Public Policy Document

In 2023, the Federal Government launched the National Policy for Internet of Things (IoT) Security to enhance the UAE’s global standing in the field of IoT security and to support the protection of the UAE's cyberspace. This policy outlines the main directives for the cybersecurity system, assigning essential tasks and responsibilities to improve its operational capabilities, ensuring an optimal response to cyber incidents.

This policy supports the adoption of emerging technologies, cloud computing, and the IoT. It also ensures that IoT service providers meet security requirements and guarantees a level of protection for all IoT users, when purchasing or using services. This aims to mitigate the potential negative impacts that can accompany reliance on modern technologies.
 

1. Reduce the number of critical or serious incidents.
2. Establish a unified approach for responding to cybersecurity incidents.
3. Strengthen the cybersecurity ecosystem across all targeted vital sectors nationwide.
4. Define the primary directives for the cybersecurity ecosystem and assign critical functions with the aim of safeguarding the UAE cyberspace through emerging technologies, while fostering the adoption of cloud computing and the Internet of Things.
5. Improve the operational capacity of the cybersecurity ecosystem to achieve optimal incident response and boost situational awareness.
6. Establish a successful accreditation system based on rigorous standards to instill confidence in the cybersecurity service providers’ systems within the UAE.
    

The Five IoT Security Principles were developed to provide the necessary decision-making elements to drive the adoption of the IoT technology, its implementation, and operations in the UAE. These principles help the IoT consumers and IoT service providers in their purchasing and operating decision-making process, in line with the policies detailed in this document.

1. Security and privacy by design.
   • Use certified devices, tailor-made operating systems, services managed by recognized service providers, and skilled resources to support the development, optimal utilization, and operation of secure IoT applications.
2. Identify security priorities based on impact.
   • Consider potential implications of service outages, breaches, or malicious activities faced by consumers when developing and establishing security measures and assigning responsibilities to mitigate the resulting serious implications.
3. Strong defense.
   • Develop a comprehensive approach to security, based on activating a multi-layered defense mechanism against cybersecurity threats in the design of IoT applications and their ecosystem.
4. Guidance on best practices.
   • Leverage global best practices to provide security and enhance compliance efficiencies.
5. A collaborative and transparent ecosystem.
   • Share information about security vulnerabilities with manufacturers, service providers, industrial consumers, and regulators to increase awareness.

1. Ensure the secure exchange of information in line with globally recognized best practices.  
2. Secure systems integral to vital sector operations and ensure the resilience of their protective measures. 
3. Mitigate the impacts of cyber-attacks through adherence to standardized criteria aimed at reducing known risks and vulnerabilities.
4. Establish unified cyber foundations at the national level to support security requirements for IoT technology.  
5. Foster increased collaboration and cooperation between the public and private sectors through standardization efforts.
6. Safeguard IoT systems used by all entities and organizations while ensuring the durability of their protection systems. 
7. Decrease the amount of technical incidents associated with IoT technology and reduce susceptibility to cybercrime.  
8. Bolster public confidence in IoT technology.   
    

Government entities, private sector enterprises, and community members.