Shafaq News
The Iraqi National Cybersecurity Center on Saturday denied reports of
widespread cyberattacks on government platforms, insisting that only a limited
number of institutions were affected without any disruption to essential
services.
Officials stressed that critical networks remain under “full control”
and that technical teams are working continuously to strengthen defenses. While
the statement sought to calm public fears, it raises a deeper question: how
prepared is Iraq to confront escalating cyber threats in an era where national
security increasingly depends on digital resilience?
The Center admitted that “outlawed groups” had attempted to infiltrate
state systems but dismissed social media leaks as “old and misleading.”
Authorities also warned that those who amplify false narratives would face
legal consequences.
International rankings underscore the country’s vulnerability. According
to the Estonia-based National Cyber Security Index, Iraq stands at 105th
globally, with a digital development level of just 22.86 percent. On the Global
Cybersecurity Index, the country was ranked 129th in 2019, briefly rose to
107th in 2020, and then fell back to 129th in 2021, trailing behind most Arab
states including Syria, Libya, and Sudan.
In the 2024 edition of the same index, Iraq was classified in Tier 4,
the lowest category, with a score of around 53.1. This assessment highlighted
deficiencies in legal frameworks, technical defenses, and capacity-building,
all of which expose critical infrastructure, government services, and electoral
processes to potential espionage, sabotage, and disruption.
The Iraqi Digital Media Center argues that such setbacks reveal not only
technical shortfalls but also the absence of a sustained national commitment.
As it emphasizes, protecting citizens’ data is inseparable from safeguarding
the state itself.
Yet Iraq has taken important steps to establish a national strategy for
cybersecurity. The first national incident-response team was created in 2017,
followed by the drafting of policy frameworks in 2020. In December 2022, the
Ministry of Interior approved the country’s first cybersecurity strategy, which
paved the way for the establishment of the Cybersecurity Directorate. In 2025,
the Ministry inaugurated the first fully fledged Cybersecurity Center, marking
what officials described as a historic step in integrating cyber defense into
the national security system.
In an interview with Shafaq News, Brigadier General Dr. Hassan Hadi
Latheeth, head of the Cybersecurity Directorate, described the development as a
“structural transformation in Iraq’s internal security, moving beyond
traditional defenses to meet the realities of a digital battlefield.”
Since its creation, the Directorate has identified 166 vulnerabilities
in government websites and monitored more than 330 cybercrime activities. It
has also launched Iraq’s first nationwide cybersecurity competition and trained
nearly 9,400 personnel across the security and civilian sectors. Still,
Latheeth cautioned that challenges remain daunting. “Artificial
intelligence–driven attacks are evolving faster than our policies, and limited
budgets make it difficult to retain top talent. If we do not keep pace, we risk
losing this battle before it starts,” he said.
Despite these advances, legislative shortcomings continue to undermine
Iraq’s cyber posture. The country still lacks a dedicated data protection law
and relies on outdated frameworks such as the 1951 Civil Code and the 1969
Penal Code to prosecute modern cybercrimes. A draft Information Crimes Law has
languished in parliament since 2011, blocked by political disputes and
widespread fears that it could curtail online freedoms. Without a clear legal
basis, state institutions and private companies remain exposed, while courts
struggle to pursue offenders effectively.
This fragile environment is accentuated when compared to regional peers.
Gulf states such as the United Arab Emirates and Saudi Arabia have invested
heavily in cyber defense and rank among the global top twenty, while Iran has
developed sophisticated offensive and defensive capabilities as part of its
broader regional strategy. By contrast, Iraq’s cyber defenses remain fragmented
and reactive, leaving the country susceptible not only to criminal actors but
also to the strategic ambitions of neighboring states and transnational groups.
Read more: Brainpower and bytes: Iraq’s race for AI supremacy
Educational technology researcher and web developer, Dr. Mohammad Awada,
told Shafaq News that Iraq’s dilemma is not the absence of vision but the
weakness of implementation. “Iraq does have a national cybersecurity strategy,
but strategies alone do not protect critical infrastructure. What matters is
enforcement — through modern legislation, institutional independence, and
investment in human capital,” he said.
Dr. Awada stressed that Iraq must urgently close its legislative gaps,
develop a professional cyber workforce, and establish a unified operations
center capable of coordinating between ministries and security agencies. He
also underscored the importance of regional cooperation, noting that Arab
states with advanced cyber capabilities could be natural partners. “If Iraq
fails to operationalize its strategy, it risks becoming a soft target in the
Middle East — a testing ground for cyber weapons wielded by both states and
non-state actors,” he warned.
Over the medium term, according to Dr. Awada, cyber defense will become
as vital to Iraq’s sovereignty as its traditional military power. “Without
urgent reforms, the country risks being caught in the crossfire of regional
cyber conflicts, with attackers exploiting weak infrastructure at minimal
cost.”
Written and edited by Shafaq News staff.
