(Read the original article at this link)
By Remi Ramcharan; Vice President | Senkron Digital
Risk has always driven progress
Risk and uncertainty have always been part of human progress. In fact, they often drive it. If we look far enough back, we faced the risk of darkness until we built a fire; and we faced the risk of disease until we discovered medicine.
Today, we face the risk of something that has enabled huge societal advancement – technology. And nowhere is this risk more pressing than in the systems that power our economies and deliver essential resources to citizens and global supply chains – the energy sector.
The digitization of energy systems has made us more efficient and productive than ever. But, it has also created new vulnerabilities, with invisible cybersecurity threats moving through the digital arteries of energy infrastructure. This risk though, is not the enemy. Identifying it is the first step in turning vulnerability into strength. And the UAE is uniquely positioned to lead the way.
The UAE’s moment
The urgency to build this resilience is especially clear in the UAE, and further across the GCC, where nations are not only building new infrastructure, but shaping the future through bold national priorities:
The UAE is pushing toward Net Zero 2050 with some of the world’s largest solar farms and nuclear integration.
Abu Dhabi’s Stargate project with OpenAI, which will see a 1-gigawatt AI supercomputing cluster built - not just a data centre, but national infrastructure requiring vast energy and water resources.
Saudi Arabia’s Vision 2030 includes giga-projects like NEOM, designed to run entirely on renewables and green hydrogen.
Qatar, Oman, and Kuwait are investing heavily in hybrid systems that balance solar, wind, gas, and storage to ensure a continuous supply.
Beyond energy production and power generation, water security adds another layer of urgency. More than 40% of the UAE’s drinking water comes from desalination plants, and that figure stretches up to 90% for other countries in GCC such as Kuwait. When these plants stop, water stops. That is not just a technical risk; it is a societal one. And this kind of leverage is attractive to malicious actors looking for cyber vulnerabilities.
At MEICA Expo in Abu Dhabi last month, this reality was unmistakable. Across panels and in side meetings, one question surfaced again and again from utility leaders:
“How do we secure critical infrastructure against threats we cannot see?”
That is the leadership question of the decade for the UAE and its Gulf peers.
Complexity has outgrown control
Operational Technology (OT) was created to give operators clarity, continuity, and control. It made the invisible visible. It kept turbines spinning, grids balancing, and plants running safely.
That hasn’t changed. What has changed though, is the complexity of what’s connected.
Assets have multiplied across distributed plants and grids, and digital systems are essential for control and optimization. Hybrid plants mix solar, wind, hydro, gas, and storage in new configurations. And cyberattacks no longer target only data; they aim at valves, relays, and Programmable Logic Controllers (PLCs), threatening the heartbeat of operations. OT systems now intersect with IT networks, which means a hacker’s way in to a safety control room could be from a simple IT phishing email.
This is not a hypothetical threat. The UAE’s National Cybersecurity Council estimates more than 200,000 cyberattacks are attempted daily within its borders. Yet across the region, manyoperators lack full visibility into their OT environments.
The irony is not lost on us. Digitized systems designed to eliminate uncertainty now introduce new uncertainties of their own. But we must face this head on to turn vulnerability to strength. After all, complexity without resilience is risk in its most purest form.
Leadership, not just technology
It is tempting to see OT security as a purely technical matter: add new tools, configure new alerts, install new dashboards. But resilience is not built in control rooms alone. It is built in boardrooms, in government ministries, and in leadership decisions about how risk is defined and managed.
Resilience means:
Frameworks that move compliance beyond box-ticking to living safeguards. (IEC 62443, NIS2, NIST CSF are important, but they are only the floor, not the ceiling.)
Training that equips people to anticipate, not just react. Human error still accounts for a significant share of incidents.
Defenses layered for industrial realities, not IT leftovers, because an oil terminal or solar inverter does not fail like a laptop.
Technology matters. But leadership is what turns OT security into national resilience.
The global picture, and why the UAE has the potential to lead
The challenges are faced globally. In Europe and the US, ransomware attacks on industrial entities nearly doubled in the past year, according to industry reports. Regulators are tightening requirements: Europe’s NIS2 directive requires stricter controls for energy operators, while North America’s NERC CIP standards are expanding their scope.
In Türkiye, the acceleration of hybrid plants has exposed gaps in OT visibility, forcing operators to rethink how assets are managed across diverse geographies.
But the UAE, and more broadly the GCC, sits on the front line. The reason is not only the size of its investments. It is the reliance on continuity, and a clear acknowledgement from leadership that cybersecurity is a national priority. When a giga-project in Saudi Arabia slows, or when desalination in the UAE falters, the consequences cascade from investors to citizens within hours.
That is why the UAE and its GCC neighbors lead on OT security will set the global precedent. Others will follow, because the stakes here demand solutions first.
MEICA as a turning point
At MEICA, leaders from across the region were clear on this reality: the pace of digital adoption is rising faster than the pace of security readiness.
One senior executive framed it simply: “We know we are building the future. The question is whether that future is resilient.”
This is where thought leadership becomes action. It is no longer enough to talk about digital transformation without cybersecurity at its core. The GCC has the chance – and the responsibility – to show the world how resilience is built in practice.
Risk is only the beginning
As I said at the beginning of this piece, risk and uncertainty have always been a starting point for progress. What defines us, is how we respond.
OT was invented to remove uncertainty – to give operators clarity, continuity and control. That mission remains, but these same principles must now be applied to its cybersecurity, intentionally, and across every asset.
For operators and governments building the energy and cyber systems of tomorrow, OT cybersecurity goes beyond only a technical risk. It is a resilience that safeguards society. Tackling this is not just protection. It’s leadership.