New doctrine of information security of the Russian Federation
With TERM digital reality defines the features of Russian politics. The information security doctrine of the Russian Federation is a fundamental document formalizing official views on Russia's national interests and strategic goals in the digital world. It was adopted in 2016. Its development was entrusted to the Security Council of the Russian Federation, which prepares an annual report to the president on the results of the implementation of the main provisions of the document in practice.
National interests in a changed world
It is impossible to build a concept of national identity and protection of sovereignty without defining Russia's global interests in the electronic world. As threats become global and not localized in any country, the interests of the state shift from the domestic to the international arena. Some tasks of global information security can be solved only at the geopolitical level.
Among the main interests covered in the State Doctrine of Information Security of the Russian Federation:
- protection of the constitutional rights of the individual, including protection from information threats, the rights to preserve the confidentiality of personal data, the rights to privacy and safety of property, which are often infringed with the use of computer technology;
- support for democracy and national institutions of civil society;
- preservation of the moral values of the peoples of Russia, their history, culture and religion, protection from falsification of history;
- stable and uninterrupted operation of the information infrastructure, especially objects included in the register of critical;
- development of information technologies and electronic industry in Russia, deepening of scientific research in this area;
- informing the international community about Russia's opinion on geopolitics, international law, events important for humanity as a whole;
- the formation of an international information security system, the fight against cyber threats, the development and adoption at the level of key organizations (UN, CSTO, SCO) of documents on international information security, relevant for the whole world.
These tasks are global in nature, and the Doctrine describes how they are planned to be implemented. A very important issue is creating a space for disseminating only reliable information, preventing the distortion of actual events under the influence of foreign states and organizations. The use of inaccurate information is becoming an independent type of weapon used to encroach on the stability of domestic politics.
What to watch out for
The Doctrine of Information Security of the Russian Federation, developed taking into account the changed realities, notes that the development of information technologies is simultaneously a key factor in economic growth and an increase in the quality of work of ministries and departments and creates new threats to information security of a global nature. Active cross-border traffic of information, which does not have obstacles in national legislation, is used to achieve various goals, including:
- military, often implemented contrary to international law;
- terrorist related to the arms trade;
The Doctrine notes that the active and ill-considered introduction of information technologies without ensuring a high level of security contributes to the manifestation of the risks of data leaks in a larger volume, especially in the economic environment.
At the national level, the Doctrine identifies the following main threats:
- increasing the potential of foreign states in the field of information technology, used to influence Russia's key infrastructure for military purposes;
- an increase in the use by the intelligence services of these countries of means of information and psychological influence on the citizens of the Russian Federation to undermine internal stability;
- active criticism of Russia in the Western media, undermining its authority in the international arena, opposition to the work of the Russian media;
- strengthening the impact on young people, aimed at devaluing moral and ethical values, involving them in the activities of destructive entities;
- the use of information media and resources by extremist groups to incite ethnic and religious hatred;
- an increase in the number of crimes in the field of computer technology, primarily in the field of financial and credit relations.
The set of actions by foreign states is aimed at undermining Russia's sovereignty and strengthening its own geopolitical positions. Also, these actions are performed for the purpose of unfair competition in world markets.
The slow development of domestic information technology and electronic industry is becoming an independent threat. Along with it, in Russia there is a lag in scientific research and education, a weak personnel potential, a low level of training of IT specialists. From the point of view of human rights, the information security of an individual is threatened due to the lack of awareness of citizens regarding the real dangers and their capabilities to protect their rights and interests.
Within the framework of the identified threats, the Doctrine of Information Security of the Russian Federation determines the goals that can be achieved through the implementation of the provisions laid down in the Doctrine.
The document refers to these strategic objectives:
- in the field of defense - the protection of the interests of the individual, society and the state from any encroachments of a military-political nature, damaging the sovereignty and geopolitical stability of Russia. The means for achieving this goal are strategic deterrence, improving the information security system, predicting threats, neutralizing psychological impact, protecting the interests of Russia's allies in an ideological war;
- in the field of domestic politics - protection of sovereignty, support of social and political stability, countering threats posed by extremist organizations, protection of critical information infrastructure. Among the means used are counteraction to hostile ideology, suppression of crimes committed in the field of information security, strengthening the protection of information infrastructure;
- in the economic sphere - minimizing the negative impact of information factors on the development of the economy, on the development and implementation of new computer technologies, as well as increasing the competitiveness of the Russian electronics industry and the sphere of software development;
- in the field of science and technology - increasing the quality of research and development, building human resources.
The systematic implementation of these goals should lead to ensuring the information security of the Russian Federation in full.
Comparison with the previous version of the document
The new Doctrine of Information Security of the Russian Federation, which entered into force on December 6, 2016, has significant differences from the previous version of the document, which was adopted in 2000. Experts note that the concentration of the main provisions of the document around the strategic interests of the country, and not around threats, has made it possible to achieve a more clear, integral and systematic presentation of the security concept.
Information technology in the 2000 version was seen as a factor whose influence on domestic and foreign policy is growing. In the new edition, they are no longer viewed as a factor, but as an environment in which the realization of national interests takes place.
Among the completely new conceptual provisions of the Information Security Doctrine:
- the need for import substitution in the electronics industry and in the development of software products;
- the emergence at the normative level of the concept of critical information infrastructure;
- countering cyber attacks.
The risks associated with monopolization of the media, sources of formation and dissemination of information messages, have completely disappeared from the Doctrine. The development of a network of news agencies and Russian electronic media has reduced the significance of this threat to the national security of the Russian Federation. Also, in the previous version of the document, attention was focused on the insufficient legal regulation of the field of information technology and information security. Over the past years, dangerous gaps in legislation have been closed by adopting system-forming laws, for example, "On Information", "On Personal Data", and by-laws that determine the methodology for their application.
A significant innovation was the emergence in the Doctrine of new entities, in addition to state authorities, who are entrusted with the tasks of ensuring national information security. It:
- owners of critical information infrastructure facilities, their tenants or legal entities operating them on other legal grounds;
- print and electronic media;
- financial market participants;
- telecom operators and internet providers;
- owners and operators of objects that are part of information systems;
- educational and scientific organizations working in the field of information security;
- public associations operating in the field of civil society.
All of them play their role in ensuring national interests, as well as protecting the rights and freedoms of the individual.
Organizational foundations and ways of implementing the provisions of the Doctrine
The implementation of the new Doctrine of Information Security of the Russian Federation occurs at three levels: regulatory, economic, and organizational. In each of the directions, vectors of intensified and accelerated development are distinguished, which make it possible to realize priority national interests.
In the field of legislative activity in the areas of information security, a course was taken to identify individual objects of protection. Thus, a law was passed on critical infrastructure facilities. He established norms and rules that define the requirements for information security of these objects.
A more detailed methodology in the field of applicable technical means of information protection was determined by the orders of the FSTEC of the Russian Federation.
Another important document was the law on fake news. Its adoption should ensure that only reliable messages enter the information environment, prevent the use of the media and the false messages published in them to destabilize the situation in Russia, fanning ethnic and religious discord.
The strategy of import substitution in the production of components for the electronics industry and software products is based on the need for autarky, or complete independence, in the critical area of information security.
Lack of independence was not the only reason for striving for import substitution. For Russian government agencies and businesses, the danger is posed by the shortcomings of foreign software products that reduce the level of security, or options initially “hard-wired” into them that create risks for users. Given that these vulnerability factors and additional options are known to the intelligence services of the strategic enemy, the issue of import substitution is becoming critically important in ensuring the international information security of the Russian Federation.
Thus, some types of processors were banned for purchase by the Ministry of Internal Affairs or the Ministry of Defense. Import substitution, just named in the 2000 version of the Doctrine, came to the fore in the new one. In order to implement this part of the strategy, preferences are created for domestic developers of software products and information security tools, including with participation in government orders.
As part of the strategy implementation, decisions were made to support companies:
- providing services in the field of information security for the Russian Federation as a whole, and for business and citizens;
- developing and manufacturing software and hardware for information security;
- public and private institutions and organizations carrying out scientific and educational activities in these areas.
Creation of favorable conditions for the activities of Russian IT companies is becoming one of the main economic methods of implementing the provisions of the Doctrine of Information Security of the Russian Federation. Achievement of this goal is facilitated by grants for development, creation of innovation centers and clusters, preferential tax regimes for companies-residents of accelerated development zones.
Russian products in the field of information security, thanks to their improved quality and reliability, have already become an export item.
Among the most important organizational measures dedicated to the implementation of the provisions of the Doctrine of Information Security of the Russian Federation, one can single out the creation of a unified state management system in this area. The following tasks have been set for state bodies:
- strengthening the management vertical, centralizing decision-making actors at all levels of government, as well as bodies exercising control over critical information security facilities, operators of systems and communication networks in Russia;
- increasing the level of cooperation and interaction of all forces, services and state bodies responsible for ensuring information security, including through conducting exercises;
- improving analysis tools and deepening scientific research in the field of information security;
- involvement of representatives of business and civil society in solving issues of ensuring national information security.
Among the projects already implemented in Russia are the following:
- "GosSOPKA" is a system for preventing, detecting and eliminating adverse consequences of attacks on information systems. On the basis of the presidential decree, the coordination centers of "GosSOPKA" are created on the basis of both state bodies and corporate systems. The FSB of Russia is responsible for the project. All owners of critical information infrastructure objects must connect to the system;
- FinCERT is a division of the Central Bank of Russia, which is responsible for protecting information systems of financial institutions from hackers;
- APK "Safe City" - hardware and software complex, is an information system designed to significantly reduce the number of technogenic and information-induced accidents in the urban environment;
- creation of a system of distributed situational centers.
In addition to the above, tasks such as:
- building human resources. Russia already needs about a million specialists in the field of information technology and information security;
- implementation of the strategy of the sovereign Runet. The bill is still under discussion.
The implementation of the provisions of the new Doctrine of Information Security is designed not only to protect the information infrastructure of the Russian Federation from encroachments, and business and citizens from infringement of their interests, but also to strengthen Russia's influence on geopolitical processes based on international law.