Securing Cyberspace in the Middle East: An Actionable Blueprint
Securing cyberspace extends beyond the protection of ICT networks and systems to include threats that compromise individual safety, digital rights, and the integrity of online spaces. Cybersecurity threats are framed not only as unauthorised access to devices and networks, such as hacking, DDoS attacks, spyware, and data breaches, but also as harms arising from online activities, including doxxing, cyberbullying, hate speech, cyber-extortion, harassment, censorship, disinformation, biased AI systems, and internet shutdowns. This broader lens recognises cybersecurity as a technical, legal and social issue. It also highlights that cybersecurity extends beyond traditional state security sectors to include other areas of society, such as private sector companies.
The Landscape of Cyber(in)security in the Middle East
In the Middle East (ME), and particularly in the Gulf Cooperation Council (GCC) states, rapid digitalisation has exposed critical government and economic sectors to heightened cyber risks.
First, traditional cyber threats, including ransomware, financial fraud, and hacktivism, have targeted individuals, corporations, and state institutions. High-profile incidents include banking data breaches in Oman and the UAE, malware targeting mobile banking apps, and a significant rise in ransomware attacks, including reported attacks on major telecom providers. In the UAE alone, ransomware incidents increased by 32 percent in 2024, with one of the most prominent cases involving an alleged attack on the telecom provider Etisalat (now e&) by the LockBit ransomware group.
Cybersecurity threats are framed not only as unauthorised access to devices and networks, such as hacking, DDoS attacks, spyware, and data breaches, but also as harms arising from online activities, including doxxing, cyberbullying, hate speech, cyber-extortion, harassment, censorship, disinformation, biased AI systems, and internet shutdowns.
Second, advanced persistent threats (APTs), often state-sponsored, represent a major cybersecurity risk. The region has experienced numerous cyberespionage and destructive attacks targeting energy, government, and security sectors. Iran has emerged as a significant cyber threat actor following cyberattacks on its nuclear facilities. Iranian-linked operations have been associated with data-destruction attacks, infrastructure disruption, and ransomware campaigns designed to blur the line between financial gain and causing political/social disruption.
Third, cybersecurity in the ME is also closely intertwined with information control and regime security. Governments increasingly frame surveillance, content moderation, and regulation of digital platforms as matters of national security. Social media has become a contested space used by political activists, dissidents, extremist groups, and states alike, prompting extensive monitoring and censorship. These practices shape emerging cyber norms, ranging from self-censorship to counter-surveillance techniques. Moreover, recent conflicts, particularly in Gaza, have amplified the role of hacktivism, DDoS attacks, internet shutdowns, AI-driven disinformation, deepfakes, biased content moderation, and large-scale doxxing campaigns, raising questions about the role and degree of responsibility of private technology companies.
Fourth, emerging cyber threats linked to AI-powered and semi-autonomous weapons have transformed regional security dynamics. State and non-state actors increasingly rely on AI-enabled military technologies, which introduce new cybersecurity vulnerabilities, including hacking, manipulation, espionage, and loss of sovereign control due to dependence on foreign technologies and expertise.
Fifth, at the individual level, technology-facilitated gender-based violence (TF-GBV) disproportionately affects women and LGBTQ+ individuals. These harms include catfishing and sting operations, sextortion, revenge pornography, AI-generated deepfakes, and the hacking or leaking of sensitive data. In the ME, such threats are intensified by social stigma, restrictive gender norms, and legal frameworks that often blame or criminalise victims rather than perpetrators, discouraging reporting and enabling abuse.
These trends suggest that cybersecurity risks in the ME are likely to intensify unless meaningful, robust and coordinated policy action is implemented.
Actionable Blueprint
The overarching goal for ME governments should be the development of national technological know-how to strengthen capabilities and safeguard digital sovereignty. Achieving this requires a comprehensive, multi-level digital strategy grounded in multistakeholder engagement. Such a strategy should actively involve governments, private technology companies, and civil society across national, regional and international levels. An actionable blueprint for this strategy should include the following interconnected steps:
Encouraging the domestic production of critical digital infrastructure and cybersecurity tools to reduce dependency on foreign technology products and replace them with locally adapted solutions.
First, building national capacity and local expertise by a) investing in education in cybersecurity, AI and quantum technologies, including the provision of targeted scholarships; b) supporting R&D institutions, innovation hubs and digital start-ups through grants, as well as financial and tax incentives aimed at retaining cybersecurity and AI talents; and c) promoting public sector digital literacy and cybersecurity training through joint programmes implemented in partnership with technology companies.
Second, encouraging the domestic production of critical digital infrastructure and cybersecurity tools to reduce dependency on foreign technology products and replace them with locally adapted solutions. This can be achieved by encouraging public-private partnerships and establishing a more enabling regulatory and business environment for the technology sector, which prioritises innovation and secure-by-design products, rather than overly restrictive compliance.
Third, industries need to build cyber resilience to minimise the impact of incidents in terms of continuing the delivery of critical services, protecting their reputation and stakeholder confidence, and avoiding financial loss. This includes backups and data recovery mechanisms, employee training, penetration testing, incident response and recovery drills, learning from past incidents, and coordinating with other organisations.
Fourth, promoting community-level initiatives on digital rights, data protection, legal literacy, and cybersecurity awareness through partnerships with civil society.
Fifth, updating national laws to become more human-centric rather than solely state-centric, with greater emphasis on combating cybercrime and threats against digital citizens instead of policing dissent and restricting freedoms. Including civil society in cybersecurity governance can help ensure transparency, accountability, and the protection of digital rights and privacy.
Sixth, strengthening regional cooperation by a) conducting joint military cyber offensive and defensive exercises and training programmes to enhance capabilities and facilitate knowledge-sharing among military personnel; b) enhancing cyber threat intelligence cooperation, including the development a joint cyber threat intelligence platform for early detection, coordinated response to attacks, and information-sharing for cross-border cyber incidents; c) facilitating expertise-sharing among national Computer Emergency Response Teams (CERTs), and working toward the establishment of a regional CERT; and d) developing an up-to-date, regional cybersecurity and AI regulatory framework, that provides clear guidance to individuals, governments and private companies.
Seventh, shaping international norms on state responsibility in cyberspace and the ethical use of AI. This can be facilitated through a) the strategic use of cyber diplomacy tools and parallel engagement in existing dialogues and multilateral forums, where diplomates act as cyber norm entrepreneurs to reconcile diverse national interests, establish shared rules and protocols, and implement confidence-building measures; and b) enhanced engagement in international cyber governance processes, including forums like the UN Group of Governmental Experts and Open-Ended Working Group, as well as multistakeholder platforms such as the Internet Governance Forum.
Linking gendered understandings of cyberspace to cybersecurity policy can lead to better overall security both within and beyond the cyberspace domain.
Eighth, adopting a gender-sensitive approach to cybersecurity. Linking gendered understandings of cyberspace to cybersecurity policy can lead to better overall security both within and beyond the cyberspace domain. This can be achieved by a) updating national and regional technology-related regulations to be gender-sensitive, while ensuring they not weaponized for gender-based persecution; b) involving civil society and technological experts in digital governance processes, as civil society advocates for digital rights legislation and applies pressure on technology companies to improve their security measures; c) engaging technology companies in feminist and human rights-based dialogues, encouraging them to develop secure-by-design technology by conducting human rights impact assessments and design tailored features to mitigate gender-specific risks. This includes removing geolocation features, ensuring secure sign-up processes, creating risk-reporting systems linked to technical support, and implementing anonymous-based authentication mechanisms; and d) providing targeted training for law enforcement on gendered cyber harms and TF-GBV, while simultaneously empowering and including women within state cybersecurity institutions.
Dr. Bassant Hassib is an Assistant Professor of Political Science in the University of London Programmes (LSE) at the European Universities in Egypt (EUE).