Middle East Cybersecurity and Infrastructure: Dubai Offers a Different Model

I traveled to the United Arab Emirates (UAE) this past week to present the opening keynote at the Gulf Information Security Expo & Conference (GISEC 2015) in Dubai. The event offered a refreshing mix of leading global voices on security and technology topics. But most surprising, the Gulf region's public and private sector executive leaders who presented, the companies exhibiting and the amazing city as a whole offered attendees a different perspective and a positive model for the current cybersecurity and technology infrastructure challenges in the Middle East and the world as a whole.

by / May 3, 2015

What are the cybersecurity and infrastructure challenges facing the Middle East? How are companies and governments in the region responding to cyberattacks? Are governments in the region working together with Western nations in the global battle on cybercrime? Why is Dubai considered to be a model “smart city” in the world? Is traveling in the Middle East even safe right now?

These were just a few of the questions I wanted to answer when I got off the Air France flight from Paris to Dubai eight days ago.

Before I left the USA, I asked a cross-section of colleagues, friends and online connections about their views on these Middle East questions regarding online security. Most people responded with perspectives that ranged from fear of more CyberCaliphate attacks to stories about the Syrian Electronic Army remaining active to various aspects of the Iranian nuclear talks. Some people remembered that Saudi Aramco had suffered a major cyberattack a few years ago, and they wondered what ever happened after that incident.

The only positive perceptions that I heard regarding cybersecurity capabilities in the Middle East to help us in our global battle on cybercrime, or are even participate with the international community to stop cyberattacks on critical infrastructure, came from stories on Israel’s growing cybersecurity capabilities.

The reality is that the general perceptions were not positive regarding Arab states working together to share cyber threat information with the world, help to build coalitions against “bad guy” hackers or even cooperate with the global banking, oil and gas and other industries to enhance cybersecurity and critical infrastructure protection.

Dubai, UAE

A Different Cyber Story in UAE                                                                                                     

 Now the good news: the story of Dubai shatters those stereotypes on several fronts. Visiting Dubai is a remarkable experience with many surprising facts, such as the establishment of the first government in the region to establish a national authority on cybersecurity in 2012.  

I encourage you to research (and even visit) the UAE for yourself, but here is some general background before I dive into specific cybersecurity and infrastructure topics. First, the UAE has been a close US partner in the fight against ISIS.

Second, last year the government opened a new Dubai Centre for E-Security. Similar to the UK's Office of Cyber Security & Information Assurance (OCSIA), the center also aims to develop efficient ways to save and swap information among all government authorities in the emirate. The center is responsible for tackling any hacking attempts that pose threats to government information and combats cybercrimes of all types.

Third, the Dubai Mall is one example of the very open society that attracts commerce and people from every part of the world. UAE is a wealthy nation with very low levels of crime. Dubai has been called: The city of gold, the city of wonders, the city of mystery, the city of merchants, the city of dreams and the city of the future.

 Fourth, Dubai was named as a model ‘smart city’ by numerous sources, including this report by Cisco.  Here’s a quote from Dr. Aisha Butti Bin Bishr, Assistant Director General of the Executive Office:

“The Smart Dubai Executive Office is very encouraged by how private sector organizations have come forward to support and drive the Smart Dubai initiative. We are witnessing an unprecedented number of new projects all aimed at playing a vital role in delivering a smarter, connected Dubai. Our goal is to improve quality of life, through technology….”

Fifth, the Dubai World Trade Center (DWTC) is growing rapidly and hosting more and more global events. Their annual GISEC conference, along with the GITEX technology event each October, have become the top security and technology events in the Middle East, while attracting participation from all over the world.

The bottom line is that Dubai is an active global trading powerhouse, and they are supportive participants in the world’s fight against cybercrime and for cyberdefense in critical infrastructure industries. I saw a desire to learn from the US and European nations as well as a strong capability to excel in what they do and provide proper funding and priority to key technology and security initiatives.

More on GISEC

Leading into this 3rd annual GISEC conference, the “bad actor hacking” environment has been getting worse. It is clear that cyberattacks having been growing in the Middle East as well as the rest of the world. “Last month, the first known Arab-speaking group of cybercriminals Desert Falcons was revealed to be a cyberespionage group targeting multiple high profile organizations and individuals from Middle Eastern countries including the UAE. Started in 2011, the group have attacked more than 3,000 victims across 50 countries globally with over one million files stolen.”

The GISEC conference agenda began on Sunday with a Safe Cities Briefing Day. (Note, the work week for most of the Middle East runs from Sunday through Thursday.) Speaker from Jordan to Malaysia to Spain to the Dubai Police Department.

I like this quote from Colonel Khalid Nasser Al Razooqi, General Director of Smart Services at Dubai Police and a keynote speaker. “The fact that all systems connected to the internet appear vulnerable to cyberattacks is quite alarming, especially within the context of smart cities. As systems grow more complex and become more interconnected when handling more information, their exposure to vulnerabilities increases, whether due to malicious intent or human error….”

I was impressed with the open discussion on protecting the infrastructure behind emerging smart city technologies. As this article points out:

"A cyberattack on a smart city’s mainframe and network can compromise vital private and public sector services such as utilities, transportation and banking.

It is therefore essential that core processes, utility systems, and data applications are custom-fit with defense solutions that protect them from any and all kinds of cyberattacks. A MarketsandMarkets 2015 report forecasts that the cumulative value of the global smart cities will reach $30 trillion to $40 trillion over the next 20 years."

I enjoyed hearing Farid Farouq, the CIO from DWTC, on Day 2 of the event, as he described the challenges facing technology leaders all over the world.


I was honored to present two keynote presentations, one on the global cyberthreats and needed responses, and the other on effectively changing organizational security cultures with end user awareness training programs and through technical training programs. I also gave many media interviews such as this one, participated in Twitter Q & A sessions and closed Day One by participating in their awards ceremony as shown below.

credit: Dubai World Trade Center

On the Day 2 agenda, Bruce Schneier started the discussion on why Sony was able to be hacked. His main points were that attacking systems is much easier and way ahead of defending the enterprise. He also discussed several of the concepts from his recent book release: “Data and Goliath.”

In conclusion, my trip to Dubai changed my perspective on the cybersecurity situation in several countries in the Middle East. Visiting Dubai was helpful in better understanding that the USA and other global countries have friends in the Gulf region who are fighting the same battles. More than that, the UAE is leading the charge in many innovative areas such as protecting our cities with smart technologies and government coordination in defending states against cyberattacks.

The UAE has taken on the long term challenges and opportunities that go beyond finite oil reserves. Their government leaders recognition the interconnected world we live in and the power that being a global ICT leader that implements solutions.

 Dubai has an openness to cross cultural, political and economic exchanges. I saw a willingness and ability to be a global broker in one of the most historically challenged crossroads of the world. These elements provide an example of the long term potential for the region and a model for others to follow in the Middle East.

 Will I go back? I hope so. The people are very friendly and almost everyone speaks English. Several people mentioned that norm for many business travelers is to come back a second time with your family for a week-long vacation. Only time will tell. 

Unless noted, photos by Dan Lohrmann

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso