The UAE is investing heavily in cyber security, using technology and skill to combat threat actors in the cyber domain, foster trust and confidence in the UAE’s digital ecosystem, and safeguard its cyberspace. This is essential to address the volume, velocity, variety, and complexity of modern cyber threats, improve national cyber defenses, and enhance national resilience to cyber-attacks.

The UAE’s National Cyber Security Strategy (NCSS) sets the course for the Government’s ongoing commitment to protect national cyberspace. It outlines the strategic areas of focus required to sustain national cyber security and the specific objectives within each focus area, along with a roadmap to achieve these objectives.

The implementation, maintenance, and improvement of national cyber security comprises a range of elements. These include strategic actions to address legislative, regulatory, organizational, administrative, and technical issues. They also include efforts to raise awareness, provide education, conduct domestic exercises, and foster international cooperation.

The Council has developed this framework to set out the model employed for good cyber security governance within the UAE, aligned with the UAE’s national priority to be a global leader in cyber security, and enhance the security posture of organizations and individuals within the UAE.

National Cyber Security Governance Model

The National Cyber Security Governance Model establishes a multi-tiered structure led by the UAE Cyber Security Council (CSC), which defines national strategies, policies, and frameworks while coordinating with Emirate Leads and Sector Leads to ensure consistent implementation across the country. Emirate Leads, appointed by each Emirate’s Executive Council, align local cyber security strategies with national objectives, oversee Emirate-level CIIP programs, and integrate their monitoring capabilities with the National SOC. Sector Leads, delegated by the CSC, regulate specific critical infrastructure sectors, enforce sector-specific standards, and drive resilience and incident response within their domains. This governance model ensures unified national oversight while enabling Emirate-specific and sector-specific execution, fostering resilience, intelligence sharing, and alignment with UAE cyber security objectives.