INSUBCONTINENT EXCLUSIVE:
Dubai has become the first emirate in the UAE to put security standards on industrial control systems (ICS) as there is an increase in OT
(operational technology) security incidents in the Middle East and the digital transformation drive is going to make it worse as the threat
landscape is getting more sophisticated.IT (information technology) systems are storage systems, computing technology, business applications
and data analysis while OT systems are machinery equipment, assets monitoring systems, industrial control systems (ICS) and SCADA
devices.Dubai Electronic Security Centre (DESC), the regulatory authority in Dubai, is stepping in at the right time as IT and OT systems
are merging and getting connected to the internet.The Iranian malware Shamoon 1, in 2012, reportedly destroyed thousands of computers at
Shamoon 2 made similar attacks in 2016 and 2017 while Shamoon 3 made a new wave of attacks against targets in the Middle East oil and gas
plants in December 2018.In 2017, cybercriminals behind Triton, also called Trisis, targeted Triconex safety instrumented system (SIS)
controllers sold by Schneider Electric, leading to plant shutdown, due to flaws in security procedures.In 2019, Triton once again targeted
industrial control systems (ICS) at another company in the Middle East.The first was Stuxnet, known to have developed by the US and Israel
code than Stuxnet and is much more widespread than Duqu.The Industroyer (also known as Crashoverride) is a malware framework considered to
have been used in the cyberattack on Ukraine's power grid.Havex is a remote access trojan discovered in 2013 as part of a widespread
espionage campaign targeting industrial control systems (ICS) used across numerous industries in the US and Europe.According to research
firm Gartner, the size of the stand-alone OT security market in 2018 was valued at $250 million, growing to $1.1 billion in 2022,
representing an annual growth rate of 45.7%.Protecting digital infrastructureAmer Sharaf, Director of Compliance, Support and Alliances at
DESC, said that implementation of the standard, after benchmarking it against internationally recognised standards, by relevant government
entities in Dubai will help provide a new and improved framework for industrial security and ensure minimal risk framework to fortify the
Bushra Al Blooshi, Director of Research and Innovation at DESC, said that Enoc, Dubai Electricity and Water Authority (Dewa), Dubai Airports
and The Roads and Transport Authority (RTA) were key in co-developing and implementing the new security standard.She said that RTA will
From April onwards, we will hold workshops with these entities and get feedback from them about the challenges they may face when
pushed through the government entities but luckily, no private sector in Dubai is using ICS.When asked whether there will a deadline to
change legacy OT systems, he said that some of them have to put a plan and not an abrupt change
The risk assessment methodology will give flexibility, depending on high- to low-risk systems, and they can make a plan to reduce the
risk.DESC has the standard (Information Security Regulation) for the IT systems and was mandated in 2012.Race towards digital
transformationIn December 2019, DESC, in association with Dubai Health Authority (DHA), launched the security standard for electronic
biomedical devices (EBMD) across the emirate in a bid to limit breaches within the healthcare sector and protecting sensitive patient
little bit of fine-tuning will be implemented at a federal level
transformation by adopting artificial intelligence (AI) tools, the application of internet of things (IoT) and other smart technologies,
