Shafaq News

The Iraqi National Cybersecurity Center on Saturday denied reports of widespread cyberattacks on government platforms, insisting that only a limited number of institutions were affected without any disruption to essential services.

Officials stressed that critical networks remain under “full control” and that technical teams are working continuously to strengthen defenses. While the statement sought to calm public fears, it raises a deeper question: how prepared is Iraq to confront escalating cyber threats in an era where national security increasingly depends on digital resilience?

The Center admitted that “outlawed groups” had attempted to infiltrate state systems but dismissed social media leaks as “old and misleading.” Authorities also warned that those who amplify false narratives would face legal consequences.

International rankings underscore the country’s vulnerability. According to the Estonia-based National Cyber Security Index, Iraq stands at 105th globally, with a digital development level of just 22.86 percent. On the Global Cybersecurity Index, the country was ranked 129th in 2019, briefly rose to 107th in 2020, and then fell back to 129th in 2021, trailing behind most Arab states including Syria, Libya, and Sudan.

In the 2024 edition of the same index, Iraq was classified in Tier 4, the lowest category, with a score of around 53.1. This assessment highlighted deficiencies in legal frameworks, technical defenses, and capacity-building, all of which expose critical infrastructure, government services, and electoral processes to potential espionage, sabotage, and disruption.

The Iraqi Digital Media Center argues that such setbacks reveal not only technical shortfalls but also the absence of a sustained national commitment. As it emphasizes, protecting citizens’ data is inseparable from safeguarding the state itself.

Yet Iraq has taken important steps to establish a national strategy for cybersecurity. The first national incident-response team was created in 2017, followed by the drafting of policy frameworks in 2020. In December 2022, the Ministry of Interior approved the country’s first cybersecurity strategy, which paved the way for the establishment of the Cybersecurity Directorate. In 2025, the Ministry inaugurated the first fully fledged Cybersecurity Center, marking what officials described as a historic step in integrating cyber defense into the national security system.

In an interview with Shafaq News, Brigadier General Dr. Hassan Hadi Latheeth, head of the Cybersecurity Directorate, described the development as a “structural transformation in Iraq’s internal security, moving beyond traditional defenses to meet the realities of a digital battlefield.”

Since its creation, the Directorate has identified 166 vulnerabilities in government websites and monitored more than 330 cybercrime activities. It has also launched Iraq’s first nationwide cybersecurity competition and trained nearly 9,400 personnel across the security and civilian sectors. Still, Latheeth cautioned that challenges remain daunting. “Artificial intelligence–driven attacks are evolving faster than our policies, and limited budgets make it difficult to retain top talent. If we do not keep pace, we risk losing this battle before it starts,” he said.

Despite these advances, legislative shortcomings continue to undermine Iraq’s cyber posture. The country still lacks a dedicated data protection law and relies on outdated frameworks such as the 1951 Civil Code and the 1969 Penal Code to prosecute modern cybercrimes. A draft Information Crimes Law has languished in parliament since 2011, blocked by political disputes and widespread fears that it could curtail online freedoms. Without a clear legal basis, state institutions and private companies remain exposed, while courts struggle to pursue offenders effectively.

This fragile environment is accentuated when compared to regional peers. Gulf states such as the United Arab Emirates and Saudi Arabia have invested heavily in cyber defense and rank among the global top twenty, while Iran has developed sophisticated offensive and defensive capabilities as part of its broader regional strategy. By contrast, Iraq’s cyber defenses remain fragmented and reactive, leaving the country susceptible not only to criminal actors but also to the strategic ambitions of neighboring states and transnational groups.

Read more: Brainpower and bytes: Iraq's race for AI supremacy

Educational technology researcher and web developer, Dr. Mohammad Awada, told Shafaq News that Iraq’s dilemma is not the absence of vision but the weakness of implementation. “Iraq does have a national cybersecurity strategy, but strategies alone do not protect critical infrastructure. What matters is enforcement — through modern legislation, institutional independence, and investment in human capital,” he said.

Dr. Awada stressed that Iraq must urgently close its legislative gaps, develop a professional cyber workforce, and establish a unified operations center capable of coordinating between ministries and security agencies. He also underscored the importance of regional cooperation, noting that Arab states with advanced cyber capabilities could be natural partners. “If Iraq fails to operationalize its strategy, it risks becoming a soft target in the Middle East — a testing ground for cyber weapons wielded by both states and non-state actors,” he warned.

Over the medium term, according to Dr. Awada, cyber defense will become as vital to Iraq’s sovereignty as its traditional military power. “Without urgent reforms, the country risks being caught in the crossfire of regional cyber conflicts, with attackers exploiting weak infrastructure at minimal cost.”

Written and edited by Shafaq News staff.