The UAE National Cyber Security Council (NCSC) launched on Sunday phase one of the "National Bug Bounty Programme", which aims to enhance the UAE’s cybersecurity systems, reinforce the country’s leading stature in global competitiveness indexes, as well as engage community members and public and private sector entities in the protection of infrastructure.
The NCSC announced that the programme will initially be piloted by the telecommunications industry, jointly with Etisalat and Emirates Integrated Telecommunications Company (du) in coordination with the Telecommunications and Digital Government Regulatory Authority (TDRA).
The initiative aims to promote the culture of cybersecurity and protect the country’s digital transformation and overall achievements in line with the country's leadership directives.
The council launched the national programme to ensure the highest levels of protection and security for vital national infrastructure in all sectors, including energy, telecommunications and defence.
The partnership is due to the major importance of this sector as a primary cybersecurity line of defence.
The programme allows the UAE to enlist the services of qualified global security researchers in an incentive-based programme for cybersecurity penetration testing and vulnerability identification, to better prevent against cyber-attacks. They may be monetarily rewarded for identifying and reporting bugs, exploits, or vulnerabilities in relevant applications, websites, or systems.
"This is a great opportunity for the UAE to embrace innovative ways to enhance our cybersecurity across our critical infrastructure," said Dr. Mohamed Hamad Al Kuwaiti, NCSC Director. "We look forward to expanding this programme to get our local talent engaged and participating in future bounties." ''Once the pilot is completed and results examined, the programme may enter its full deployment phase. It will ensure security researchers are properly vetted, have clear asset guidelines, and follow the necessary rules of engagement to analyse and deter cyberattacks,'' he added.
‘Bug Bounty’ is subject to continuous testing and has adopted the best international practices by using tools, tactics and procedures often used by cyber attackers, to ensure a safe digital environment for public and private entities as well as value-added for stakeholders.
In addition to the programme, the NCSC offers a range of initiatives aimed at improving the level of cybersecurity in the country. It is also expected to be popular with public and private authorities, as well as academic centres and other entities with vital infrastructure.