In November 2020, the UAE Cabinet established the UAE Cyber Security Council to develop a comprehensive cybersecurity strategy and create a safe and strong cyber infrastructure in the UAE.

As a part of the UAE Cabinet’s vision to strive toward a more secure digital transformation, the Cyber Security Council is headed by the UAE Government’s Head of Cyber Security. The Council is tasked with contributing to the development and creation of the Nation’s legal and regulatory frameworks covering cybersecurity as well as securing existing and emerging technologies. The Council is also responsible to build a vibrant ecosystem for cyber security across UAE driving innovation and stimulate economic growth in cyber through collaboration and partnerships with industry, academia and international cyber diplomacy. The Council is also responsible to pioneer and implement awareness & capacity development initiatives across UAE to enhance to safety and security of the UAE populace, in line with the UAE leadership’s vision for the nation.

The Council is working towards building an effective cyber security ecosystem across the UAE. The main responsibilities of the council can be categorized across the below:

• National Cyber Strategy, Policy & Standards
• Critical Information Infrastructure Protection (CIIP) Program
• Cyber Assurance Program
• Cyber Advisories
• National SOC (NOSC)- Cyber Fusion Center
• Advanced Cyber Incident Response, Threat Intelligence Sharing and Resilience
• National Cyber Accreditation Program and Trust Framework
• Innovation in Cyber
• International and Domestic Collaboration and Public Private Partnership Programs
• Cyber Education and Skills Program

The Council is leading the “National Cyber Capacity Building” initiative in the UAE, a multipronged program addressing several crucial aspects for improving the nation’s cyber resilience and strengthening the overall cyber security posture. The program addressed key milestones across five main dimensions namely:

• Cyber culture and awareness
• Cyber skills development
• Cyber technology and infrastructure improvement
• Cyber policy framework enhancement
• Cyber collaboration

The Council has a structured framework for addressing cyber security incidents which is outlined in the National Cyber Security Incident Response Framework and Plan. The framework and plan cater for the following:

• Institutionalize and enforce a national capability and establish a cyber incident response community to manage major cyber incidents, including identifying the roles and responsibilities of participating entities in response operations and raising the readiness of entities to respond to cyber-attacks.
• Unify the concept of managing cyber incident response between relevant entities at the national level in the UAE and increase awareness by conducting exercises between entities to respond to cyber-attacks.
• Integrate this capability in the relevant UAE national security and national crisis management institutional context.
• Define the cyber situational awareness and coordination essential for effective cyber incident response.
• Raise awareness of national cyber incident management capabilities and processes; and
• Inform incident response processes at the entity, sector, and national levels.

The Council has outlined comprehensive plans and information sharing capability to build situational awareness in the UAE. This involves collaboration with federal & emirate level entities involved in cyber security and encompasses sectoral insights towards combatting cyber threats. Another aspect is the regulatory and law enforcement participation in cyber security threat environment through deterrent and punitive measures against cyber threats.