Cyber News Global: Issue 15

Dear Reader,

Welcome to this CNI GISEC Special Edition of Cyber News Global, we are delighted to be publishing an exclusive synopsis of the National Cyber Security Strategy of the UAE 2025 -2031.

This particular edition has been created with the assistance of Industry leading experts from every field within Critical National Infrastructure.

With many thought-provoking editorial contributions from Industry leading partners, an exceptional contribution from Saltanat Mashirova on navigating the future of OT Cyber Security.

We consider the role that compliance has when looking at your cyber security, and we have taken time to consider what Governance, Risk and Compliance can do for our organisations.

An In-depth review of the National Cyber Security Strategy identifies the critical pillars that are required to underpin a resilient cyber economy and eco system. As with compliance underpinned by GRC we must also consider our obligations for Data Protection, we are delighted to publish a focus on the Global Gold standard of Data Protection GDPR, looking at why GDPR sets the bar when it comes to data protection.

Defending critical information infrastructure must be considered which has been reviewed by Vijay Velayutham the principal CISO at the Ministry of Energy UAE.

Industrial cyber security must be considered when assessing our CNI and we have been provided with a deep dive into just this subject by Goran Novkovic, Director of Industrial Cybersecurity Toronto Transit Commission Canada.

The future for everyone in cyber is exciting and challenging, we must place more trust and belief in our people and their capabilities to ensure that they lead the way.

Please enjoy this special

September

Empowering Global Cooperation in Cybersecurity

3rd Edition

5-6 November 2025 | Exhibition World Bahrain

November - 12 | Abu Dhabi, UAE

M-Trends 2025 Report

Get a deep dive into key cybersecurity trends and metrics.

• Incident response metrics, top detection sources and initial infection vectors

• Growing risk posed by infostealer malware

• The Democratic People’s Republic of Korea IT worker threat

• The danger of unsecured data repositories

• The Iranian threat landscape in 2024

• The evolution of data theft in cloud and software as a service environments

• Common themes in cloud compromise investigations

• Threats to Web3 and cryptocurrency

Reserve your copy now.

Defending Critical Information Infrastructure (CII) -

The need for collaboration and innovation

The need to effectively defend Critical Information Infrastructure (CII) and achieve resilience has never been greater. In an increasingly digital world, Critical Information Infrastructure has become a prime target for cyber threat actors, including nation states, criminal syndicates, and attackers with financial motives. Also called Critical National Infrastructure (CNI), these are the various essential resources of a nation, that form a part of its very fiber.

From energy grids and water systems to transportation networks and healthcare institutions, CII is the backbone of the essential services that keep societies running. Over the decades these systems have become more interconnected and reliant on digital technology, making them more vulnerable to cyberattacks. However, this challenge can be effectively overcome by adopting an innovative and collaborative approach, with a relentless focus on the security-basics.

The defense of CII must be a national priority. But no single organization or entity can do it alone. The complexity and scale of the threat landscape require a joint effort between government entities, the private sector and technology vendors. Fortunately, across the world, we are witnessing a positive shift towards more inclusive and forward-thinking cybersecurity strategies that emphasize resilience, collaboration, and shared responsibility. A shift from security to resilience, from partnership to collaboration.

The protection of CII in the United Arab Emirates – An overview

The UAE Cybersecurity Council has been doing a tremendous job in driving the adoption of robust security practices across government entities, both critical and non-critical. With the goal of not just achieving a sound security posture, but effectively maintaining resilience.

The recently released National Cybersecurity Strategy (2025-2031) places a critical emphasis on securing CII, with clear metrics to report, for CII sectors. Built on 5 pillars of governance, digital resilience, innovation, cyber capabilities and collaboration, the strategy provides an effective framework to achieve cyber resilience, as well as lays down the guidelines to implement the strategy. Pillar 2 titled Delivering a safe, secure and resilient digital environment places specific requirements for CII within the government sector.

Several initiatives have been launched as part of implementing the National Cybersecurity Strategy, such as the Cyber Protective Shield, under which critical sectors in the country engage in cyber drills regularly to strengthen defenses and enhance cyber resilience.

Another initiative launched as part of the National Cybersecurity Strategy is the secure supply chain program for government and CII’s, with the aim of ensuring a secure ecosystem of vendors.

One of the most effective ways to strengthen the cybersecurity of CII is through strong public-private collaboration. Governments play a pivotal role in setting cybersecurity standards, regulatory frameworks, platforms for threat intelligence sharing, and responding to major incidents. Meanwhile, private sector organizations, which own and operate much of the infrastructure, bring technical expertise, innovation, and firsthand insight into operational vulnerabilities

Collaborations thrive in an environment of trust. Governments must create safe and legally protected environments where companies can report threats or breaches without fear of reputational damage or regulatory backlash. Likewise, private operators need to proactively engage with government agencies to align their security practices with national standards and participate in coordinated defense initiatives.

Programs such as the UAE’s award winning Cyber Pulse program, the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) have shown the power of this partnership model.

The Cyber Pulse Program which was awarded at the World Summit on Information Society, is a community-focused program that provides awareness to all community segments.

In addition, these federal agencies provide realtime alerts, sector-specific guidance, governance frameworks and training programs that empower CII entities to stay ahead of emerging threats. Countries across the globe can learn from and adapt these models to suit their own unique contexts.

Embracing Innovation and Next-Generation

Technologies

Defending CII requires not just collaboration but also innovation. Cyber threat actors are constantly evolving their tactics, so defenders must stay one step ahead. Integrating emerging technologies such as artificial intelligence (AI), machine learning (ML), and behavioral analytics into cybersecurity frameworks is becoming increasingly essential.

For example, AI-powered intrusion detection systems can analyze massive volumes of network data in real time, identifying anomalies that may signal a breach. Behavioral analytics can detect unusual activity by legitimate users—such as accessing systems at odd hours or transferring large volumes of data—and flag it for investigation. These tools not only improve threat detection but also reduce response time, which is critical in minimizing damage during a cyberattack.

Moreover, innovations like zero-trust architecture—a model that assumes no user or system is inherently trustworthy—can significantly reduce the risk of internal threats. Combined with strong encryption, multi-factor authentication, and micro-segmentation of networks, these technologies create a layered defense approach that makes it harder for attackers to move laterally within a system.

Five Good Practices for Strengthening CII Cybersecurity

1. Implement Continuous Risk Assessments

CII operators must regularly assess and update their understanding of potential vulnerabilities. Risk assessments should consider both external threats and internal weaknesses, including outdated systems or poor access controls. These assessments should feed into a dynamic security strategy that adapts as new threats emerge.

2. Foster a Cyber-Vigilant Culture

Human error remains one of the leading causes of successful cyberattacks. Training employees to recognize phishing emails, use strong passwords, and report suspicious behavior can dramatically improve an organization’s security posture. Cyber vigilance should be part of onboarding, ongoing training, and even executive leadership development.

3. Participate in Information Sharing Networks

No organization has complete visibility into the threat landscape. By joining sector-specific Information Sharing and Analysis Centers (ISACs) or national-level cybersecurity forums, CII entities gain access to real-time threat intelligence, shared experiences, and collective defense strategies. Governments can facilitate these exchanges and provide actionable insights.

4. Establish and Test

Preparedness is key, when dealing with OT/ICS. Every CII organization should have a well-documented and regularly tested incident response plan. This includes roles and responsibilities, communication protocols, legal considerations, and recovery procedures. Simulated cyber drills can help teams respond effectively under pressure.

5. Invest in Secure Design and Resilient Systems

Security should be built into systems from the ground up—not bolted on as an afterthought. Using secure-by-design principles, adopting redundant systems, and maintaining offline backups ensure that services can continue or be quickly restored in the event of an attack. Resilience is just as important as prevention.

Looking Ahead: A National Mission

Securing critical national infrastructure is not just a technical challenge - it’s a national mission that requires vision, leadership, and unity. As cyber threats grow more sophisticated, the lines between civilian, government, and military domains blur. What happens in one sector can have ripple effects across an entire nation.

Therefore, fostering a cybersecurity ecosystem where innovation thrives, collaboration is the norm, and resilience is a shared goal must be the way forward. Governments should lead the charge by setting clear policies, funding research, and building frameworks for cooperation. The private sector should bring its agility, technical talent, and on-the-ground insights. Academia and civil society can contribute with education, research, and community outreach.

Together, we can defend our most vital assets against even the most persistent threats. With the right approach, cybersecurity becomes not just a shield, but a source of national strength, economic stability, and public trust. The future of our critical infrastructure depends on what we do today—and by choosing innovation and collaboration, we are making the right investment for a safer tomorrow.

Siker Believe learn

Siker is a leading cyber security firm specialising in training, consulting, and professional services for industries where security is missioncritical. Since 2013, we have been committed to equipping professionals with the knowledge and skills needed to perform their roles securely, ensuring the protection of Critical National Infrastructure (CNI), Oil & Gas, Nuclear, Government, Water, and Transportation sectors against evolving cyber threats.

Awareness & Training Workforce Development

Empowering engineers, OT professionals, and safety teams with industryleading cyber security knowledge

Our experienced staff will conduct a full Learning Needs Analysis (LNA) or Training Needs Analysis (TNA) Based on the findings we will deliver a suite of training courses to suit all your needs

Consulting & Compliance

Identifying vulnerabilities, ensuring compliance, assessing against risk frameworks and strengthening security posture

WHY SIKER?

OT & IT Security Integration

Bridging the gap between IT and Operational Technology for comprehensive protection

ining – Practical cyber security education tailored for engineers and safety professionals

c Expertise – Deep understanding of CNI, Oil & Gas, and OT environments

Track Record – Trusted by governments and high-risk industries

Global Reach – Expanding into Middle East, North Africa, Europe and beyond

info@sikercyber com

https://sikercyber com

@sikercyber

https://www linkedin com/company/siker-cyber

https://www facebook com/SikerCyber

https://www youtube com/@SikerCyber2013

In the context of CNI organizations, particularly smaller or less mature ones, Stuart’s primary call to action is clear: focus on workforce development.

“The most important thing any organization can do is invest in their people,” he asserts. “Technology and frameworks are essential, but the human element is often the weakest link in cybersecurity. A welltrained workforce is your first line of defense.”

He also stresses the need for organizations to conduct a thorough, baseline assessment of their cybersecurity capabilities.

“People are often the first line of defense—and the last line of defense,” Stuart notes.

“While technology plays an important role, it’s the people who ultimately determine whether an organization can effectively detect and respond to cyber threats.” This emphasis on workforce development has been a central tenet of Siker’s success in helping organizations improve their cybersecurity posture.

Stuart also points out that creating a culture of cybersecurity is crucial.

“Cybersecurity training is often seen as a chore, but we aim to change that perception. We want to make it exciting and at the forefront of people’s minds,” he says. “When the culture changes, organizations are better prepared to prevent incidents before they happen.”

Steps to Improve Cybersecurity Resilience

For organizations looking to improve their cybersecurity resilience, Stuart suggests a few key steps.

“The first step is to assess the capabilities of your current workforce. Develop a plan for training and development that addresses both immediate and long-term needs,” he advises. This includes not only technical skills but also role-specific competencies, awareness campaigns, and mentoring programs.

A second important step is conducting a comprehensive assessment of the organization’s current cybersecurity posture.

“Even small businesses should take the time to identify existing vulnerabilities and understand their risk exposure,” Stuart advises. “Having a baseline cybersecurity framework, like Cyber Essentials in the UK, is a good place to start.It helps organizations identify weaknesses and make improvements before they face a major incident.”

Practical Recommendations for CNI Organizations

“Knowing where you stand is essential to improving your posture. Even small organizations can take simple steps, like adopting Cyber Essentials or performing internal assessments, to identify and mitigate risks,” he adds.

Looking Forward: Building a Resilient Digital Future

As Stuart prepares to attend GISEC, he reflects on the future of cybersecurity within CNI.

“As we move forward, the development of a skilled and resilient workforce will be fundamental to keeping critical infrastructure safe,” he says. “This is not just about responding to today’s threats but about preparing for the challenges of tomorrow.”

With nations like the UAE focusing on cybersecurity as a key component of their digital growth strategies, Stuart believes that a forward-thinking approach is essential.

“The UAE’s National Cyber Security Strategy, which focuses on capacity building, protection, and governance, is a prime example of how countries are recognizing the importance of cybersecurity at a national level. We must continue to evolve and develop the people who protect our digital infrastructure.”

Conclusion: The Path to Resilience

The protection of Critical National Infrastructure is not just a technical challenge—it’s a cultural, organizational, and human challenge. As organizations continue to face increasingly sophisticated threats, it is crucial to invest in workforce development, assess existing cybersecurity practices, and adopt a proactive approach to protecting digital systems. By addressing both technological and human factors, organizations can build a resilient cybersecurity posture that can withstand the evolving threat landscape.

What Benefits Does GRC Bring

To an Organisation’s Information Security?

Great question! The simple answer is: “Many.” However, let’s elaborate. The primary benefit lies in having a dedicated business area whose main purpose is to Support the Organisation by ensuring alignment with business policy requirements. These requirements are set up to ensure compliance and mitigate risks.

GRC also helps with the alignment and adoption of industry best practices, such as ISMS (Information Security Management Systems), as well as operational and legal requirements. This contributes to enhancing the organisation’s trustworthiness and maintaining a competitive advantage. The scope of GRC varies from company to company, as it is tailored to each organisation’s specific business area and regulatory environment.

One of the biggest advantages of GRC is the structured application of Risk Management. A wellimplemented Risk Management framework systematically identifies and mitigates security risks. If an organisation conducts regular security assessments, these help to detect and address vulnerabilities before they can be exploited, thus minimising their potential impact on business operations.

Additionally, a risk-based approach allows management to make informed decisions based on their risk appetite and loss tolerance. Effective Risk Management practices are invaluable to an organisation, as they provide management with a comprehensive set of data. As a result, operational decisions can be evaluated based on reliable, trustworthy information.

Another benefit of GRC is its role in aiding Regulatory Compliance. GRC helps ensure adherence to industry standards, such as those for information security (e.g. ISMS), as well as various legal requirements. This is particularly important for organisations operating under scope of national security frameworks, like NIS2, or those subject to privacy regulations such as the EU’s GDPR. The upcoming benefits will extend to AI governance under the EU’s AI Act (AIA) and future global AI regulatory developments.

Susanne Bitter

Information Security and GRC Specialists

GRC will push the organisation forward in meeting these requirements, as the team will proactively research and prepare for them—something an organisation without such a function might struggle to do. GRC provides an overall umbrella, offering sought-after evidence to support compliance with any requirements that may arise as part of businessas-usual (BAU) operations or regulatory audits. This can be considered both effective and timeefficient. As GRC is centred around policies, processes, evidence, and auditing adherence to these, it supports the automation of audits to meet standards such as PCI DSS or HIPAA. This, in turn, reduces the risk of non-compliance penalties, which can be costly.

Moreover, GRC ensures that Policies and Security Controls are consistently followed across the organisation, maintaining alignment. It specifies and enforces regular training requirements, and may even aid in automating policy enforcement—such as ensuring employees follow data security best practices. While the implementation of controls is often the responsibility of technical teams, GRC provides organisation-wide assurance that the controls are functioning as intended and are continually achieving the outcomes they were designed to deliver.

In an era where cyber-attacks are inevitable and faced regularly by companies, GRC plays a vital role in providing a framework for responding to security breaches.

It also offers learning opportunities and potential improvements within incident response planning. A structured approach to Incident Response helps mitigate the impact of an incident (e.g. a cyber-attack) quickly and, likely, more efficiently.

GRC can also help an organisation define and enforce Security Requirements for Suppliers. These requirements serve as guidelines or boundaries within which the supplier must operate to meet business expectations, ensuring good security hygiene across the entire lifecycle of the business relationship, particularly in shared processes. Many companies fail to establish operational or security requirements for suppliers and other relevant third parties involved in their business operations—such as those required by ISMS—and are then left at the “mercy” of the supplier to support the common goal.

Recently, supply chain management has been introduced as a requirement in many new regulations and laws, which is widely welcomed. However, there is no one-size-fits-all approach to doing this effectively. Having clear criteria, shared values, and a selective approach to choosing suppliers is highly recommended, rather than simply opting for the “cheapest option.” Third-Party Risk Management (TPRM), also known as Supply-Chain Risk Management (SCRM), supports GRC efforts and could even be incorporated into the GRC area if deemed appropriate.

GRC often centralises data, which enhances Visibility, Reporting, and overall Monitoring capabilities, thereby enabling better decisionmaking. Well-defined dashboards provide real-time insights into the organisation’s security posture, allowing for faster corrective actions.

There are many benefits to GRC, and it is ultimately up to each organisation to decide how much it can leverage what GRC has to offer. A well-embedded GRC function could become a significant Enabler of Business Growth and a valuable resource for many organisations.

To find out more about your GRC requirements email : thomas@ospcyberacademy.com

TRANSFORM YOUR BUSINESS WITH GRC WORKSHOPS

RISK MANAGEMENT APPROACH

ISMS & PIMS, RELEVANT FRAMEWORKS & BEST PRACTICES

SETTING UP GOVERNANCE WITHIN YOUR ORGANISATION

COMPLIANCE EFFORTS

For asset owners in industries that rely heavily on OT systems, cybersecurity can seem like a daunting task. Saltanat recommends that the first step in any cybersecurity journey is to gain a comprehensive understanding of the risks and vulnerabilities within the OT environment.

“If you understand the importance of OT cybersecurity but don’t know where to begin, the first step is to conduct a risk assessment. This allows you to identify critical assets, assess vulnerabilities, and prioritize areas that need attention.”

Many asset owners struggle with the complex and specialized nature of OT systems, which may not be familiar to traditional IT teams. “One of the biggest challenges for organizations is the lack of integration between IT and OT teams. OT systems often operate in isolation, which means that there is a disconnect when it comes to securing these systems,” Saltanat points out. “To bridge this gap, it’s essential to have a cross-functional team that includes both IT and OT experts working together.”

Saltanat also emphasizes the importance of adopting a layered security approach. “A successful OT cybersecurity program should involve multiple layers of protection. This includes everything from network security to physical security and employee training. By securing each layer, organizations can significantly reduce the risk of a successful attack,” she explains.

Governance, Risk, and Compliance: The Foundation of a Strong Cybersecurity Program

In OT cybersecurity, governance, risk management, and compliance (GRC) are the pillars of a robust cybersecurity program. “Governance is critical for setting the direction and strategy for cybersecurity within an organization,” Saltanat notes. “Risk management helps identify potential threats and vulnerabilities, while compliance ensures that the organization is adhering to industry regulations and standards.”

A strong governance framework ensures that cybersecurity is an ongoing priority at every level of the organization. “It’s essential to have a governance structure in place to support decision-making, enforce policies, and allocate resources effectively,” she says.

“Risk management and compliance go hand in hand. While risk management focuses on identifying and mitigating potential threats, compliance ensures that the organization meets the required standards.”

Saltanat highlights that successful cybersecurity programs align with industry regulations and standards.

“For example, compliance with frameworks such as ISO 27001 and NIST Cybersecurity Framework is vital for OT environments. These frameworks provide a structured approach to managing cybersecurity risks and ensure that organizations are meeting international cybersecurity best practices.”

What Does a Successful Cybersecurity Program Look Like?

A successful OT cybersecurity program goes beyond compliance—it’s about creating a culture of security and resilience. “A successful program is not just about installing firewalls and intrusion detection systems. It’s about embedding cybersecurity into the organizational culture and operations,” Saltanat explains.

Saltanat also points to Honeywell’s role in helping organizations improve their cybersecurity posture.

“Honeywell’s expertise in both IT and OT cybersecurity is invaluable. They offer a comprehensive approach that includes everything from risk assessments to implementing advanced security solutions. Honeywell can help organizations understand their vulnerabilities and create a roadmap to enhance their cybersecurity defenses.”

Call to Action: Engaging with Honeywell and Starting Your Cybersecurity Journey

Saltanat concludes with a call to action for organizations looking to improve their cybersecurity resilience.

“If you’re an asset owner unsure of where to start, I recommend engaging with your Honeywell account representative or visiting their website to learn more about how they can help you. Honeywell’s solutions provide a strategic approach to cybersecurity, helping organizations protect their critical infrastructure from evolving threats.”

By taking the first step toward OT cybersecurity, organizations can ensure the integrity of their critical systems and safeguard against potential cyber risks.

“The digital landscape is changing rapidly, and with it, the threat landscape. Now is the time for asset owners to take proactive steps to secure their OT systems and future-proof their cybersecurity strategies,” Saltanat concludes.

Spotlight on a Cyber Leader

In the fast-evolving world of cybersecurity, few professionals possess the unique blend of expertise, resilience, and international influence that defines Betania Allo.

A formidable figure in the realms of cyber law, policy, and governance, Allo has made a name for herself as a sought-after speaker, trusted advisor, and pioneering thought leader. Her journey—spanning six continents, multiple industries, and the highest levels of government—tells a story of breaking barriers and redefining the cybersecurity landscape.

Hailing from Buenos Aires, Argentina, Betania has carved an exceptional path in the field of cybersecurity governance. With a legal background but an engineering mindset, she has spent over a decade navigating the intersections of law, technology, and public policy. She is not only an accomplished cybersecurity lawyer but also a distinguished academic, with Harvard and Syracuse degrees and soon to complete her Doctor of Engineering in Cybersecurity Analytics at The George Washington University.

Meet Betania Allo: The Global Cybersecurity Strategist Governments and Industry Leaders Trust

Her professional trajectory is nothing short of remarkable. She has worked for the United Nations, the Organization of American States, the Government of Buenos Aires, advised multinational corporations, and played a crucial role in shaping cybersecurity policy in Saudi Arabia. Her expertise has led her to launch her own business, BA Cyber Law & Policy, developing regulatory frameworks, managing large-scale cybersecurity initiatives, and consulting for Fortune 500 companies on AI ethics, cyber resilience, and governance.

Allo’s reputation as a thought leader has solidified her presence on the global stage. She has been invited to speak at some of the most prestigious cybersecurity and AI conferences across the Middle East, Europe, and beyond. Among her recent appearances are the World Summit on the Information Society (WSIS) and AI for Good in Geneva, the International Cyber Risk Conference in Aberdeen, Scotland, and the Global Cybersecurity Forum and Black Hat in Riyadh. These high-level engagements underscore her influence in both technical and policymaking circles.

In the Middle East, her impact has been particularly pronounced. As a cyber strategist in Saudi Arabia, she has actively contributed to the Kingdom’s Vision 2030 initiatives, aligning cybersecurity governance with the country’s ambitious digital transformation goals. Her fluency in bridging cultural and regulatory divides has made her a trusted voice for both industry and government leaders in the region.

Technology at large remains a field where women, particularly in leadership roles, are underrepresented. Yet, Allo has consistently defied norms, earning recognition as a trailblazer in cybersecurity governance and risk management. Her leadership in projects involving AI security, smart cities, and counterterrorism technology has not only advanced industry standards but also demonstrated the importance of diverse perspectives in shaping the future of the industry.

One of her landmark achievements was leading a global working group on Securing the Future of Urban Living, bringing together experts from around the globe to design cybersecurity frameworks for smart cities.

His Excellency Dr. Mohamed Al-Kuwaiti, Head of the UAE Cybersecurity Council

National Cyber Security Strategy for the UAE 2025-2031

“Our vision is to be the innovative global leader in cyber security and deliver a safe, secure, and resilient digital ecosystem, enabling the UAE, its society, and economy, to flourish”

NATIONAL CYBER SECURITY STRATEGY FOR THE UAE 2025 – 2031

The United Arab Emirates (UAE) has made significant strides in the realm of cyber security, consistently featuring in the list of the most secure countries globally. Our focus on cyber security is a testament to our nation’s unwavering commitment to securing our digital landscape and creating a secure environment for our people and economy to prosper.

However, we recognize that in the rapidly evolving world of technology, we must continuously adapt and refine our approach to cyber security to counter those threat actors that seek to cause harm to the UAE, and its society more broadly. Since the launch of our previous cyber security strategy in 2019, the world has undergone profound changes, presenting new challenges and opportunities.While the key tenets of our strategy remain unchanged, we have refocused our efforts to address 6 Government the evolving threat landscape and align with our nation’s ambitious goals.

The UAE is determined to position itself as a global leader and digital hub, driving innovation and embracing emerging technologies. As we evolve on our digital transformation journey, through the digitalization of government services and within critical segments of industry, the importance of robust cyber security measures cannot be overstated.

As an early adopter and investor in cutting edge technologies, particularly in the f field of artificial intelligence (AI), we recognize the critical role that cyber security plays in ensuring the integrity, confidentiality, and availability of our digital assets.

Our refreshed national cyber strategy outlines a comprehensive framework for protecting our digital infrastructure, safeguarding our citizens’ data, fostering a culture of cyber security awareness, and building national cyber capabilities to respond to evolving threats.

By implementing advanced security measures, promoting public private partnerships, and investing in research and development (R&D), we aim to create a resilient and secure digital ecosystem that enables us to harness the full potential of emerging technologies while mitigating the associated risks.

In addition to our domestic efforts, the UAE is committed to its responsibility and role on the global stage in the field of cyber security. We actively participate in international forums, contribute to the development of global cyber security standards, and collaborate with like-minded nations to address transnational cyber threats.

By sharing our expertise, experiences, and innovative solutions, we seek to shape the global cyber security landscape and cement our position as a thought leader in this critical domain. As we move forward, we remain committed to collaborating with our international partners, sharing best practices, and contributing to global efforts on cyber security. Our strength comes from unity and a collaborative approach to cyber security.

UAE vision

statement is driven by this strategy, that places

trustworthy innovation

at its core.

By working together across the Emirates, we will strengthen the security of our nation. We invite all stakeholders – government entities, private sector organizations, academia, global partners, and our citizens – to join us in this vital endeavour. By working together, we can realize our vision of a digitally empowered, safe, secure, and prosperous UAE

STRATEGY OVERVIEW

“Our vision is to be the innovative global leader in cyber security and deliver a safe, secure, and resilient digital ecosystem, enabling the UAE, its society, and economy, to flourish”

The UAE is already recognized as a global leader in cyber security, however, our National Cyber Security Strategy outlines a vision to be the global leader in cyber security innovation: securing the UAE’s use of innovative technologies, such as AI, while simultaneously harnessing these technologies to protect, deter, detect, respond to, and rapidly recover from malicious attacks.

This vision of trustworthy innovation places the security of our society and economy at center stage, extending the long tradition of the UAE being a safe environment for its citizens, residents and visitors to prosper.

The UAE is ideally placed to fulfil this role on the global stage, given the UAE’s broader economic vision and strategy to be a leading regional and global digital hub, fuelled by innovation and the skills that drive it. Cyber security will play a fundamental role in enabling this economic growth, by delivering a thriving, secure and highly resilient digital ecosystem built on strong foundations of technical skill and academic excellence. The UAE believes tT]]]

That this vision cannot be achieved alone. Due to the highly interconnected global digital infrastructure, as well as the global nature of cyber threat actors and the attacks that they launch, cyber security is fundamentally a global challenge that must be tackled as one. The UAE will play its part as a key enabler and leader in this global cyber security community, building strong links with regional and global institutions that make our world a safer, more sustainable and secure place; not only for ourselves, but for future generations to come.

NATIONAL CYBER SECURITY STRATEGY FOR THE UAE 2025 – 2031 (CONTD:)

The UAE National Cyber Security Strategy serves as a comprehensive roadmap for securing our digital future.

FIVE PILLARS HAVE BEEN IDENTIFIED THAT PROVIDE A COMPREHENSIVE FRAMEWORK FOR DIRECTING CYBER SECURITY EFFORTS IN THE UAE TO MEET OUR STATED VISION.

01

ESTABLISHING HIGHLY EFFECTIVE AND COHESIVE CYBER SECURITY GOVERNANCE

Establishing a cohesive and effective cyber security governance structure is crucial to ensure a coordinated and harmonized approach to cyber security across the nation. This pillar aims to provide clarity, eliminate overlaps, and promote collaboration among various entities at the federal, sectoral and emirate levels. By rolling out a comprehensive governance and assurance framework, the UAE will continue to strengthen its overall cyber security posture by fostering a collaborative approach to governing existing and emerging technologies in priority areas such as AI and sustainability across all levels of the UAE’s cyber security ecosystem.

To Govern

• Roll-out of a comprehensive cyber security governance and assurance framework across the UAE ecosystem.

• Promote a trusted UAE ecosystem through accreditation and cyber hygiene programs for UAE entities.

• Establish a collaborative and inclusive approach to governing the security of existing and emerging technologies.

02

DELIVERING A SAFE, SECURE AND RESILIENT DIGITAL ENVIRONMENT.

Delivering a secure, sustainable and resilient digital environment is fundamental to the UAE Vision 2031, which puts economic growth and digital transformation at the heart of the UAE’s future. This aim of a safe, secure, and resilient ecosystem will be achieved through strong coordinated collaboration of technical capabilities at the federal, emirate, sector, and Critical Information Infrastructures (CIIs), that seamlessly integrate to not only protect the populace and critical assets from cyberattacks but also rapidly identify and respond to.

To protect and defend.

• Strengthen the UAE’s comprehensive situational awareness through national detection, monitoring and information sharing capabilities.

• Boost the UAE’s resilience by enhancing CII and government entities ability to protect, prepare for, respond to and recover from cyber-attacks .

• Secure the UAE populace from common cyber threats to protect citizens’ social and financial well-being.

• Nurture a globally competitive and diversified UAE cyber workforce through upskilling for existing professionals & focused groups.

03

ENABLING THE RAPID AND SECURE ADOPTION OF INNOVATION.

Innovation is a key pillar of the 2031 Vision and an enabler of a flourishing economy and society. To enable this innovation and harness the full potential of emerging technologies such as AI, it is essential to prioritize their safe and secure adoption. This pillar focuses on anticipating, assessing, and mitigating security and privacy concerns associated with these technologies to accelerate their secure adoption across the UAE. By stimulating research and development (R&D) in cyber security innovation and investing in the necessary talent and infrastructure, the UAE will position itself as a leader in trusted innovation.

To Innovate.

• Prioritize the safe and secure adoption of technologies in areas of interest such as AI and sustainable technology by anticipating assessing & mitigating related security & privacy concerns.

• Stimulate research and development for cyber security by investing in the people, industries and technologies that are key to the UAE’s success in securing the innovation agenda.

04

STRENGTHENING NATIONAL DIGITAL AND CYBER CAPABILITIES.

Developing strong national digital and cyber capabilities is essential for the UAE to maintain its sovereignty and achieve its vision of becoming a global digital hub. This pillar focuses on enhancing the UAE’s data, operational, and technical maturity while fostering a vibrant ecosystem of technology providers. Additionally, by promoting entrepreneurship, education, and talent in the cyber security domain, the UAE aims to build a robust and sustainable foundation to secure its digital future.

To Build.

• Further develop national Emirati capabilities to enhance UAE data, operational and technical maturity.

• Accelerate the UAE’s journey towards a global digital hub by fostering cyber security entrepreneurship and education, attracting talent, and promoting a vibrant cyber security marketplace.

05

FOSTERING NATIONAL AND INTERNATIONAL COLLABORATION AND PARTNERSHIPS.

Cyber security is a global challenge that transcends borders. To effectively combat transnational cyber threats and promote a secure cyberspace, the UAE must actively engage in regional and international collaboration. This pillar emphasizes on the importance of engaging with strategic partners, delivering sustainable capacitybuilding projects, and scaling publicprivate partnerships to harness collective strength to drive cyber security solutions. By fostering strong national and international partnerships, the UAE will contribute to a more secure and resilient global cyber ecosystem.

ABOUT THE CYBER SECURITY COUNCIL.

• Strengthen regional and international collaboration to promote a secure cyber space and counter transnational cyber threats.

• Deliver sustainable cyber security capacity building projects regionally and internationally and engage in mutual assistance agreements with strategic international partners.

• Scale private-public partnerships in cyber security to develop technical and interoperable cyber security solutions.

CONCLUSION

The UAE National Cyber Security Strategy serves as a comprehensive roadmap for securing our digital future. It is a call to action for all stakeholders, including government entities, private sector organizations, and residents, to collaborate and contribute to our collective cyber security efforts.

As we embark on this journey, we must remain vigilant, adaptable, and committed to building a resilient and secure digital ecosystem that enables us to harness the full potential of emerging technologies while safeguarding our national interests. By working together, we can create a prosperous and digitally empowered nation that stands at the forefront of the global cyber security landscape

To download your entire copy of the National Cyber Security Strategy of UAE 2025 – 2031 scan QR code.

The Cabinet of the UAE formed the Cyber Security Council in 2020 to support the UAE’s commitment to achieving a safer digital transformation. It is headed by H.E. Dr. Mohammed Hamad Al Kuwaiti and comprises a variety of federal and local authorities in the UAE. The Council is tasked with developing legislative and regulatory frameworks that address various cyber security issues, including cybercrime, as well as securing present and upcoming technologies.

“Data protection is a business-wide issue that affects every department, from marketing to HR. GDPR makes it clear that this is essential to the integrity and reputation of the organisation,” says Irene.

For Irene, a key component of effective data governance is having a dedicated data protection officer (DPO).

“A DPO plays a crucial role in ensuring that an establishment adheres to GDPR principles. It’s not something that can be tacked onto someone’s existing responsibilities,” she explains. “Without a dedicated DPO, organisations struggle to demonstrate the level of accountability that GDPR demands.”

Irene describes the importance of mapping data flows:

“GDPR forces companies to trace the entire journey of their data—from collection to storage, sharing, and disposal. This mapping process is not only essential for compliance but also for strengthening an organisation’s overall data governance framework.”

GDPR

vs. CCPA: Key Differences

Comparing GDPR with other privacy laws, such as the California Consumer Privacy Act (CCPA), highlights some key differences. While both laws aim to protect personal data, GDPR takes a more comprehensive approach.

“GDPR requires opt-in consent, whereas CCPA allows individuals to opt out of data sales. This is a fundamental difference because opting in ensures that the individual is fully aware and in control of how their data is used,” Irene explains.

Furthermore, GDPR introduces the concept of “privacy by design,” meaning that privacy must be integrated into the development of new products and services from the very beginning. Irene underscores this by saying,

“GDPR doesn’t allow organisations to scramble to comply at the last minute. Privacy must be embedded in the design process from day one. It’s about proactively protecting data, not reacting to issues after the fact.”

Another critical distinction between GDPR and CCPA is GDPR’s extraterritorial scope.

“Even if a company is based outside the EU, if they process the personal data of EU citizens, they must comply with GDPR. This global reach is something that other regulations, like CCPA, don’t have,” Irene notes.

“This extraterritorial reach ensures that organisations worldwide are held to the same high standards of data protection, which is crucial for the digital economy.”

Looking Ahead: The Future of Data Protection

This global reach is something that other regulations, like CCPA, don’t have, Irene notes.

“This extraterritorial reach ensures that organisations worldwide are held to the same high standards of data protection, which is crucial for the digital economy.” she says.

As Irene prepares to attend the GISEC Conference in Dubai, she reflects on the future of data protection and GDPR’s continuing evolution.

“The world is changing rapidly, and data protection must evolve with it. GDPR has set the foundation, but it’s important for organisations to continue to adapt and embrace data protection as a core business value,” she says.

At OSP Cyber Academy, Irene and her team are helping companies navigate the complexities of GDPR compliance and data protection training.

“We’re seeing a real shift in how organisations approach data protection. It’s no longer seen as a regulatory hurdle but as a strategic asset that can enhance brand value and build consumer trust,” Irene adds.

Looking ahead, GDPR is likely to remain the global standard for data protection, influencing not just new regulations but also the way businesses think about data.

“GDPR has set the bar for data privacy, and it’s up to all of us to ensure that we continue to meet and exceed those expectations,” Irene concludes.

Industrial Cybersecurity Intelligence for a Resilient and Sustainable Energy Future

As the world advances toward electrification, digital transformation, and smart energy systems, the stakes for securing critical infrastructure have never been higher. From renewable energy and Battery Energy Storage Systems (BESS) to AI data centres, EV charging networks, and eMobility in smart cities, these technologies are reshaping how we generate, store, and consume energy. Leading this global movement, the United Arab Emirates (UAE) stands as a beacon of innovation and clean energy leadership.

With this progress comes a pressing reality: traditional industrial cybersecurity approaches can no longer keep pace. These advanced and highly interconnected systems introduce new levels of complexity and vulnerability. Cyber threats targeting smart critical infrastructure can cause cascading failuresdestabilizing power grids, disrupting essential services, and threatening national security, economic resilience and public trust.

The UAE’s energy transition is bold, transformative, and accelerating. But its long-term sustainability depends on a new approach to cybersecurity - one that moves beyond outdated methods and embraces Industrial Cybersecurity Intelligence (ICI).

Industrial Cybersecurity Intelligence is the cornerstone of a secure energy future. It fuses real-time operational visibility with AI-powered prevention, detection, and response capabilities, enabling proactive protection of vital systems. Through Industrial Cybersecurity Intelligence, the UAE can safeguard its energy assets, uphold public confidence, and strengthen its position as a global leader in resilient and sustainable energy innovation.

The message is clear: the energy transition must be intelligent - and to be intelligent, it must also be secure.

The Role of Industrial Cybersecurity Intelligence in the UAE’s Energy Transition

“Innovation without cybersecurity is risk.Innovation wirth industrial cybersecurity intelligence is resilience.”

For the UAE, this intelligence isn’t just a technical advantage - it’s a national imperative. By embedding ICI into energy operations, the UAE is creating not only advanced energy infrastructure, but truly resilient, intelligent ecosystems prepared for the future.

Empowering a Secure Energy Transition in the UAE

With a bold national vision and a deep commitment to future-forward strategies, the UAE is rapidly advancing its clean energy, AI-driven infrastructure, and smart mobility goals. But one thing is clear: sustainability is not possible without Industrial Cybersecurity Intelligence (ICI).

Recognizing this, the UAE’s National Cybersecurity Strategy places critical infrastructure protection at the center of national resilience. The strategy’s five pillars form a comprehensive foundation to guide cybersecurity efforts across all sectors, ensuring alignment with the country’s broader development and sustainability goals.

Industrial Cybersecurity Intelligence (ICI) empowers all stakeholders - energy providers, regulators, operators, and innovators – with real-time visibility needed to safeguard these evolving systems while continuously strengthening their operations.

With ICI, the UAE isn’t just building smarter infrastructure - it’s building a more secure, resilient future. It is positioning the UAE as not only a global sustainability leader, but also a global resilience leader.

A Collaborative Effort: Aligning with the UAE National Cybersecurity Strategy

Securing the UAE’s energy future requires more than advanced technology - it demands shared vision, national alignment and

“Industrial Cybersecurity Intelligence is the foundation of a resilient and sustainable energy future.”

The UAE’s National Cybersecurity Strategy offers a clear roadmap to protect critical infrastructure and enable secure digital transformation.

Industrial Cybersecurity Intelligence (ICI) directly supports this vision, reinforcing all five pillars of the strategy — from resilience and innovation to international collaboration.

By aligning with the National Cybersecurity Strategy and embracing ICI, the UAE strengthens its position as a global leader in secure, sustainable energy transformation.

Investing in Industrial Cybersecurity Intelligence Is Investing in the UAE’s Future

As the UAE leads in clean energy, AI, and smart infrastructure, protecting these advancements is a national priority. Investing in Industrial Cybersecurity Intelligence (ICI) means ensuring the resilience, reliability, and long-term success of these efforts.

The UAE has boldly advanced renewable energy and digital innovation - now it must match that progress with intelligent, proactive cybersecurity practices. ICI transforms protection from reactive to strategic, turning data into resilience.

By embracing Industrial Cybersecurity Intelligence (ICI), the UAE reinforces its global leadership in sustainable development, showing the world that innovation and cybersecurity must move forward together.

Conclusion: Securing the Future of Energy, Together

Investing in Industrial Cybersecurity Intelligence (ICI) is not just smart strategy - it’s essential to the UAE’s energy future. As the nation leads in clean energy and AI-powered infrastructure, cybersecurity must keep pace.

By aligning with the UAE’s National Cybersecurity Strategy, ICI becomes a strategic enabler for the nation’s energy vision delivering capabilities required to provide resilience, protects national investments, and transforms industrial cybersecurity into a driver of innovation and sustainability.

With strong and visionary leadership, and a culture of innovation, the UAE sets the standard for cybersecurity in smart energy ecosystems - not only for today, but for generations to come.

Let’s utilize the power of Industrial Cybersecurity Intelligence (ICI) to build a resilient and sustainable energy future - for the UAE, and for the world.

Author: Goran Novkovic, P.Eng. –Head of Industrial Cybersecurity – CEGENCE

Executive Summary

As the United Arab Emirates (UAE) accelerates its energy transition through electrification, renewable energy, AIpowered infrastructure, and smart mobility, traditional cybersecurity approaches are no longer sufficient to protect its rapidly evolving critical infrastructure.

This article introduces Industrial Cybersecurity Intelligence (ICI) as a transformative approach that fuses realtime operational visibility, AI-driven threat detection, and predictive capabilities to secure complex, interconnected energy systems. Aligned with the UAE’s National Cybersecurity Strategy, ICI empowers national stakeholders to protect energy investments, uphold public trust, and drive innovation with confidence. By embracing ICI, the UAE reinforces its global leadership in sustainable, secure, and intelligent energy ecosystemsproving that in the future of energy, security is not optional, it is foundational.

Suggested Pull Quotes for ARTCILE:

“The UAE is building the future of energy and it’s securing it with intelligence, leadership, and vision.”

“The UAE is a global leader in electrification and sustainability, and it’s leading the way in industrial cybersecurity innovation.”

“Industrial Cybersecurity Intelligence turns operational data into UAE’s national advantage.”

Uk Cyber Security

Training company OSP Cyber Academy expanding into the Middle East.

OSP Cyber Academy, a globally recognised UK NCSC-accredited leader in cyber security awareness training, have announced a strategic partnership with Bahrain’s National Cyber Security Centre (NCSC) to deliver cyber safety education to 70,000 students across the Kingdom.

The partnership introduces culturally tailored, gamified cyber awareness courses designed to enhance student’s understanding of digital citizenship and cyber security best practices. There are a total of four interactive courses that have been developed to provide dedicated cyber awareness training for 70,000 children, tailored to age groups 6–8, 9–11, 12–14, and 15–17.

The courses feature avatars of both a boy and a girl guiding learners through real-world online safety scenarios set against digital environments inspired by key Bahraini landmarks.

OSP Cyber Academy Cyber Awareness Courses Integrated into Bahraini School Curriculum

Gamified training to equip 70,000 students with vital cyber safety skills in partnership with Bahrain’s National Cyber Security Centre

With engaging question prompts and interactive learning, the platform ensures high knowledge retention in a fun and relatable way.

This initiative is launched in collaboration with His Excellency Sheikh Salman bin Mohammed AlKhalifa, CEO of NCSC Bahrain, and builds upon OSP Cyber Academy’s longstanding engagement with the Kingdom.

OSP Cyber Academy hosts the UK pavilion at the Arab International Cyber Security Summit (AICS) in Bahrain every year, and it also achieved a Guinness World Record at the event in 2023 for the ‘Most People to Take an Online Internet Safety Lesson in 24 hours’.

During the challenge, 1550 people from 44 countries completed the lesson in 24 hours, turning the day into the world’s largest ever cyber security training event.

The new school curriculum has been crafted by OSP’s team of expert educators and cyber professionals, many of whom come from policing and teaching backgrounds. Their unique experience ensures that the courses effectively educate children on the threats of the digital world, all while keeping learning engaging through interactive gaming methods.

We are absolutely delighted to announce our new partnership with NCSC Bahrain and to bring our online courses to such an important demographic. Children grow up in a digital world and it is vital they know how to navigate the environment safely. Whether it’s learning, socialising, playing games or interacting with friends, the online world hosts a huge proportion of a child’s life.

We must ensure that children understand the risks that lurk online, have the ability to spot danger and understand security best practices. Our courses have been designed specifically to suit these needs but in a format that is enjoyable for children. The games are interactive, fun, but they also provide guidance for children which will help keep them safe online, said Tommy McCarthy, CEO of OSP Cyber Academy.

This initiative aligns with the Kingdom of Bahrain’s vision of creating a digital society and a secure cyberspace, and it is expected to create new opportunities for educational initiatives and sustainable cyber security policies.

H.E. Sheikh Salman emphasized that the agreement to develop an interactive e-curriculum for school students, as part of this partnership, will play a key role in raising cyber security awareness among future generations from early educational stages.

This initiative supports the resilience of the digital society and establishes a sustainable cyber culture that aligns with national and international priorities for technological empowerment and responsible digital transformation.

We are delighted to be working so closely with NCSC Bahrain and their team to ensure that we deliver exactly what is required, OSP are also looking forward to officially opening our first office in the region in 2026 said Thomas McCarthy CEO and Founder of OSP Group Limited.