Fundamentals of national information security
A number of documents developed by the Security Council of the Russian Federation with the help of the expert community and approved by presidential decrees are devoted to the basics of national information security. Doctrines, concepts, strategies consider various aspects of modern digital reality, new threats, measures to counter them and the direction of activity of the state, which is strengthening its geopolitical positions.
National information security concept
National information security is a complex concept, differently disclosed in various public documents, textbooks, and expert articles. It is not limited only to the information security of the state, its organs, the spheres of defense and domestic policy.
The information security doctrine considers the balanced interests of the individual, society and the state as an object of protection. Without the protection of the informational interests of the individual and the citizen, it is impossible to perceive the state as a subject of a social contract and a bearer of sovereignty, without which the protection of citizens is impossible. Also within the concept is the protection of the information infrastructure, carried out by software, physical and technical means, ensuring the security of scientific developments and know-how.
Thus, national security in the digital space, including ensuring the information security of an individual, society, state and infrastructure, is understood as the state of protection of the information environment, which guarantees the observance of the rights and legitimate interests of the individual, society and the state in the information sphere, when their protection, implementation is fully ensured. and opportunities for development regardless of the quantity and quality of internal and external threats.
The 2016 Information Security Doctrine adds that in a situation where national information security is ensured, a society is created in which:
- there is an unhindered and full realization of constitutional human rights;
- a high standard of living is ensured;
- sovereignty, territorial integrity and intensive economic development are protected;
- threats to the defense and security of the state are promptly and fully reflected.
You can assess the state of security by objective characteristics. A developed national information security system is determined by the following main parameters:
- the ability of the state and public authorities to ensure the safety and integrity of information resources and the unimpeded movement of information flows required for the normal functioning of state and public systems;
- the ability to adequately resist all types of threats arising in the national and international information field, including threats to the information infrastructure, financial and credit system, computer networks, ensuring the security of scientific developments;
- the ability in the information field to resist the psychological impact on citizens and other states aimed at undermining internal stability and deteriorating the country's image in the international arena;
- the realized intention to develop in citizens and organizations the skills to independently resist information threats, the ability to use all modern software and hardware for this;
- constant readiness to resist any types of threats, including those created with the help of the latest technologies, ensuring the security of our own protection tools.
At the heart of national information security are technical, software and scientific resources, which, on the one hand, are themselves the object of protection, and on the other hand, ensure security. Increasing the capacity of this resource is becoming one of the main tasks of the state in the digital era.
The modern digital world and its impact on national security
Over the past few decades, the world has completely changed, and most communications, financial transactions, information archives have made it to the Internet. This has increased their accessibility to third parties compared to the era of only tangible media, and, accordingly, vulnerability has increased along with accessibility.
The interests of the individual and society, expressed in the safety of information or in protection from destructive information impact, are constantly exposed to threats, which are based not only on commercial, but also on psychological or ideological interests.
The interests of states in the field of information security, in turn, are also under attack not only by hacker groups, but also by individual states. The doctrine of information security, adopted in 2016, lists among the threats the desire of individual states to dominate the international information field. This is expressed not only in a systematic decrease in the importance of international organizations, including in the non-recognition of the importance of the documents of international law adopted by them in the field of information security, but also in concrete actions.
Information technologies today have acquired a global cross-border character, which makes it impossible both to regulate them at the national level and to accurately identify sources of threats.
Russia's interests in the digital world
Constant analysis of the changing situation in the digital world influences the vector of the direction of politicians' efforts. In this situation, Russia's national interests in the information sphere, both domestic and international, become:
- ensuring human rights and freedoms, his personal interests in the information sphere;
- informational support of democratic institutions and civil society;
- ensuring trouble-free information interaction between a citizen, society and the state;
- application of information technologies to preserve national identity, values and traditions;
- safe and uninterrupted operation of information infrastructure and power grids (both in peacetime and in wartime), necessary to ensure national security;
- development of information technologies and electronic industry in the country;
- bringing to the attention of the world community Russia's position on certain geopolitical issues;
- influence on the activities of international organizations, including those making decisions in the field of security.
They are not directly named in the Doctrine, but they imply such interests as maintaining economic and financial stability, preventing the influence of the incorrect use of information technologies on economic growth.
Types of threats
The information threat system has changed significantly in recent years. In addition to hacker groups and terrorist organizations, as well as traditionally opposing foreign intelligence organizations, extremist organizations and destructive sects, often also directed by intelligence services, have begun to generate threats. Threats intensified, attempts to intercept control of critical infrastructure facilities, encroachments on state information resources and networks became more frequent. Actions aimed at undermining Russia's authority in the international arena have become an independent problem.
The growing threats to national security are caused by such factors as:
- the desire of individual states to use the software and technological advantage to dominate the international information space;
- strengthening of actions aimed at manipulating the psychological state of citizens, their committing actions associated with an encroachment on the sovereignty, territorial integrity and internal stability of the Russian Federation;
- pressure on the Russian media, deliberate deterioration of the image of Russia, creation of an image of an enemy for the American and European public.
The fundamentals of national information security serve as the basis for the further development of scientific technologies, strengthening Russia's presence in the world, enhancing its role in the development of international law.
National information security system
Ensuring national information security is entrusted to the following services and organizations:
- The Security Council of the Russian Federation, developing key documents, ensuring their implementation and monitoring the results of actions;
- The Ministry of Defense in terms of repelling threats to national security arising in the military sphere, in terms of impact on the information defense infrastructure and in terms of ideological impact aimed at reducing the morale of the army;
- internal security agencies in terms of repelling information threats aimed at the growth of separatism, extremism, undermining internal stability;
- state bodies that set standards in the field of information protection, security of information flows, including in terms of the use of technical means (Roskomnadzor, FSTEC, FSB);
- a business entrusted with the task of import substitution in terms of the production of digital equipment and components for it;
- scientific organizations, which are responsible for the development of new technologies and software products;
- civil society, designed to raise awareness of citizens in the field of their personal information security.
All participants in the processes of ensuring information national security in the digital world must work in cooperation, feeling each other's needs and changing market conditions. Overall planning and strategy is the responsibility of the Security Council and the President, to whom the head of the department regularly reports on the national security situation.
The unified information security process is a continuous and interconnected application of preventive, protective and position-strengthening measures of the following nature:
- technical, in particular undertaken in the field of control over the Russian sector of the Internet, import substitution in terms of software, increasing the level of protection of critical infrastructure facilities. An example is the defense of the state system "Vybory", which repelled several million DDos attacks on the night of vote counting;
- organizational, including the adoption of regulatory legal acts, certification of software, maintenance of their registers;
- produced in the field of ORD, for example, the identification of internal hacker groups or extremist communities;
- analytical, conducted by the forces of society and the state;
- advocacy undertaken both domestically and internationally;
- international legal, in particular, the impact on the process of adoption of UN documents and other organizations operating in the field of information security at the international level;
- personnel. To date, a shortage of qualified personnel in the field of IT security has been identified, measures are being taken to train professionals in this area;
- financial and economic, especially in terms of investment in the development of information technology;
All measures should be aimed at reducing the level of threats, predicting new risks, repelling attacks, eliminating their consequences, building up technical, ideological and informational potential, ensuring information security of the Russian Federation, citizens and society.