The Industrial Cybersecurity Center in Middle East

Team

Ignacio Paredes

Ignacio Paredes is Industrial Cybersecurity Center Coordinator for the Middle East, Senior Lead Technologist in Booz Allen Hamilton and has a M.S. in Computer Science. Since 1999 he has been involved in different projects related to information security for important enterprises mainly from the telecommunications field. He is an expert in the design and deployment […]

Ayman Al- Issa

Ayman has over 20 years of experience in the fields of Automation, Information Technology, and Cyber Security. He has graduated with a Bachelor’s degree in Electronics Engineering and verse in different backgrounds like industrial control systems, systems engineering, and building cyber security strategies, designs and models. Ayman has a wide-ranging experience in protecting critical infrastructures, […]

The Industrial Cybersecurity Center its represented in the Middle East by three internationally well-known experts: Ayman AL-Issa, Samuel Linares e Ignacio Paredes, CCI Coordinators for Middle East (CCI Coordinators Team).

Several reports and studies allow the Center to characterized the Industrial Cybersecurity madurity of the UAE - United Arab Emirates. Among them – and as analyses source of this article-, should be mentioned:

  • Cyberwellness Profile United Arab Emirates (de ITU)
  • Cyber security in the Middle East Strategy: A strategic approach to protecting national digital assets and infrastructure (de PwC)
  • A false sense of security? Cybersecurity in the Middle East (de PwC)
  • Challenging Environment Elevates SCADA Cybersecurity to the Executive Level (de Booz Allen Haminton)

Thanks to the information provided by these reports, it can be described the sensitivity level of the industrial organizations in the region, according to the following percentages:

In addition, the trend in this aspect for recent years has been a slight increase.

UAE - United Arab Emirates counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in regional presence companies (mainly critical infrastructure). The main organizations are:

  • NESA National Electronic Security Authority
  • AECERT Arab Emirate CERT
  • TRA Telecommunications Regulatory Authority
  • Among the main national laws and regulations affecting in this context in UAE - United Arab Emirates, it should be highlighted the NESA UAE Information Assurance (IA) Standards, with the
  • National Cyber Risk Management Framework.

Analysing the most widely adopted industrial cybersecurity measures by United Arab Emirates organizations to protect industrial automation systems, it should be highlighted the application of:

  • Compliance Assessments
  • Industrial cybersecurity consulting / advisory
  • Ethical hacking
  • Internal security audits
  • External security audits
  • Conventional firewalls
  • Industrial firewalls
  • IDS / IPS
  • Backups
  • Log correlation
  • Encrypted communications
  • Industrial applications control
  • Whitelisting
  • Antivirus
  • Cybersecurity training and awareness

In conclusion, regarding the UAE industrial cybersecurity maturity level, thanks to the sources consulted (see note below), it can be characterized the industrial cybersecurity situation in this region with the following SWOT analysis:

Weaknesses

  • Lack of alignment between business, cybersecurity departments and suppliers

  • Excessive duration of the acquisition / purchase periods that slow down the agile evolution of the projects.

  • Lack of operational technologies certifications, processes and professionals

Strengths

  • Awareness, especially regarding industrial critical infrastructures

  • Increase of Industrial cyber security trained professionals

Threats

  • Extremely advanced Threat Landscape

  • Development of industrial applications without cybersecurity requirements

  • Shortage of local industrial cybersecurity professionals working for manufacturers

  • Shortage of specific industrial cybersecurity risk management tools

Opportunities

  • Strategic position in the industrial cyber security sector

Activities