State doctrine of information security

 
Apply for SearchInform DLP TRY NOW

The Doktrina of Information Security of the Russian Federation, published at the end of 2016, is a statement of the system of official views on the place of Russia in the modern information world, on threats to its sovereignty and the means by which it is supposed to build communication of states in a digital society. The document focuses on protecting the interests of the country, society and citizens. Its development and definition of key issues of the information policy of the Russian Federation were carried out by the forces of the Security Council of the Russian Federation.

History

The previous version of the information security doctrine of the Russian Federation was adopted in 2000. It became invalid as a result of a presidential decree approving a new version of the document. The first version was born in difficult conditions, in the wake of the end of the Chechen war and the conflict with NTV, and it reflected the realities of the time when information turned out to be a means of war and the manipulation of data and people. Over the past 16 years, a lot has changed in the world, most communications have shifted to the digital environment, electronic media have largely outstripped print and television, there is a significant risk of hacker attacks on infrastructure, both industrial and banking.

All these realities are reflected in the new Doctrine of Information Security of the Russian Federation, which was developed by the Security Council of the Russian Federation from April to November 2016, taking into account the opinion of the largest experts in information security. The document came into force the day after it was signed by the President, December 6, 2016 , and caused a positive reaction in the society and the expert community. The doctrine created the conceptual basis for the country's presence in the field of international information security.

In line with the state policy of protecting information interests, two more fundamental documents were adopted in the period from 2013 to 2016.

Fundamentals of the state policy of the Russian Federation in the field of international information security for the period up to 2020

The document was adopted in 2013 . He outlined the main threats to world stability in the field of informatization and digital technologies, and concretized a number of provisions of the National Security Strategy and the Foreign Policy Concept. The document highlighted the accents in the role of Russia in the formation of a general concept of international information policy and the preservation of geopolitical stability. The need for an international fight against terrorism and criminal attacks on the property of citizens and organizations, carried out with the help of information technologies, was brought to the fore.

In the document, Russia committed itself to combating the use of such technologies for military-political purposes, violations of international law with their help, and infringements on the sovereignty of individual members of the international community. The second goal in the document was the obligations of Russia to develop and adopt within the framework of the UN fundamental documents that should establish rules common for all states to combat international cybercrimes, as well as universal ethical standards for the safe use of information technologies.

National Security Strategy

One of the key concepts of the document, approved in 2015 and reflecting all issues of the national security of the Russian Federation in the field of information, was to overcome dependence on foreign components and software. This is especially important for information and communication, industrial or critical infrastructure facilities that have a significant impact on the environment, which should be managed practically without the use of foreign information technologies.

Purposes of Doctrine Adoption

The purpose of the state policy in the field of information is to protect sovereignty from any external and internal threats, to ensure the information security of the Russian Federation from encroachments by foreign states and international terrorist organizations. But since the drafters of the document extended its action to the interests of society and the state, a significant part of the text reflects the provisions concerning citizens and business. The modern information world every year increases the level of threats that encroach on the integrity of the country, its property and citizens.

The information security doctrine of the Russian Federation has created a new weapon that can be successfully used to protect common interests, experts say. Today, as noted in the Doctrine, the current situation with the allocation of resources through which the Internet is governed cannot guarantee fair joint management of these resources based on the principles of trust. Therefore, the main, but not directly named goal was the establishment of complete control over the Russian sector of the Internet.

The strategic goals of adopting a document dedicated to ensuring information security and international cooperation in the information sphere were:

  • protection of the country's sovereignty, its territorial value;
  • prevention of military conflicts that may arise when using information weapons;
  • ensuring political and social stability, combating ethnic conflicts;
  • ensuring the observance of human rights and freedoms;
  • protection of critical information infrastructure, the objects of which often become the target of encroachments, attempts to intercept control of these objects have also been repeatedly recorded.

In addition to ensuring national security, protecting constitutional human rights and freedoms and critical infrastructure facilities, the Doctrine of Information Security of the Russian Federation provides a basis for guaranteeing the security of the industrial and credit and financial sectors against targeted hacker attacks that infringe on the property of entrepreneurs and citizens. This problem is solved by setting standards that define technical means of protecting infrastructure and information networks. The executors of the provisions of the document are named:

  • government departments;
  • The Ministry of Defense and the FSB;
  • business in terms of import substitution in the field of components and software, creation of a national system of competitive information technologies;
  • scientific and educational institutions.

A serious task is assigned to civil society in terms of repelling encroachments on the foundations of national ideology and traditional values.

Objects of protection

The balanced interests of the individual, society and the state have become a single object of protection. They are supposed to be protected in various spheres in which these entities interact with each other and with foreign organizations that have set as their goal to negatively influence these interests. Areas include:

  • defense;
  • domestic politics and national stability;
  • economic;
  • scientific and educational. The state policy for the protection of internal scientific research and development sees scientific research in the field of IT technologies as one of the objects of protection;
  • information and media sphere. The Russian media are often targets of attacks of both technological and ideological nature;
  • spiritual.

An analysis of state policy in all these areas of information security shows that in each of them separate material objects are identified that are subject to protection. These include:

  • premises in which information arrays are stored on electronic or material carriers;
  • infrastructure objects, networks, communications;
  • directly informational arrays;
  • scientific developments, patents, know-how.

Significant attention in the Doctrine of Information Security is paid to protecting the interests of citizens in the process of processing their personal data provided to companies and government agencies.

Risks and threats

Since the adoption of the first doctrine, the range of threats has expanded significantly, and the risks arising in the field of digital technologies and telecommunications networks have come to the fore. Cyberwar has become a daily concept in diplomacy and international relations. The Doctrine of Information Security of the Russian Federation identifies threats to sovereignty, stability, internal politics, society and individuals. Among them:

  • strengthening by some states of influence on the technical infrastructure of the Russian Federation for military purposes;
  • informational and psychological impact on citizens, aimed at undermining sovereignty and internal stability. The informational impact is mainly on young people. The risk of erosion of traditional values in this situation leads both to the departure of young people to extremist organizations and to joining destructive communities;
  • deliberate deterioration of Russia's image in the international arena, deliberate undermining of the authority of Russian information resources, for example, the Russia Today agency. In this respect, the doctrine of information security of the Russian Federation reflected the realities that developed in 2016, when the European Union adopted a resolution in November on countering the work of the Russian media.

The threats to the information security of the Russian Federation differ from those considered in the previous version of the document. The risk of a monopoly on the creation and distribution of information messages was completely eliminated. He got into the Doctrine of information security of the Russian Federation in the wake of the conflict with the NTV television channel, which previously belonged to the oligarch Gusinsky and openly opposed itself to the state. After eliminating a serious but isolated situation, the risk has exhausted itself. The emergence of not only a multitude of independent news agencies but also electronic media has created a diverse and competitive news landscape.

The lag of the Russian Federation in the development of modern information technologies, the weakness of scientific institutions, and the lack of research of a breakthrough nature are named as a separate systemic threat. They become all the more dangerous, coupled with the dependence of the Russian electronics industry on foreign components and technologies. Foreign software used in many spheres of the economy makes Russia dependent on those countries that claim to dominate the geopolitical arena.

An increase in the activity of international and foreign national organizations carrying out technical intelligence in relation to the Russian defense complex, government agencies, scientific organizations conducting significant research was noted as an important factor.

Control methods

The state policy of countering threats is based on the concept of their prevention. The main task is to conduct an independent and independent policy in the national and international information space, in which the implementation of the country's own interests, including its citizens and business, becomes the center of application of forces. Therefore, the conceptual tasks within the framework of the implementation of the Doctrine of Information Security of the Russian Federation are:

  • formation of an international information security system;
  • creation of international legal mechanisms regulating the use of information technologies;
  • promoting Russia's position within the framework of the activities of international organizations, primarily in the UN;
  • development of a national Internet governance system;
  • import substitution in the production of components and technologies.

Application

Any system of views adopted at the state level becomes the basis for the development of laws and bylaws. Almost immediately after the release of the Doctrine, work began on the law on critical information infrastructure facilities, which entered into force in early 2018. As part of stimulating the development of domestic software and eliminating dependence on foreign developments, protectionist measures were taken, which prompted government customers to purchase precisely national software products. This solution partially solved the problem of import substitution. In parallel, a bill was introduced to the State Duma on amending the Criminal Code of the Russian Federation, which increases the punishment for cybercrimes aimed at the infrastructure of the state, up to 10 years in prison. So far, the deputies have not adopted these changes to Article 159.6 of the Criminal Code of the Russian Federation.

Monitoring of the application of the provisions of the Doctrine of Information Security of the Russian Federation is carried out by the Security Council of the Russian Federation. Based on the analysis results, its head makes an annual report to the president.

The application of the Doctrine of Information Security of the Russian Federation in practice and the adoption of regulatory acts on its basis are intended not only to protect Russia's position in the modern world, but also to enable an active presence in the information space on an equal footing with those states that previously claimed dominance in this area. The strategic adversary uses not only software in the information warfare, but also hardware, components and ideological concepts developed by his intelligence services and controlled media aimed at undermining the psychological and moral foundation of Russian statehood. Information protection of citizens and society becomes the task of the State Doctrine.