close icon

Cyber Incident Response Framework

Cyberspace supports diverse activities in the United Arab Emirates, including the national economy, national security, public health and safety, cultural and social life.  The evolving information and communications technology of cyberspace provides numerous benefits but is increasingly a target of cyber threats that have the power to disrupt, damage, or destroy critical functions and services that enable our way of life.  Because cyber threats are dynamic, incidents will inevitably occur. However, an effective incident response capability can help minimize the impact of these incidents and reduce the occurrence of other incidents.

The Cyber Incident Response Framework (CIRF) was established and revised in light of the National Cyber Security Strategy, defining how the UAE will prepare for, protect against, detect, respond to, recover from, and continuously learn from cyber incidents.  At the heart of the CIRF are guiding principles, the national cyber response governance model, the incident level schema and management lifecycle, the reporting and information sharing requirements, as well as the monitoring and performance management components that together make up the cyber incident management capability. It is supported by the Cyber Incident Response Plan (CIRP) which further defines the cyber response capability by providing operational details.

The Council has developed this framework to establish a national incident management capability and defining how the UAE will prepare for, protect against, detect, respond to, recover from, and continuously learn from significant cyber incidents; aligned with the UAE’s national priority to be a global leader in cyber security, and enhance the security posture of organizations and individuals within the UAE.

The CIRF establishes the capability that enables the UAE, its government and CII sector entities to respond to significant cyber incidents in a coordinated manner, limiting their scope and impact, thus ensuring the stability of the UAE cyberspace and contributing to the security, well-being and global competitiveness of the nation.

The CIRF therefore:

  • Institutionalizes and enforces cyber capabilities and establishes a cyber incident response community to manage significant cyber incidents and raising the readiness of entities to respond to cyber-attacks.
  • Unifies the concept of managing cyber incident response between relevant entities at the federal level in the UAE and increases awareness by conducting exercises between entities to respond to cyber-attacks in coordination with the relevant stakeholders.
  • Integrates this capability in the relevant UAE national security and national crisis management institutional context in coordination with the relevant stakeholders.
  • Defines the cyber situational awareness and coordination essential for effective cyber incident response.
  • Raises awareness of cyber incident management capabilities and processes; and
  • Informs incident response processes at the entity, sector, and federal levels.