Jordan’s NCSC Greenlights 2025-2028 National Cybersecurity Strategy to Elevate Regional Digital Security

Jordan’s National Cyber Security Centre (NCSC) approved a new 2025-2028 National Cybersecurity Strategy on Thursday, aiming to fortify the nation’s digital resilience, foster economic growth, and position Jordan as a regional cybersecurity hub. Timely, strategic, and measurable, the plan sets out clear goals, timelines, and partnerships-crucial moves amid rising cyber threats worldwide.

On Thursday 12 June 2025, Jordan’s NCSC formally approved its National Cybersecurity Strategy 2025–2028, as reported by the Jordan News Agency Petra. The initiative is described as a “comprehensive” national plan designed to support Jordan’s evolving cybersecurity framework and digital modernization efforts.

The strategy articulates Jordan’s ambition to establish a secure, resilient, and trusted cyberspace-backed by national capability-building and aligned with economic transformation goals.

Pillars and Monitoring Framework

Four Strategic Objectives

According to Petra, the strategy is structured around four primary objectives and 14 sub-goals, delivering initiatives through defined timelines and performance metrics.

Specifically, it aims to:

• Build cybersecurity capabilities across public and private sectors.
• Enhance digital service security for individuals and government entities.
• Attract global cybersecurity services and investment.
• Position Jordan as a leading regional hub in cybersecurity innovation.

MEA and Global Context

Regional Readiness and Comparative Posture

Jordan’s East Mediterranean neighbors have pursued similar strategies in recent years, yet Jordan distinguishes itself through precise implementation frameworks and private-sector partnerships.

In Africa, RSA and Kenya have ramped up national cybersecurity blueprints, but Jordan’s 2025–2028 strategy stands out for its ambitious roadmap and alignment with digital-transformation goals. Its emphasis on security, resilience, transformation, and partnerships reflects global best practices.

Governance, Training & Capacity Development

Institutional Partnerships

Implementation will be overseen by the NCSC in collaboration with ministries, sectoral agencies, and private organizations. A notable feature is the performance-tracking mechanism, which includes periodic reviews and defined accountability.

Capacity Building

Under Jordan’s National Cybersecurity Framework, the initiative targets the integration of penetration testing, third-party risk management, and awareness programs across at least 100 government institutions by 2025. It also includes licensing mechanisms for cybersecurity services providers.

Technical Cooperation & Sector Initiatives

Sector-Specific Strategies

On March 2025, Jordan introduced a companion Energy Sector Cybersecurity Strategy (2025–2028) aligned with the national strategy, targeting OT/IT convergence, SOC capacity, and training.

Workplace Standards and SLAs

Guidance issued by the NCSC emphasizes adherence to Jordan’s Personal Data Protection Law (PDPL) and GDPR, mandatory incident-response plans, and third-party Service Level Agreements with cybersecurity vendors.

Expert Commentary

NCSC President Bassam Maharmeh observed that the strategy will “enable national digital transformation… and enhance Jordan’s reputation as a security haven” by attracting investment.

Jordan Strategy Forum CEO Nisreen Barakat expressed pride in collaborating with the NCSC, emphasizing “the forum’s commitment to enhancing the cybersecurity system in Jordan.”

Technical Deep‑Dive: MITRE & TTP Integration

Technical Panel: Cyber Defense Enhancements
- Governance & Policy: NCSC will enforce NIST/ISO-aligned frameworks, encompassing roles, responsibilities, and cyber risk taxonomy.
- Security Operations: Build Security Operations Centres (SOCs) across critical sectors including energy, alongside En-CERT for cross-sector coordination.
- Training & Culture: Annual training, board-level engagement, and OT-focused capability building within the workforce.

Actionable Takeaways for CISOs & Security Leaders

1. Map National Objectives to Agency KPIs – Align internal cyber roadmaps with national priority areas.
2. Adopt International Standards – Integrate ISO/NIST alignment and pentesting regimes.
3. Establish SOC Functions – Consider centralized or cross-sector SOC development.
4. Forge Vendor SLAs – Enforce incident-response expectations in cybersecurity services contracts.
5. Strengthen OT Security – Apply rigorous safeguards and segmentation for critical infrastructure.
6. Plan for Emergencies – Test backup and disaster-recovery functionality against cyber incidents.
7. Invest in Workforce – Develop cybersecurity talent, including OT specialists.
8. Report and Measure – Define performance indicators and schedule progress reviews.
9. Legal & Compliance – Ensure PDPL and GDPR adherence, particularly on data privacy mandates.
10. Encourage Innovation – Support domestic cybersecurity startups through funding and pilot programs.

Conclusion

Jordan’s NCSC has cemented the nation’s cybersecurity ambitions with its 2025–2028 strategy, reflecting global cybersecurity trends toward integrated, performance-driven defense postures. With tight alignment to international standards and focus on private‑sector collaboration, Jordan is set to become a Middle East cybersecurity leader. Effective execution over the next four years will determine its success against evolving digital threats.

Sources

• Jordan Times / Jordan News Agency (Petra) – Strategy launch, 15 July 2024 (jordantimes.com, ncsc.jo, en.ammonnews.net)
• Petra.gov.jo – National Training Plan and Framework, 03 February 2025 (petra.gov.jo)
• NCSC Energy Sector Strategy – March 2025
• Ammon News – PDPL, GDPR compliance measures, 5 months ago (en.ammonnews.net)