Today's Edition
HAMAD AL KAABI (ABU DHABI)
The UAE’s vision for a digitally secure future lies in spreading cybersecurity awareness, implementing secure frameworks for modern media and digital technologies, and developing security-focused government policies and procedures, said Mohamed Hamad Al Kuwaiti, Head of the Cybersecurity Council of the UAE Government.
In an interview with Aletihad, Al Kuwaiti detailed the country’s systematic and scientific efforts towards advancing its AI capabilities, highlighting the nation’s 2071 Centennial Plan and efforts to fully embrace artificial intelligence.
The following is the full text of the interview:
Tell us briefly about your vision for a more secure digital future for the UAE, and your efforts to raise cybersecurity preparedness?
“Briefly, our vision for a more secure digital future for the UAE involves systematically and scientifically working towards being a country that embraces artificial intelligence by the year 2071. This vision involves spreading a culture of cybersecurity, utilising various modern media and technologies with a secure framework, instituting governing policies and procedures, creating productive technological capabilities, not only for cybersecurity but also for artificial intelligence, enhancing various forms of cybersecurity protection and defence through advanced systems that can thwart potential attacks, fostering innovation in digital and technological fields, building key partnerships with various nations to collaborate on cybersecurity, and ultimately, positioning the UAE among the most advanced nations in digitisation and the Fourth Industrial Revolution through continuous localisation policies for modern AI technologies.
“Efforts in the UAE span various areas, including awareness, technology, and legislation. On the awareness front, initiatives like the ‘Cyber Pulse’ initiative aim to spread cybersecurity awareness through social media platforms, leading to a noticeable decrease in cybercrimes. Legislatively, efforts have been made to combat cybercrimes through the issuance of several laws. Technologically, the Cybersecurity Council has worked on developing technological capabilities to enhance cybersecurity defence policies, implementing a federal electronic network, launching national cloud infrastructure, initiating electronic safety initiatives, like the digital citizenship certification, and cybersecurity and electronic security strategies in line with the ‘We the UAE 2031’ vision.
“In terms of cybersecurity achievements, the UAE boasts an advanced digital infrastructure, qualified national talent, a high level of preparation, and advanced means to counter potential malicious cyberattacks targeting public sector institutions. The UAE maintains its global standing in cybersecurity, ranking fifth globally in the Global Cybersecurity Index issued by the International Telecommunication Union, which tracks improvements in cybersecurity awareness levels in 193 countries worldwide. Notably, the UAE faces over 50,000 cyberattacks daily, which are preemptively and efficiently stopped with a high standard of professionalism. This comes after we witnessed a 250% increase in cyberattacks within the UAE in 2020 due to the repercussions of the COVID-19 pandemic.”
How do you think cybersecurity principles can be integrated into individual behaviours and institutional cultures in light of the cross-sector integration of AI?
“This question is of the utmost importance, and in my opinion, cybersecurity can become a part of personal behaviour and institutional culture through raising awareness among youth and the community to protect public and private assets, and integrating the topic of cybersecurity into educational curricula at various levels. In addition, there needs to be continuous development of cybersecurity-related legislation to keep pace with the rapid developments of various types of cyberattacks.
“As for the necessary preventive measures to stop cybercrimes, they include the need to possess modern capabilities and programmes to protect against and combating cybercrimes, along with enhancing institutions and community members’ artificial intelligence capabilities, and continuous public awareness of the dangers of cybercrimes by educating individuals on how to use antivirus software, to choose strong passwords, not open attachments from random emails, and not provide any personal data over the phone or via email unless completely sure of the security.”
Which sectors are the most vulnerable to cyber threats, and what kind of threats are most prevalent?
“The UAE is one of the most targeted countries in the world for cyberattacks, and ransomware attacks represent more than half of cyberattacks in the country. “However, traditional attack vectors, such as email phishing and business email breaches, still prevail and pose a continuous threat to some sectors. These threats come from state-sponsored actors, terrorists, and cyber activists who aim to disrupt public services, steal sensitive information, or harm national security. Cybertargeting tools vary, from short text messages and emails to phishing links, and target the public, from individuals to institutions.
“Here, I can say that the public sector, companies operating in the energy and information technology fields, banks, and financial institutions are the most targeted by cyberattacks in the UAE. Therefore, the UAE institutions rely on constant collective vigilance and strategic action to confront these attacks and respond to them early.”
We sometimes read about ‘cybersecurity exercises’. What are these exercises, and why are they important?
“Cybersecurity exercises are a means to educate employees about cybersecurity concepts, with the aim of increasing the protection of sensitive information, data, and ensuring the security of digital systems. These exercises aim to provide employees with the knowledge and skills necessary to identify and prevent cyber threats and to effectively respond to attacks. The exercises include cybersecurity training in techniques for dealing with cyberattacks, identity and access management, application security, virus and malware protection, data security, research techniques, encryption, and other necessary topics.
Can you explain the evolution of cyberattacks into cyber warfare?
“To clarify, we can say that cyber warfare is a set of electronic activities undertaken by some party ‘A’, whether affiliated with a state or acting independently, against electronic systems belonging to another party ‘B’ in another state. The aim is to infiltrate and gain control of these systems in order to control them remotely and cause the greatest possible harm. Cyber warfare relies on two important elements: the availability of information - upon which cyber wars rely heavily, and the mental and intellectual capabilities responsible for planning and directing attacks.
“As for electronic espionage, it is the modern form of accessing secret national information, which is known as unauthorised entry, and accesses sensitive information in electronic form. This type of espionage allows the actor to steal information from anywhere in the world, anonymously, inexpensively, and on a wide scale.
“The danger of this type of attack lies in the fact that it represents a significant and serious threat to the national security of various countries, both developed and developing, especially since its main goal is often to penetrate secure networks of these institutions, spy on them, and transfer that information using malicious software.
“On the other hand, electronic terrorism refers to tampering with electronic systems simply to cause panic or fear. It also includes aggression, intimidation, or physical threat, issued by states, non-state groups, or individuals. These terrorists target electronic systems and information infrastructure, and exploit communication and information networks to intimidate and terrorise, cause harm to, or threaten others.
“Finally, electronic crime is any violation committed against individuals or groups with a criminal motive and the intention to harm using the Internet, chat rooms, email, or groups. This exacerbates the complexity of this crime, as it occurs in cyberspace, which has no borders.”
How have your efforts progressed in the Emiratisation of the cybersecurity workforce?
“The UAE has taken important steps to enhance its cybersecurity practices, such as the adoption of the National Cybersecurity Strategy, which aims to create a secure and robust cyber environment. The country has also enacted advanced laws and systems to combat cybercrime, including the new Information Technology Crimes Law for the year 2021.
“In this context, the establishment of the Cybersecurity Council came with the aim of developing policies and legislation to enhance the country’s cybersecurity and to prepare all sectors to respond to cyber threats.
“Here, I can say that we now have highly efficient and experienced Emirati personnel in the Cybersecurity Council who can address any potential risks. We are also continuing to enhance the human resource and material capabilities of all Emirati institutions to permanently prepare them to face any cyberattacks or cyber wars in the future.”
Do you have any recommendations for parents on how to teach their children safe internet use?
“There is no doubt that the family plays a fundamental role in promoting cyber awareness, and parents play a significant role in educating children about safe internet practices and making them aware of the dangers of cyberattacks and teaching them how to protect themselves.
“I recommend that parents talk to their kids and teach them how to protect themselves online, and to monitor their use of electronic devices. Parents should also talk to their children about the dangers of sharing personal information and teach them about how to protect their privacy online. They should also teach them how to identify and deal with different forms of online fraud.
Do you think that the digital transformation the UAE has witnessed requires specific governance to secure these technologies?
“Yes, governance is very important now in artificial intelligence, both in the UAE and around the world, especially since governance will help ensure that those algorithms operate fairly, transparently, and are accountable, and that they reduce existing biases or discrimination against certain groups.
“Governance will also address the ethical challenges of big data and artificial intelligence, and will set standards and guidelines for this sector by building best practices supported by governments and regulatory bodies working in the field. Transparency, privacy, and protection are at the forefront of all of our efforts to make sure we have ethical data practices, protect critical infrastructure.”
What tools do you have to confront AI-produced ‘deepfakes’?
“There are measures being taken to confront deepfakes made by artificial intelligence, including developing tools to detect fake content by analysing the characteristics of images and videos to identify signs of forgery, such as matching lighting conditions and facial movements. We are also working on teaching users how to recognise fake content, and are raising awareness by conducting workshops and educational courses about the risks
of forgery.
“Efforts have also been made to develop legislative systems to address the complex challenges posed by deepfakes, with laws criminalising the creation and distribution of fake content or manipulating content with malicious intent. These also define the responsibility of platforms and individuals involved in creating or disseminating fabricated content.
“We can also say that the development of technical confrontation methods will not at all replace the need for international cooperation, awareness programmes, or the development of new legislation to mitigate the growing risks of artificial intelligence.”
What is the current size and projected growth of the cybersecurity market?
“The size of the global cybersecurity market is estimated at around $203.78 billion for 2024. It is expected to reach $350.23 billion by 2029, with a compound annual growth rate of 11.44% from 2024-2029.
“The world needs more than $100 billion in investments for the necessary cybersecurity services. It is also likely that the size of the cybersecurity market in the Middle East will grow at a compound annual growth rate of 17.1%, from $20.3 billion in 2022 to $44.7 billion in 2027. In the UAE, the size of the cybersecurity market was estimated at approximately $522.06 million in 2023, and is expected to reach $950 million by 2028, with a compound annual growth rate of 12.72% from 2023-2028.”
