resulting in a significant cost to the global economy
The number of cybersecurity Incidents
3
2x Number of cybersecurity incidents globally
42%Increase in number of reported data breaches globally
Annual global cost of cybercrime to the
Average total cost of a data breach
($USD Billion, 2014-2017)
(2016-2017)
(2015-2017)
($USD Million, 2017-2018)
608
3.9
The impact of cybersecurityincidents extends beyond economic losses
4
Impact onServices
Direct FinancialImpact
Client Impact ReputationalImpact
To develop the National CybersecurityStrategy for the UAE, we leveraged
3 key sources of insights
5
Benchmarked 10 leadingcybersecurity ecosystem
Analysed +50 globalindices and publications
Global industryreports
Cybersecurityexperts
10 benchmarkcountries
Global panel of experts
with deep knowledge oncybersecurity topics
Our aspirations for the
National Cybersecurity Strategy
7
Our vision for UAE’s National Cybersecurity strategyTo create safe and resilient cyber infrastructure in the UAE that enables
citizens to fulfil their aspirations and empowers businesses to thrive
Our vision will impact all segments of the society
8
Provide confidence to citizens
to securely participate in the digital world
Celebrate contributions to innovation in cybersecurity
Foster a culture of entrepreneurship in cybersecurity
Enable SMEs to safeguard themselves
against most common cyber attacks
Protect critical information infrastructure assets
of the country
Build a world-class cybersecurity workforce in the UAE
Aspirations
Strategy pillars
To achieve these aspirations, we will mobilize the wholeecosystem to deliver ~60 initiatives across 5 pillars
10
Address all types of cybercrimes
Secure existing and emerging technologies
Support protection of SMEs
Cybersecurity laws& regulations
Support startups and promote R&D in cybersecurity
Develop cybersecurity capabilities
Drive citizen cybersecurity awareness
Encourage excellence in cybersecurity
Vibrant cybersecurityecosystem
Single point of contact for victims of cyber incidents
Standardized severity assessment and agency mobilization plan
Cross-agency information sharing
National CyberIncidentResponse plan
Identify critical assets in the UAE
Establish world-class risk management standards
Create robust processes for reporting, compliance and response CIIP program
Public sector
Private sector
Academia
International consortiums
Partnerships
Cybersecurity laws & regulations
Designing a comprehensive cybersecurity legaland regulatory framework
12
Online Child Protection Laws
Procedural Laws
Substantive Laws
Cloud Services Artificial Intelligence
IoT BlockchainDigital Signatures
Laws
Existing and EmergingTechnologies
Will be achieved through a comprehensivelegal and regulatory frameworkOur aspirations
Create legal frameworkto addressall types of cybercrimes
Build regulatory frameworkthat will secure existing andemerging technologies
Data Protection and Privacy Laws
Supporting protection of SMEs in the UAE
13
Provide guidelines to protectagainst most common cyber threats
Our aspirations
Offer incentives to implementthe recommended guidelines
Establish support systems to enableSMEs to implement guidelines
Develop essential cybersecuritystandard for SMEs
Will be achieved through3 key initiatives
Mandate Cybersecurityimplementation certification forgovernment suppliers
Build one-stop portal for SMEs toenable SMEs to implementthe standard
Vibrant cybersecurity ecosystem
Enabling the ecosystem to capture the hugecybersecurity opportunity
15
Drivingdemand
Ease-of-doingbusiness
Culture andmindset
Access tofinancing
Businesssupport
Educationand skilldevelopment
Innovation andtechnology adoption
Tap into the AED 1.8bnUAE cybersecurity market
Our aspirations
Capture the AED 18bn MENAcybersecurity market
Will be achieved through24 initiatives across 7 pillars
Developing capabilities of +40,000 cybersecurity professionals
16
Encourage professionals andstudents to pursue a career incybersecurity
Individuals
Trainingproviders
Our aspirations
Develop necessary cybersecuritycapabilities to meet aspirations ofthe country
Foster a vibrant ecosystem ofcybersecurity training providers
7 initiatives
Will be achieved through12 initiatives
5 initiatives
Creating cybersecurity citizen awareness in the UAE
17
Enable citizens to realizethe risks related to the cyberspace
Children & Teens
College students
Professionals
Homemakers & Senior citizens
Our aspirations
Influence citizen mindsets topractice cyber hygiene
Encourage institutions to activelyspread cyber awareness
Will be achieved through 12 initiatives
targeting citizen segments
People with determination
Rewarding excellence in cybersecurity througha national awards program
18
Encourage organizations to drivecybersecurity programs
Entities
Individuals
6 awards
6 awards
Our aspirations
Inspire entrepreneurs to innovatein cybersecurity
Support cutting-edge researchundertaken by academic institutions
Will be achieved through 12 initiativestargeting citizen segments
Motivate students to pursuecybersecurity careers
National Cyber Incident Response plan
Establishing a robust National Cyber Incident Response plan toenable swift and coordinated response to cyber incidents in the UAE
20
Streamline cybersecurity incidentdetection and reporting
Single Point of Contact
Advisories to protectagainst threats
Active Monitoring forcyber threats
Cross-Agency IntelligenceSharing
Establish standardized severityassessment matrix to mobilize therequired support
Build world-class capabilities torespond to all types ofcyber incidents
Will be achieved through4 key initiativesOur aspirations
CIIP program
Protecting critical assets of the UAE in 9 sectors
22
To safeguard assets in 9 critical sectorsof the UAE:
Our aspirations
Identify critical sectors,assets and associated risks
Will be achieved through a robustCIIP program
Establish world-class riskmanagement standards
Implement robust processesfor reporting, complianceand response
Food &Agriculture
Electricity &Water
Finance &Insurance
GovernmentEnergy ICT
Emergencyservices
TransportationHealthServices
Partnerships
Mobilizing the whole ecosystem through localand global partnerships
Partnerships are a core enabler in jointly achieving cybersecurity goals and ambitions
24
Public sector Private sector
Academia International consortiums
Types ofpartnerships
Governance
For successful implementation of the National Cybersecuritystrategy, we will establish multiple governance vehicles
26
9 sector committees to implementthe CIIP program…
And 2 vehicles for the NationalIncident Response plan
Take strategic decisionsrelated to the NationalIncident Responseprogram
Enable intelligence sharingbetween agencies forbetter visibility overcybersecurity threats
NationalIncident
ResponseCommittee
(NRC)
CyberIntelligenceUnit (CIU)
Food &Agriculture
Electricity &Water
Finance &Insurance
GovernmentEnergy ICT
Emergencyservices
TransportationHealthServices
TRA will monitor progress and impact of the National Cybersecuritystrategy through ~20 clearly defined key performance metrics
27
Internal TRA data – Data outputsfrom TRA initiative teams, aeCERT,etc.
1
2 Strategic KPIs
National Cybersecurity strategyProgress update
17 Operational KPIs
Collate data frommultiple sources
Ecosystem data- CIIP sectorcommittees, NRC, CIU, lawenforcement agencies, etc.
Global data - Reports, threatintelligence, etc.
Will enable TRA to track the progressof the strategy
2
3
www.tra.gov.ae