Strategic goal of the information security doctrine of the Russian Federation
The introduction of information technology into all spheres of life has led to the need to create effective systems for data protection. By order of the head of state dated December 5, 2016, the Doctrine of Information Security of the Russian Federation was put into effect. The document details the ineffectiveness of previous actions and the strategy for the future.
The doctrine describes the general requirements for ensuring information security. Taking into account its norms at the level of enterprises, organizations, companies, special methods are used, depending on the characteristics of a particular industry. Market relations have led to the emergence of new methods of information communication on the market, which leads to huge risks associated with theft of information and its use for illegal purposes. Therefore, work in the direction of information security requires the introduction of constant monitoring of automated information exchange systems.
Insufficient control over the activities of IT structures, negligence and illiteracy of workers pose a threat to the economy at the state level in general and in relation to each individual enterprise in particular. There is a constant increase in the number of viruses and hacker attacks.
The updated Doctrine ensures compliance with security requirements, the implementation of its norms helps prevent possible threats in the information sphere of the Russian Federation.
Strategic goals and key directions of the Doctrine
Analyzing the strategic goals, there are several main directions. It is planned to focus on the production of its own means of protection, improving the quality of services. Domestic developments should allow bringing Russian goods and services to the foreign market, and their quality should not be lower than that of foreign manufacturers.
The government considers it necessary to stimulate and support in every possible way research and new developments in the IT field at all levels. It is important in the future to use them as much as possible, which will gradually reduce dependence on similar foreign products. Of particular importance is countering the actions of intruders in the defense segment, minimizing the manipulation of false information, and protecting against influences that change the consciousness of society, leading to the emergence of hostility and conflict situations.
In the scientific industry, it is considered preferable to introduce new progressive developments designed to put the information technology system at a higher level. At the same time, cooperating with foreign partners, it is necessary to participate in the formation of an international information security system, protecting the sovereignty of the Russian Federation.
Information security at different levels of representation means the preservation of political interests, consisting of the interests of the country, a particular society and a private person in the field of information technology.
The first part of the Doctrine explains the meanings of terms related to information technology. The structure of the information technology system of the Russian Federation is described.
The current Doctrine is a complex of official views on the current state of affairs and the future development of the IT sector based on the norms of the Constitution of the Russian Federation. The document was supplemented with information on strategic goals and key areas of implementation of information security. On the basis of the Doctrine, the government forms its future policy.
According to this document, the state sets itself the following goals:
- Protection against illegal access to data exchange resources. To prevent dangerous situations, resources must be constantly improved, to promote the use of a data protection system manufactured by domestic companies.
- Development and growth of our own information technology industry. The key actions are to ensure demand for domestic products, stimulate their promotion to the markets of other countries, strive to take first places among countries in the development of the information technology industry. To achieve this goal, authorities at different levels must provide comprehensive support for research, development, and encourage manufacturers to release goods and services that can compete with foreign counterparts.
- Reporting to the population of the Russian Federation and residents of other countries of the state's position in the field of security in the original state corresponding to reality.
- No harassment of human rights and freedoms related to the use of information technology. The realization of the goal is ensured by the removal of restrictions in the work of the media. Every citizen should be protected in his / her right to intellectual property, private and family life, confidentiality of personal data. The regulation covers the popularization of information that can cause conflicts among the population. The use of information resources should be as effective and beneficial as possible.
Possible threats and their causes
The doctrine provides specific examples of the negative consequences of factors affecting the protection of the IT sector.
Among the new threats named:
- an increase in the illegal influence on the information infrastructure of the Russian Federation from other countries;
- the work of special services, whose functions include technical intelligence in government agencies, organizations of the scientific, defense and industrial sectors.
The emergence of descriptions of new threats is entirely justified. Recently, there have been several cyberattacks on large companies and government agencies.
Threats are divided into several types:
- Dangerous for information and telecommunication facilities and systems. The danger is associated with illegal seizure, interception of data or media with them, the risk of their destruction. Very often, cybercriminals distort information or sell it to third parties. This includes providing false information. Often the danger arises when using unlicensed software. Cybercriminals deliberately inject malicious components into pirated versions. Most of the threats are related to the spread of viruses and hacker attacks.
- Threats to the development of domestic information technologies associated with the relocation of Russian specialists abroad. In addition, there is not a sufficient educational base in the country. The demand for such specialists is constantly growing, but the supply cannot satisfy it. The danger is also the crowding out of domestic goods and services by imported ones, insufficient use of modern, progressive technologies for the development of the IT sphere.
- The dangers associated with the lack of information support for the state policy of the Russian Federation. Market monopolization, lack of effective information support, people's distrust of state-owned media that compete with independent ones.
- Risks associated with limiting legal human rights. Among the main factors in this direction, one can single out the dissemination of information that does not correspond to reality, for the purpose of manipulation, distortion of moral values. Restricting access to information also violates human rights. Often, non-compliance with laws, rules for collecting and storing information can pose a threat of data leakage. It is also dangerous for the authorities to adopt regulatory and legal documents that restrict human rights in the field of obtaining important information for him.
Another new item was the section on the appearance in foreign media of various information that forms a prejudiced attitude towards Russia among people from other countries. Often you can find falsification of historical events, information that does not correspond to reality, or its deliberately misinterpreted. The main purpose of such activities is to manipulate the consciousness of people and incite an information war in order to satisfy political and economic interests.
To prevent conflicts, the Doctrine describes the need to take measures to protect against information and psychological impact on the population. In addition, knowledge regarding the protection of private information remains at a low level. Therefore, most attacks are successful, and the attackers achieve their goals due to the illiteracy and negligence of users.
The information security doctrine describes the negative impact on the following areas, which, due to shortcomings, are more susceptible to the actions of cybercriminals:
- scientific - despite significant shifts in domestic information technologies, their level of development does not reach the required level; most often, events and domestic technologies are not used in the complex;
- state - the number of attacks on state institutions is constantly growing, the action of other countries regarding intelligence is increasing;
- defense - the impact on information technology is used in military-political activities;
- economic - the number of external attacks is increasing, and companies incur heavy losses.
Ways to counter possible threats
There are three categories of threat protection methods.
1. Economic. They consist in the introduction of financing programs for the development of new means of protection, as well as ensuring a sufficient level of security. This applies to authorities at different levels. In addition, there is the possibility of insurance against possible risks.
2. Organizational and technical. To implement the method, it is necessary to introduce a modern monitoring system, which will make it possible to assess the efficiency of the information security system by indicators.
Special attention should be paid to training specialists and improving their qualifications. In addition, it is worth implementing a control system, especially for employees who have access to confidential information. Very often, the cause of the leak is the negligence of employees, their use of a work computer for personal purposes, and a lack of information security knowledge.
Often employers use software without a license. Pirated versions increase the risk of threats because they do not have full technical support. In some cases, components with malicious functions are embedded in the program. To avoid incidents, it is necessary to use only certified systems, mainly of domestic production. The priority direction is the introduction of modern technologies, new means of protection, which will be able to stop the attacker in a timely manner.
Also, for the implementation of the method, it is necessary to stimulate the regulatory authorities to perform their functions in a timely manner and bring the attackers to justice.
3. Legal. For the full implementation of this direction, the government and each unit of power must actively participate in the implementation of the normative legal documents that govern the activities of the IT industry.
Normative legal acts are called upon to clearly structure the regional security system, to determine the status of various organizations, journalists, media, news agencies. The priority task is to stimulate the development of domestic communication networks at the legislative level, in particular, those related to astronautics. The documents should explain what powers each individual authority has, as well as what functions are endowed and on what grounds public organizations and citizens' associations participate in the development of information security.
It is also important to create documents that clarify controversial issues, contradictions in legislation. In addition, it is necessary to designate responsibility for committing cybercrimes. Documents are being developed that are valid not only on the territory of the Russian Federation, but also at the international level.
The most important factor in the effective implementation of the Doctrine in life is knowledge and observance of the basics of information security by all participants in the process. One of the most important tasks is the effective operation of all components of the IT security system, which together will be able to quickly repel numerous hacker attacks.
It is also important to develop the domestic IT sphere and bring Russian manufacturers of information security products to the highest levels, their competitiveness in relation to foreign colleagues. The government intends to create all conditions in order to minimize the drain of highly qualified personnel from the country.
The main difference of the new Doctrine is that the document contains examples of real threats. The relevance of the provisions is high, since they describe the actual state of the modern information technology system. The entry into force of the document is an important stage in improving the protection of the IT sector.