The main objects of information security
In Russia, in the field of information security, there is a Doctrine that represents a set of official views on the situation with threats to information security in the modern world as a whole and individual laws and by-laws that focus on specific aspects of the overall system. Studying the existing security measures, it is necessary to understand not only which threats need to be protected, but also who or what should be protected. Depending on the normative act, objects requiring information security may differ insignificantly.
Information security system
The doctrine of information security of the Russian Federation, approved by a presidential decree in 2016, is designed to minimize or eliminate harm caused to the interests of the individual, society and the state by threats that exist in the information field, both technological and ideological. Government bodies set as their goal not only to ensure the information security of the state in terms of defense, domestic and foreign policy, but also to take care of protection from encroachments on the interests of citizens and business.
Types of threats
The drafters of the document do not rank threats according to whether they are directed against the individual or against the order of government, but simply name them. National interests are priority, but the doctrine pays significant attention to the protection of the interests of the individual, civil society and business. Among the main threats are:
- defense capability;
- state integrity;
- the order of management;
- the international image of Russia, the activities of domestic media abroad;
- critical information infrastructure facilities;
- credit and financial sphere.
In addition, the country's technological weakness, low quality or lack of national developments in the field of information security, dependence on communication systems or communications managed at the international level are independent threats. When efforts are directed, a strategic adversary in this direction can also be a target for business, which will lose the ability to manage its industrial facilities or make payments in the event of a disconnection from the Internet.
Spheres of protection
The danger of targeted informational impact on protected objects, according to the developers of the doctrine, is associated not only with the possibility of influencing infrastructure facilities or payment systems, hacking the website of a government organization or interfering through the Network in the operation of the life support systems of a city or the entire state. A significant danger is associated with informational influence on intangible values, such as Russia's image in the international arena, sovereignty, the concept of the inviolability of state integrity, general concepts of morality. A targeted informational impact on these spheres can undermine internal stability and lead to unrest.
Ensuring information security of intangible objects concerns not only the state. As for a citizen or business, risks may arise in terms of involving children in destructive cults, organizing pogroms of retail outlets, protests against the construction of objects significant for the economy. At the same time, extremist, religious, ethnic, and human rights organizations become the subjects of informational influence on the consciousness of citizens who are not prepared for protection against targeted influence. The state concept of explaining to citizens the principles of information security, the ability to share true news and fakes specially generated for destructive purposes has not yet been developed.
The information security concept identifies the following areas of protection:
- the economic sphere, including the monetary and securities market. Directed informational influence can affect the reputation of the bank or the price of securities;
- foreign policy. Russia's interests in the international arena are infringed upon due to the targeted deterioration of its image;
- internal political. Information security issues are mainly related to the prevention of separatism, extremism, ethnic strife;
- the field of education, science, technology. Information attacks can also lead to the migration of scientists abroad and a decrease in the reputation of Russian scientific institutions in the world;
- spiritual. The situation with the attempt to create the Ukrainian Autocephalous Church shows how important information dominance in this area is for a strategic enemy;
- judicial and law enforcement.
It is interesting that the postulates set out in the Doctrine in the field of ensuring Russia's information security do not fully correlate with those set forth in the National Security Strategy adopted a little later, which also considers issues of protection against information threats. However, in general, the areas of protection in the areas and objects coincide.
The concept of information security, names the main spheres of public and political life in which damage is possible by the actions of internal agents or foreign governments, international terrorist organizations. The document assumes that damage is caused to the legal rights, freedoms or interests of certain subjects. Specific subjects in the doctrine are not directly named, a general reference to the individual, society and the state is used, but in practice the following persons and organizations are distinguished whose interests may be harmed by directed information impact and who are subject to protection:
- Russia as a state;
- government bodies operating in the foreign and domestic political arena, diplomatic and consular missions, organizations such as the Russian World;
- subjects of the federation, municipal bodies;
- domestic media, news agencies, TV channels;
- Russian business structures, including those operating or placing securities on foreign organized markets;
- community organizations, including the church;
- citizens. Here, we can separately single out officials and judges, whose reputation is inseparable from the reputation of the state.
The degree of harm caused to the interests of the subjects may vary, but a targeted information attack can collapse the share price by several billion and disrupt elections in the municipality. The degree of protection in each case will be different, but awareness of the importance of information threats helps to protect the state and society from them. The problem may be that one has to oppose threats only in the information field, opposing one's arguments and objections to strangers, revealing incorrect information or making it difficult to spread false information.
Objects and phenomena
In addition to individuals, information attacks can be directed at certain objects and phenomena. Here, information security will be achieved more easily, since optimal protection can be achieved not only by information countermeasures, but also by an objectively implemented system of technical measures. As material objects are called:
- the premises in which the equipment of information security systems is located, there are servers, including bank servers, data are stored on paper. The degree of protection of such premises, depending on the class of protected information arrays, is determined by the regulations of the FSB RF and VSTEC RF;
- servers and information arrays of state authorities and administration;
- Research institutes and organizations of developers providing research in the field of information security;
- information and telecommunication networks and systems;
- arrays of confidential information;
- information technologies, both at the disposal of the enterprise and newly developed;
- information security systems;
- production facility management systems;
- banking systems.
In the field of protection of these facilities, the state sets standards for technological and software equipment, which must exclude the possibility of any unauthorized interference, violation of their independence and integrity. The law separately names objects of critical information infrastructure, for which a special protection regime is established and special means of protecting information are defined. They are assigned a security category, such objects are entered in the state register. Political, economic and environmental significance is taken into account in determining the category.
Ensuring information security of various objects is a joint task of government agencies, businesses and citizens. Everyone's interest in ensuring their own protection is important for the functioning of the overall system.