During GISEC 2023, Telecom Review had an exclusive interview with Amer Sharaf, Director of Compliance, Support and Alliances, Dubai Electronic Security Center (DESC), who is participating in the annual show for the sixth time as the official Government Cybersecurity Partner.
Can you share what proactive steps are being taken to establish Dubai as a global leader in innovation, safety and security?
We’ve been coming to GISEC year after year to launch new services and products for the government sector. On our stand this year, 2023, we have several projects, and I want to focus on two that are contributing greatly towards our vision of making Dubai the safest city in cyberspace.
One of the key projects that we have launched this year is RZAM. This will address a very critical challenge that a lot of us are facing on a corporate, professional and personal level — phishing campaigns. These attacks happen through emails and messages wherein people click on links thinking they are legitimate.
RZAM is an amazing product because, through AI, it has the capability of providing a scanned result determining whether a link is safe or not, protecting whoever is concerned, regardless of location.
RZAM is a web browser plugin available for Safari and other browsers soon that will continually assess each webpage for malicious content. It uses advance analytic techniques and machine learning algorithms to differentiate the malicious sites from the legit ones without any human interaction or retrieving historical data from databases.
Dubai Electronic Security Center continues to be at the forefront of innovation and develop new products to protect government entities from evolving cyber threats. RZAM was proudly developed by DESC’s all-Emirati team.
Another project that we have launched through our Dubai Cyber Innovation Park is the 100 Days Challenge. It’s a challenge where we invite researchers, students, individuals and companies to come and participate in solving some of the most difficult cybersecurity issues we are facing today. Join the competition to discover the world of cyber security and test your skills in the field. Get immersed in the cyber journey that Dubai offers and learn how to add value to the region. Participants will go through the 100 Days Challenge and experience truly what it takes to be a cyber expert upon working on a real-life solution to gain knowledge and expertise, as well as contribute to the world of cyber security. Not to mention getting the chance to win a cash prize of 20,000 AED.
These are the key messages we are working on to make Dubai the safest city in cyberspace.
How important is national and international collaboration in implementing Dubai’s cybersecurity framework?
It is indeed very important, as national and international collaboration is a pillar of our cybersecurity strategy, taking into consideration that cyberspace is not just one country or city; it involves many who are working together.
The Dubai Cybersecurity Strategy was launched by His Highness Sheikh Mohammed bin Rashid Al Maktoum, vice president and prime minister of the UAE and ruler of Dubai, back in 2017.
On a national level, we work with like-minded entities to protect ourselves from these threats and adopt the best standards and solutions to protect government agencies and the people residing within the UAE.
On the international level, it is also the same. We have to collaborate with like-minded entities to exchange solutions and tackle the challenges together. There are systems and software through which we can collaborate easier, and everyone has come out with a certain solution to help one another.
To cite an example, we have a project called the Malware Information Sharing Platform. We deployed this to help us easily communicate the threats and allow others to ingest that information into their infrastructure and protect themselves further.
With that being said, DESC signed an agreement during GISEC with CREST International, the global non-profit membership body specializing in cybersecurity, to launch “Dubai Cyber Force” initiative. The agreement aims to accredit and certify the cybersecurity providers offering services to. Dubai Government.
As a critical part of Dubai’s digital economy, how do you ensure that telecommunication networks in the country are protected?
We have policies that we’ve devised over the years. Our Information Security Regulation (ISR) is distributed among government departments and telcos to adhere to. These standards are provided at the national and international levels of information security. It’s similar to ISO 27001 but is catered specifically to the government of Dubai.
The purpose of the Information Security Regulation is to provide all Dubai government entities with the standards to ensure the continuity of critical business processes, including the ICT sector, and minimize information security-related risks and damages by preventing information security incidents.
Telcos, as well as government departments, are taking this policy, amongst other policies that we have created, namely the Internet of Things (IoT) Security Standard, the Electronic Biomedical Devices (EBMD) Security Standard and the Connected Vehicle (CV) Security Standard.
What can be implemented to ensure Dubai’s cost-effective, long-term cyber detection and response strategy?
I mentioned the policies, which are just the starting point. You have to enforce these policies, which takes a lot of work that needs to be done on the ground of your environment, wherever it may be — as a government or private company. You take that and adopt the best technologies so that you can protect the network from the numerous adversaries and threats that are out there.
DESC is trying to provide an environment where it is safer and easier to conduct your business or profession as a government entity. Despite DESC being established to protect the government department, we are now extending our efforts to cover the private sector.
DESC is working on providing a policy for companies to offer their services. During GISEC 2023, we signed an agreement with CREST, a certification body that provides such certification for professionals in the cybersecurity arena. Through this collaboration, we’ll be coming out with a process on how companies can certify their professionals to provide cybersecurity services and solutions or develop systems that use the best cybersecurity attributes.
Why should countries prioritize having a robust cybersecurity strategy?
Over the years, we have seen and learned from so many unfortunate incidents that have happened in the global arena. In many countries, that has really opened everyone’s eyes and increased our maturity.
Five years ago, people were trying to understand and unfold what cybersecurity really meant. Today, it’s clear that it’s part of everyone’s agenda. You have to protect your information and digital assets and provide the security needed to protect businesses and whichever ecosystem you are a part of.