Doctrine of information security of the Russian Federation. On approval of the information security doctrine of the Russian Federation. Expectedly, a lot of text about import substitution
The previous version of the doctrine was approved 16 years ago (09.09.2000), during which time information environment has changed almost beyond recognition. As rightly noted in the new document, information technologies have acquired a global, cross-border nature and have become an integral part of all spheres of activity of the individual, society and state.
Against this background, the scope of the use of means of providing information and psychological influence by foreign intelligence services is constantly expanding. Their efforts are aimed at destabilizing the internal political and social situation in various regions of the world, undermining the sovereignty and territorial integrity of other states. We can observe the tragic consequences of such “activity” in the example of the Syrian conflict and the Ukrainian crisis.
It is obvious that, due to its specificity, information security is a separate area that deserves special attention from the state. This is due both to the need for physical data protection in the era of “digital espionage” and to the information and psychological aspect of information security. Namely, ensuring national security in the field of culture, preserving the cultural, historical and spiritual and moral values of our people, neutralizing the information impact aimed at eroding traditional Russian spiritual and moral values, including through the formation of a culture of personal information security.
International security
The new information security doctrine has justifiably expanded the international context, and its individual provisions organically complement the concept of foreign policy (11/30/2016). In particular, the state of information security in the field of strategic stability and equal strategic partnership is characterized in the document by the desire of individual states to use technological superiority to dominate the information space.
First of all, this concerns the unequal distribution of Internet resources between countries and the lack of relevant international legal norms in this area, which complicates the formation of common international information security.
At the same time, the possibilities of cross-border information circulation are increasingly used to achieve geopolitical, military-political, terrorist and other goals to the detriment of international security and strategic stability.
Based on this, Russia’s strategic goal is to form a stable system of non-conflict interstate relations in the information space. The main direction of ensuring information security is the development of a national management system for the Russian segment of the Internet and participation in the formation of an international information security system that excludes the use of information technologies for military-political and other illegal purposes from the point of view of international law.
Information wars
In addition, an increase in biased materials containing a biased assessment has been separately noted. Russian politics in foreign media, while Russian journalists are exposed to outright discrimination abroad.
In this regard, the doctrine especially emphasizes the need to communicate to the international community reliable information on state policy and the official position of the Russian leadership on significant events in the country and the world and improving efficiency information support implementation of government policy. For this purpose, the media and mass communications in the doctrine are classified as the main participants in the information security system.
National Defense
The state of information security in the field of national defense is examined separately. There has been an increase in the use of information technologies by individual states for military-political purposes. The identified trend poses a direct threat both to the security of Russia and our allies, and to international security in general.
In this regard, one of the main directions of ensuring information security in the field of defense is the strategic deterrence and prevention of military conflicts as a result of the use of information technologies. To this end, the security of critical infrastructure, weapons and automated systems control, information warfare forces and means are being improved, including the Armed Forces of the Russian Federation. Assessment and forecasting of military threats in information sphere. Including informational and psychological influence aimed at undermining historical foundations and patriotic traditions for the defense of the Fatherland.
Another know-how of the doctrine is the provision on regular training (exercises) as part of improving the information security system. Sudden checks of combat readiness are now expected not only by the Armed Forces of the Russian Federation, but also by other departments responsible for information security.
Economic sphere
In addition, the doctrine analyzes the state of information security in the economic sphere, as well as separately in the fields of science, technology and education. In this regard, it is fundamentally important that the state for the first time raises the problem of shortage domestic technologies, products and qualified personnel in the information sphere to the level of threats to national security.
One of the obvious advantages of the new doctrine is a noticeable strengthening of the analytical component. The document is not limited to a simple list information threats– each of them is analyzed taking into account the current state of information security and strategic national interests. Moreover, information-analytical and scientific-technical aspects of the functioning of the information security system will continue to be improved. And the tasks of government agencies now include, among other things, constant monitoring, assessment and forecasting of information threats.
The coordinating role in the implementation of the doctrine, as before, is assigned to the Security Council of the Russian Federation, which will determine the list of priority areas for ensuring information security for the medium term, taking into account the strategic forecast. The progress of implementation of the Information Security Doctrine will be reported to the President annually.
The material was prepared in collaboration with the Information and Analytical Agency “Foreign Policy Expertise”.
Evsey Vasiliev, Candidate of Political Sciences, Associate Professor of the Department of International Security at the IAI RSUH
PRESIDENT OF THE RUSSIAN FEDERATION
On approval of the Information Security Doctrine of the Russian Federation
In order to ensure information security of the Russian Federation
I decree:
1. Approve the attached Doctrine of Information Security of the Russian Federation.
2. Recognize as invalid the Doctrine of Information Security of the Russian Federation, approved by the President of the Russian Federation on September 9, 2000 N Pr-1895.
3. This Decree comes into force from the date of its signing.
President
Russian Federation
V.Putin
Information Security Doctrine of the Russian Federation
I. General provisions
1. This Doctrine represents a system of official views on ensuring the national security of the Russian Federation in the information sphere.
In this Doctrine, the information sphere is understood as a set of information, objects of informatization, information systems, sites on the information and telecommunications network "Internet" (hereinafter referred to as the "Internet"), communication networks, information technologies, entities whose activities are related to the formation and processing of information , the development and use of these technologies, ensuring information security, as well as a set of mechanisms for regulating relevant social relations.
2. This Doctrine uses the following basic concepts:
a) national interests of the Russian Federation in the information sphere (hereinafter referred to as national interests in the information sphere) - objectively significant needs of the individual, society and the state to ensure their security and sustainable development as it relates to the information sphere;
b) a threat to the information security of the Russian Federation (hereinafter referred to as an information threat) - a set of actions and factors that create a danger of damage to national interests in the information sphere;
c) information security of the Russian Federation (hereinafter referred to as information security) - the state of protection of the individual, society and the state from internal and external information threats, which ensures the implementation of constitutional rights and freedoms of man and citizen, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state;
d) ensuring information security - implementation of interconnected legal, organizational, operational-search, intelligence, counterintelligence, scientific-technical, information-analytical, personnel, economic and other measures to forecast, detect, contain, prevent, repel information threats and eliminate their consequences manifestations;
e) forces for ensuring information security - state bodies, as well as divisions and officials of state bodies, local governments and organizations authorized to solve problems of ensuring information security in accordance with the legislation of the Russian Federation;
f) information security means - legal, organizational, technical and other means used by information security forces;
g) information security system - a set of information security forces that carry out coordinated and planned activities, and the information security tools they use;
h) information infrastructure of the Russian Federation (hereinafter referred to as information infrastructure) - a set of informatization objects, information systems, Internet sites and communication networks located on the territory of the Russian Federation, as well as in territories under the jurisdiction of the Russian Federation or used on the basis of international treaties of the Russian Federation.
3. This Doctrine, based on an analysis of the main information threats and an assessment of the state of information security, defines the strategic goals and main directions for ensuring information security, taking into account the strategic national priorities of the Russian Federation.
4. Legal basis This Doctrine consists of the Constitution of the Russian Federation, generally recognized principles and norms of international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as regulatory legal acts of the President of the Russian Federation and the Government of the Russian Federation.
5. This Doctrine is a strategic planning document in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by Decree of the President of the Russian Federation of December 31, 2015 N 683, as well as other strategic planning documents in this area.
6. This Doctrine is the basis for the formation of state policy and the development of public relations in the field of information security, as well as for the development of measures to improve the information security system.
II. National interests in the information sphere
7. Information technologies have acquired a global cross-border nature and have become an integral part of all spheres of activity of the individual, society and state. Their effective use is a factor in accelerating the economic development of the state and the formation of the information society.
The information sphere plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation.
8. National interests in the information sphere are:
a) ensuring and protecting the constitutional rights and freedoms of man and citizen in terms of obtaining and using information, privacy when using information technologies, ensuring information support democratic institutions, mechanisms of interaction between the state and civil society, as well as the use of information technologies in the interests of preserving the cultural, historical, spiritual and moral values of the multinational people of the Russian Federation;
b) ensuring the stable and uninterrupted functioning of the information infrastructure, primarily the critical information infrastructure of the Russian Federation (hereinafter referred to as the critical information infrastructure) and the unified telecommunications network of the Russian Federation, in peacetime, during the period of immediate threat of aggression and in wartime;
c) development of the information technology and electronics industry in the Russian Federation, as well as improvement of the activities of industrial, scientific and scientific-technical organizations in the development, production and operation of information security means, provision of services in the field of information security;
d) bringing to the Russian and international public reliable information about the state policy of the Russian Federation and its official position on socially significant events in the country and the world, the use of information technologies in order to ensure the national security of the Russian Federation in the field of culture;
e) promoting the formation of an international information security system aimed at countering threats from the use of information technologies to disrupt strategic stability, strengthening equal strategic partnerships in the field of information security, as well as protecting the sovereignty of the Russian Federation in the information space.
9. The implementation of national interests in the information sphere is aimed at creating a safe environment for the circulation of reliable information and resistant to various types the impact of information infrastructure in order to ensure the constitutional rights and freedoms of man and citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.
III. Main information threats and the state of information security
10. The expansion of the areas of application of information technologies, being a factor in the development of the economy and improving the functioning of public and state institutions, at the same time gives rise to new information threats.
The possibilities of cross-border information flow are increasingly being used to achieve geopolitical, military-political, terrorist, extremist, criminal and other illegal goals, to the detriment of international security and strategic stability.
At the same time, the practice of introducing information technologies without linking it with ensuring information security significantly increases the likelihood of information threats.
11. One of the main negative factors influencing the state of information security is the increase by a number of foreign countries of the capabilities of information and technical influence on the information infrastructure for military purposes.
At the same time, the activities of organizations carrying out technical intelligence in relation to Russian government agencies, scientific organizations and enterprises of the military-industrial complex are intensifying.
12. The scope of the use by special services of individual states of means of providing information and psychological influence aimed at destabilizing the internal political and social situation in various regions of the world and leading to the undermining of sovereignty and violation of the territorial integrity of other states is expanding. Religious, ethnic, human rights and other organizations, as well as individual groups of citizens, are involved in this activity, and the capabilities of information technology are widely used.
There is a tendency towards an increase in the volume of materials in foreign media containing a biased assessment of the state policy of the Russian Federation. Russian funds mass media are often subject to outright discrimination abroad; Russian journalists are faced with obstacles to carry out their professional activities.
The information impact on the population of Russia, primarily on young people, is increasing in order to erode traditional Russian spiritual and moral values.
13. Various terrorist and extremist organizations widely use mechanisms of information influence on individual, group and public consciousness in order to escalate interethnic and social tension, incite ethnic and religious hatred or enmity, promote extremist ideology, as well as attract new supporters to terrorist activities. Such organizations, for illegal purposes, actively create means of destructive influence on critical information infrastructure objects.
14. The scale of computer crime is increasing, primarily in the credit and financial sphere, the number of crimes related to the violation of the constitutional rights and freedoms of man and citizen is increasing, including in terms of privacy, personal and family secrets, when processing personal data using information technology. At the same time, the methods, methods and means of committing such crimes are becoming more and more sophisticated.
15. The state of information security in the field of national defense is characterized by an increase in the use of information technologies by individual states and organizations for military-political purposes, including for carrying out actions contrary to international law, aimed at undermining the sovereignty, political and social stability, and territorial integrity of the Russian Federation and its allies and pose a threat international peace, global and regional security.
16. The state of information security in the field of state and public security is characterized by a constant increase in complexity, increasing scale and increasing coordination of computer attacks on critical information infrastructure facilities, increasing intelligence activities of foreign states in relation to the Russian Federation, as well as increasing threats of using information technologies to cause damage sovereignty, territorial integrity, political and social stability of the Russian Federation.
17. The state of information security in the economic sphere is characterized by an insufficient level of development of competitive information technologies and their use for the production of products and provision of services. The level of dependence of the domestic industry on foreign information technologies remains high in terms of electronic component base, software, computer technology and means of communication, which determines the dependence of the socio-economic development of the Russian Federation on the geopolitical interests of foreign countries.
18. The state of information security in the field of science, technology and education is characterized by insufficient effectiveness of scientific research aimed at creating promising information technologies, a low level of implementation of domestic developments and insufficient staffing in the field of information security, as well as low awareness of citizens in matters of ensuring personal information security . At the same time, measures to ensure the security of information infrastructure, including its integrity, availability and sustainable operation, using domestic information technologies and domestic products often do not have a comprehensive basis.
19. The state of information security in the field of strategic stability and equal strategic partnership is characterized by the desire of individual states to use technological superiority to dominate the information space.
The current distribution between countries of the resources necessary to ensure the secure and sustainable functioning of the Internet does not allow for joint fair management based on the principles of trust.
The lack of international legal norms regulating interstate relations in the information space, as well as mechanisms and procedures for their application that take into account the specifics of information technology, makes it difficult to form an international information security system aimed at achieving strategic stability and equal strategic partnership.
IV. Strategic goals and main directions for ensuring information security
20. The strategic goal of ensuring information security in the field of national defense is to protect the vital interests of the individual, society and state from internal and external threats associated with the use of information technologies for military-political purposes that are contrary to international law, including for the purpose of carrying out hostile actions and acts of aggression aimed at undermining sovereignty, violating the territorial integrity of states and posing a threat to international peace, security and strategic stability.
21. In accordance with the military policy of the Russian Federation, the main directions of ensuring information security in the field of national defense are:
a) strategic containment and prevention of military conflicts that may arise as a result of the use of information technologies;
b) improving the system for ensuring information security of the Armed Forces of the Russian Federation, other troops, military formations and bodies, which includes forces and means of information warfare;
c) forecasting, detection and assessment of information threats, including threats to the Armed Forces of the Russian Federation in the information sphere;
d) assistance in ensuring the protection of the interests of the allies of the Russian Federation in the information sphere;
e) neutralization of information and psychological influence, including those aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.
22. The strategic goals of ensuring information security in the field of state and public security are the protection of sovereignty, maintaining political and social stability, the territorial integrity of the Russian Federation, ensuring fundamental rights and freedoms of man and citizen, as well as protecting critical information infrastructure.
23. The main directions of ensuring information security in the field of state and public security are:
a) countering the use of information technologies to promote extremist ideology, spread xenophobia, ideas of national exclusivity in order to undermine sovereignty, political and social stability, forcibly change the constitutional system, and violate the territorial integrity of the Russian Federation;
b) suppression of activities harmful to the national security of the Russian Federation, carried out using technical means and information technologies by special services and organizations of foreign states, as well as individuals;
c) increasing the security of critical information infrastructure and the stability of its functioning, developing mechanisms for detecting and preventing information threats and eliminating the consequences of their manifestation, increasing the protection of citizens and territories from the consequences of emergency situations caused by information and technical impacts on critical information infrastructure objects;
d) increasing the security of the functioning of information infrastructure facilities, including in order to ensure sustainable interaction between government bodies, preventing foreign control over the functioning of such facilities, ensuring the integrity, stability of operation and security of the unified telecommunication network of the Russian Federation, as well as ensuring the security of information transmitted through it and processed in information systems on the territory of the Russian Federation;
e) increasing the operational safety of weapons, military and special equipment and automated control systems;
f) increasing the effectiveness of preventing offenses committed using information technologies and combating such offenses;
g) ensuring the protection of information containing information constituting state secrets and other information limited access and distribution, including by increasing the security of relevant information technologies;
h) improving methods and methods of production and safe use of products, provision of services based on information technology using domestic developments that meet information security requirements;
i) increasing the efficiency of information support for the implementation of state policy of the Russian Federation;
j) neutralization of information impact aimed at eroding traditional Russian spiritual and moral values.
24. The strategic goals of ensuring information security in the economic sphere are to reduce to the minimum possible level the influence of negative factors caused by the insufficient level of development of the domestic information technology and electronics industry, the development and production of competitive means of ensuring information security, as well as increasing the volume and quality of service provision in areas of information security.
25. The main directions of ensuring information security in the economic sphere are:
a) innovative development of the information technology and electronics industry, increasing the share of products from this industry in the gross domestic product and in the structure of the country’s exports;
b) eliminating the dependence of domestic industry on foreign information technologies and means of ensuring information security through the creation, development and widespread implementation of domestic developments, as well as the production of products and the provision of services based on them;
c) increasing competitiveness Russian companies operating in the information technology and electronics industry, development, production and operation of information security equipment, providing services in the field of information security, including through the creation of favorable conditions for carrying out activities on the territory of the Russian Federation;
d) development of a domestic competitive electronic component base and technologies for the production of electronic components, meeting the needs of the domestic market for such products and the entry of these products into the world market.
26. The strategic goal of ensuring information security in the field of science, technology and education is to support the innovative and accelerated development of the information security system, the information technology industry and the electronics industry.
27. The main directions of ensuring information security in the field of science, technology and education are:
a) achieving the competitiveness of Russian information technologies and developing scientific and technical potential in the field of information security;
b) creation and implementation of information technologies that are initially resistant to various types of impact;
c) conducting scientific research and carrying out experimental developments in order to create promising information technologies and means of ensuring information security;
d) development of human resources in the field of information security and application of information technologies;
e) ensuring the protection of citizens from information threats, including through the formation of a culture of personal information security.
28. The strategic goal of ensuring information security in the field of strategic stability and equal strategic partnership is the formation of a sustainable system of non-conflict interstate relations in the information space.
29. The main directions of ensuring information security in the field of strategic stability and equal strategic partnership are:
a) protection of the sovereignty of the Russian Federation in the information space through the implementation of an independent and independent policy aimed at realizing national interests in the information sphere;
b) participation in the formation of an international information security system that ensures effective counteraction to the use of information technologies for military-political purposes that are contrary to international law, as well as for terrorist, extremist, criminal and other illegal purposes;
c) creation of international legal mechanisms that take into account the specifics of information technologies in order to prevent and resolve interstate conflicts in the information space;
d) promoting, within the framework of the activities of international organizations, the position of the Russian Federation, which provides for ensuring equal and mutually beneficial cooperation of all interested parties in the information sphere;
e) development of a national management system for the Russian segment of the Internet.
V. Organizational basis for ensuring information security
30. The information security system is part of the national security system of the Russian Federation.
Ensuring information security is carried out on the basis of a combination of legislative, law enforcement, law enforcement, judicial, control and other forms of activity of government bodies in interaction with local governments, organizations and citizens.
31. The information security system is built on the basis of the delimitation of powers of legislative, executive and judicial authorities in this area, taking into account the jurisdiction of federal bodies state power, government bodies of the constituent entities of the Russian Federation, as well as local government bodies determined by the legislation of the Russian Federation in the field of security.
32. The composition of the information security system is determined by the President of the Russian Federation.
33. The organizational basis of the information security system is: Federation Council Federal Assembly Russian Federation, State Duma of the Federal Assembly of the Russian Federation, Government of the Russian Federation, Security Council of the Russian Federation, federal authorities executive power, the Central Bank of the Russian Federation, the Military-Industrial Commission of the Russian Federation, interdepartmental bodies created by the President of the Russian Federation and the Government of the Russian Federation, executive bodies of the constituent entities of the Russian Federation, local government bodies, judicial authorities taking part in accordance with the legislation of the Russian Federation in solving problems of ensuring information security.
Participants in the information security system are: owners of critical information infrastructure facilities and organizations operating such facilities, media and mass communications, organizations in the monetary, foreign exchange, banking and other areas of the financial market, telecom operators, information system operators, organizations carrying out activities for the creation and operation of information systems and communication networks, for the development, production and operation of information security means, for the provision of services in the field of information security, organizations carrying out educational activities in this area, public associations, other organizations and citizens who in accordance with the legislation of the Russian Federation, participate in solving problems to ensure information security.
34. The activities of government bodies to ensure information security are based on the following principles:
a) the legality of public relations in the information sphere and the legal equality of all participants in such relations, based on the constitutional right of citizens to freely seek, receive, transmit, produce and disseminate information in any legal way;
b) constructive interaction between government bodies, organizations and citizens when solving problems to ensure information security;
c) maintaining a balance between the need of citizens for the free exchange of information and restrictions related to the need to ensure national security, including in the information sphere;
d) sufficiency of forces and means to ensure information security, determined, inter alia, through the constant monitoring of information threats;
e) compliance with generally recognized principles and norms of international law, international treaties of the Russian Federation, as well as the legislation of the Russian Federation.
35. The tasks of government bodies within the framework of activities to ensure information security are:
a) ensuring the protection of the rights and legitimate interests of citizens and organizations in the information sphere;
b) assessing the state of information security, forecasting and detecting information threats, identifying priority areas for their prevention and eliminating the consequences of their manifestation;
c) planning, implementation and evaluation of the effectiveness of a set of measures to ensure information security;
d) organizing the activities and coordinating the interaction of information security forces, improving their legal, organizational, operational search, intelligence, counterintelligence, scientific and technical, information and analytical, personnel and economic support;
e) development and implementation of measures of state support for organizations engaged in the development, production and operation of information security means, provision of services in the field of information security, as well as organizations carrying out educational activities in this area.
36. The tasks of government bodies within the framework of activities to develop and improve the information security system are:
a) strengthening the vertical management and centralization of information security forces at the federal, interregional, regional, municipal levels, as well as at the level of informatization objects, information system operators and communication networks;
b) improving the forms and methods of interaction between information security forces in order to increase their readiness to counter information threats, including through regular training (exercises);
c) improving the information-analytical and scientific-technical aspects of the functioning of the information security system;
d) increasing the efficiency of interaction between government bodies, local governments, organizations and citizens in solving problems of ensuring information security.
37. The implementation of this Doctrine is carried out on the basis of sectoral strategic planning documents of the Russian Federation. In order to update such documents, the Security Council of the Russian Federation determines a list of priority areas for ensuring information security for the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.
38. The results of monitoring the implementation of this Doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.
Electronic document text
prepared by Kodeks JSC and verified against:
Official Internet portal
legal information
www.pravo.gov.ru, 06.12.2016,
N 0001201612060002
Yesterday (December 5, 2016) the updated Information Security Doctrine of the Russian Federation was finally approved (here is a link to the text). Let me remind you that old version The document dates back to 2000, and by now it is, of course, outdated. It’s strange that the final version differs significantly from the previously discussed project, but ok...
In my opinion, the document turned out to be quite sensible and concise (only 16 pages), but rather it received only cosmetic edits. Unfortunately, the document is not very convenient to use, certain topics (import substitution, protection of CII, response to incidents, etc.) are blurred, important provisions need to be collected...
When I first read the document, I noticed this (in comparison with the 2000 edition):
1. Updated terms
The basic term “information security of the Russian Federation” has changed (expanded).
Was:
Information security of the Russian Federation is understood as the state of protection of its national interests in the information sphere, determined by the totality of balanced interests of the individual, society and state.
It became:
Information security of the Russian Federation is a state of protection of the individual, society and the state from internal and external information threats, which ensures the implementation of the constitutional rights and freedoms of man and citizen, decent quality of life of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation , defense and security of the state.
All terms are even highlighted in a separate paragraph, and definitions are given the following concepts: “national interests of the Russian Federation in the information sphere”, “threat to information security of the Russian Federation”, “information security of the Russian Federation”, “ensuring information security”, “forces for ensuring information security”, “tools for ensuring information security”, “system for ensuring information security", "information infrastructure of the Russian Federation".
2. The security of critical information infrastructure (CII) appeared, and they began to talk about the need for its uninterrupted functioning
Now they talk about CII explicitly, but there are few specifics. I would, of course, like to hear about GosSOPKA, but there are only echoes of it:
...
c) increased security critical information infrastructure and the sustainability of its functioning, the development of mechanisms for detecting and preventing information threats and eliminating the consequences of their manifestation, increasing the protection of citizens and territories from the consequences of emergency situations caused by information and technical impacts on critical information infrastructure objects;
d) increasing operational safety information infrastructure objects, including for the purpose of ensuring sustainable interaction between government bodies, preventing foreign control over the functioning of such facilities, ensuring the integrity, stability of operation and security of the unified telecommunication network of the Russian Federation, as well as ensuring the security of information transmitted through it and processed in information systems on the territory of the Russian Federation Federations;
They specifically mention the Russian segment of the Internet:
29. The main directions of ensuring information security in the field of strategic stability and equal strategic partnership are:
...
e) development of a national management system for the Russian segment of the Internet.
3. They talk a lot, a lot about the informational and psychological impact
They mention the need to “bring to the attention of the Russian and international public reliable information on public policy", focus on the "scale of use of means of providing informational and psychological impact, aimed at destabilizing the internal political and social situation" and "aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland," they write about "the tendency to increase in the foreign media the volume of materials containing biased assessment state policy," they fear "the erosion of traditional Russian spiritual and moral values"The questions are, of course, important and correct, they were mentioned in the old edition, but there’s too much about it...
4. Focus on ensuring information security in the credit and financial sector
They also mention PD:
14. The scale of computer crime is increasing, primarily in credit and financial sphere, the number of crimes related to the violation of the constitutional rights and freedoms of man and citizen is increasing, including in terms of privacy, personal and family secrets, when processing personal data using information technology. At the same time, the methods, methods and means of committing such crimes are becoming more and more sophisticated.
5. They talk about the problem of IT implementation without taking into account information security issues
At the same time, the practice of introducing information technologies without linking it with ensuring information security significantly increases the likelihood of information threats.
6. As expected, there is a lot of text about import substitution.
I will write a separate note with quotes about this.
7. The development of information security services has become a national priority8. National interests in the information sphere are:Hello, consulting and outsourcing!
...
c) development of the information technology and electronics industry in the Russian Federation, as well as improvement of the activities of industrial, scientific and scientific-technical organizations in the development, production and operation of information security means, provision of services in the field of information security;
8. Finally they started talking about crime prevention and combating
23. The main directions of ensuring information security in the field of state and public security are:
e) increasing the effectiveness of preventing offenses committed using information technologies and combating such offenses;
In order to ensure the information security of the Russian Federation, I decree:
1. Approve the attached information security of the Russian Federation.
2. Recognize as invalid the Doctrine of Information Security of the Russian Federation, approved by the President of the Russian Federation on September 9, 2000 No. Pr-1895.
3. This Decree comes into force from the date of its signing.
President of the Russian Federation | V. Putin |
Doctrine
information security of the Russian Federation
(approved by the President of the Russian Federation dated December 5, 2016 No. 646)
I. General provisions
1. This Doctrine represents a system of official views on ensuring the national security of the Russian Federation in the information sphere.
In this Doctrine, the information sphere is understood as a set of information, objects of informatization, information systems, sites on the information and telecommunications network “Internet” (hereinafter referred to as the “Internet”), communication networks, information technologies, entities whose activities are related to the formation and processing of information , the development and use of these technologies, ensuring information security, as well as a set of mechanisms for regulating relevant social relations.
2. This Doctrine uses the following basic concepts:
a) national interests of the Russian Federation in the information sphere (hereinafter referred to as national interests in the information sphere) - objectively significant needs of the individual, society and the state to ensure their security and sustainable development as it relates to the information sphere;
b) a threat to the information security of the Russian Federation (hereinafter referred to as an information threat) - a set of actions and factors that create a danger of damage to national interests in the information sphere;
c) information security of the Russian Federation (hereinafter referred to as information security) - the state of protection of the individual, society and the state from internal and external information threats, which ensures the implementation of constitutional rights and freedoms of man and citizen, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state;
d) ensuring information security - implementation of interconnected legal, organizational, operational-search, intelligence, counterintelligence, scientific-technical, information-analytical, personnel, economic and other measures to forecast, detect, contain, prevent, repel information threats and eliminate their consequences manifestations;
e) forces for ensuring information security - state bodies, as well as divisions and officials of state bodies, local governments and organizations authorized to solve problems of ensuring information security in accordance with the legislation of the Russian Federation;
f) information security means - legal, organizational, technical and other means used by information security forces;
g) information security system - a set of information security forces that carry out coordinated and planned activities, and the information security tools they use;
h) information infrastructure of the Russian Federation (hereinafter referred to as information infrastructure) - a set of informatization objects, information systems, Internet sites and communication networks located on the territory of the Russian Federation, as well as in territories under the jurisdiction of the Russian Federation or used on the basis of international treaties of the Russian Federation.
3. This Doctrine, based on an analysis of the main information threats and an assessment of the state of information security, defines the strategic goals and main directions for ensuring information security, taking into account the strategic national priorities of the Russian Federation.
4. The legal basis of this Doctrine is the Constitution of the Russian Federation, generally recognized principles and norms of international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as regulatory legal acts of the President of the Russian Federation and the Government of the Russian Federation.
5. This Doctrine is a strategic planning document in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by Decree of the President of the Russian Federation of December 31, 2015 No. 683, as well as other strategic planning documents in this area.
6. This Doctrine is the basis for the formation of state policy and the development of public relations in the field of information security, as well as for the development of measures to improve the information security system.
II. National interests in the information sphere
7. Information technologies have acquired a global cross-border nature and have become an integral part of all spheres of activity of the individual, society and state. Their effective use is a factor in accelerating the economic development of the state and the formation of the information society.
The information sphere plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation.
8. National interests in the information sphere are:
a) ensuring and protecting the constitutional rights and freedoms of man and citizen in terms of obtaining and using information, privacy when using information technology, providing information support for democratic institutions, mechanisms of interaction between the state and civil society, as well as the use of information technology in the interests of preserving cultural, historical, spiritual and moral values of the multinational people of the Russian Federation;
b) ensuring the stable and uninterrupted functioning of the information infrastructure, primarily the critical information infrastructure of the Russian Federation (hereinafter referred to as the critical information infrastructure) and the unified telecommunications network of the Russian Federation, in peacetime, during the period of immediate threat of aggression and in wartime;
c) development of the information technology and electronics industry in the Russian Federation, as well as improvement of the activities of industrial, scientific and scientific-technical organizations in the development, production and operation of information security means, provision of services in the field of information security;
d) bringing to the Russian and international public reliable information about the state policy of the Russian Federation and its official position on socially significant events in the country and the world, the use of information technologies in order to ensure the national security of the Russian Federation in the field of culture;
e) promoting the formation of an international information security system aimed at countering threats from the use of information technologies to disrupt strategic stability, strengthening equal strategic partnerships in the field of information security, as well as protecting the sovereignty of the Russian Federation in the information space.
9. The implementation of national interests in the information sphere is aimed at creating a safe environment for the circulation of reliable information and an information infrastructure that is resistant to various types of influence in order to ensure the constitutional rights and freedoms of man and citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.
III. Main information threats and the state of information security
10. The expansion of the areas of application of information technologies, being a factor in the development of the economy and improving the functioning of public and state institutions, at the same time gives rise to new information threats.
The possibilities of cross-border information flow are increasingly being used to achieve geopolitical, military-political, terrorist, extremist, criminal and other illegal goals, to the detriment of international security and strategic stability.
At the same time, the practice of introducing information technologies without linking it with ensuring information security significantly increases the likelihood of information threats.
11. One of the main negative factors influencing the state of information security is the increase by a number of foreign countries of the capabilities of information and technical influence on the information infrastructure for military purposes.
At the same time, the activities of organizations carrying out technical intelligence in relation to Russian government agencies, scientific organizations and enterprises of the military-industrial complex are intensifying.
12. The scope of the use by special services of individual states of means of providing information and psychological influence aimed at destabilizing the internal political and social situation in various regions of the world and leading to the undermining of sovereignty and violation of the territorial integrity of other states is expanding. Religious, ethnic, human rights and other organizations, as well as individual groups of citizens, are involved in this activity, and the capabilities of information technology are widely used.
There is a tendency towards an increase in the volume of materials in foreign media containing a biased assessment of the state policy of the Russian Federation. Russian media are often subjected to outright discrimination abroad, and obstacles are created for Russian journalists to carry out their professional activities.
The information impact on the population of Russia, primarily on young people, is increasing in order to erode traditional Russian spiritual and moral values.
13. Various terrorist and extremist organizations widely use mechanisms of information influence on individual, group and public consciousness in order to escalate interethnic and social tension, incite ethnic and religious hatred or enmity, promote extremist ideology, as well as attract new supporters to terrorist activities. Such organizations, for illegal purposes, actively create means of destructive influence on critical information infrastructure objects.
14. The scale of computer crime is increasing, primarily in the credit and financial sphere, the number of crimes related to the violation of the constitutional rights and freedoms of man and citizen is increasing, including in terms of privacy, personal and family secrets, when processing personal data using information technology. At the same time, the methods, methods and means of committing such crimes are becoming more and more sophisticated.
15. The state of information security in the field of national defense is characterized by an increase in the use of information technologies by individual states and organizations for military-political purposes, including for carrying out actions contrary to international law, aimed at undermining the sovereignty, political and social stability, and territorial integrity of the Russian Federation and its allies and pose a threat to international peace, global and regional security.
16. The state of information security in the field of state and public security is characterized by a constant increase in complexity, increasing scale and increasing coordination of computer attacks on critical information infrastructure facilities, increasing intelligence activities of foreign states in relation to the Russian Federation, as well as increasing threats of using information technologies to cause damage sovereignty, territorial integrity, political and social stability of the Russian Federation.
17. The state of information security in the economic sphere is characterized by an insufficient level of development of competitive information technologies and their use for the production of products and provision of services. The level of dependence of the domestic industry on foreign information technologies remains high in terms of electronic components, software, computer equipment and communications, which determines the dependence of the socio-economic development of the Russian Federation on the geopolitical interests of foreign countries.
18. The state of information security in the field of science, technology and education is characterized by insufficient effectiveness of scientific research aimed at creating promising information technologies, a low level of implementation of domestic developments and insufficient staffing in the field of information security, as well as low awareness of citizens in matters of ensuring personal information security . At the same time, measures to ensure the security of information infrastructure, including its integrity, availability and sustainable operation, using domestic information technologies and domestic products often do not have a comprehensive basis.
19. The state of information security in the field of strategic stability and equal strategic partnership is characterized by the desire of individual states to use technological superiority to dominate the information space.
The current distribution between countries of the resources necessary to ensure the secure and sustainable functioning of the Internet does not allow for joint fair management based on the principles of trust.
The lack of international legal norms regulating interstate relations in the information space, as well as mechanisms and procedures for their application that take into account the specifics of information technology, makes it difficult to form an international information security system aimed at achieving strategic stability and equal strategic partnership.
IV. Strategic goals and main directions for ensuring information security
20. The strategic goal of ensuring information security in the field of national defense is to protect the vital interests of the individual, society and state from internal and external threats associated with the use of information technologies for military-political purposes that are contrary to international law, including for the purpose of carrying out hostile actions and acts of aggression aimed at undermining sovereignty, violating the territorial integrity of states and posing a threat to international peace, security and strategic stability.
21. In accordance with the military policy of the Russian Federation, the main directions of ensuring information security in the field of national defense are:
a) strategic containment and prevention of military conflicts that may arise as a result of the use of information technologies;
b) improving the system for ensuring information security of the Armed Forces of the Russian Federation, other troops, military formations and bodies, which includes forces and means of information warfare;
c) forecasting, detection and assessment of information threats, including threats to the Armed Forces of the Russian Federation in the information sphere;
d) assistance in ensuring the protection of the interests of the allies of the Russian Federation in the information sphere;
e) neutralization of information and psychological influence, including those aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.
22. The strategic goals of ensuring information security in the field of state and public security are the protection of sovereignty, maintaining political and social stability, the territorial integrity of the Russian Federation, ensuring fundamental rights and freedoms of man and citizen, as well as protecting critical information infrastructure.
23. The main directions of ensuring information security in the field of state and public security are:
a) countering the use of information technologies to promote extremist ideology, spread xenophobia, ideas of national exclusivity in order to undermine sovereignty, political and social stability, forcibly change the constitutional system, and violate the territorial integrity of the Russian Federation;
b) suppression of activities harmful to the national security of the Russian Federation, carried out using technical means and information technologies by special services and organizations of foreign states, as well as by individuals;
c) increasing the security of critical information infrastructure and the stability of its functioning, developing mechanisms for detecting and preventing information threats and eliminating the consequences of their manifestation, increasing the protection of citizens and territories from the consequences of emergency situations caused by information and technical impacts on critical information infrastructure objects;
d) increasing the security of the functioning of information infrastructure facilities, including in order to ensure sustainable interaction between government bodies, preventing foreign control over the functioning of such facilities, ensuring the integrity, stability of operation and security of the unified telecommunication network of the Russian Federation, as well as ensuring the security of information transmitted through it and processed in information systems on the territory of the Russian Federation;
e) increasing the operational safety of weapons, military and special equipment and automated control systems;
f) increasing the effectiveness of preventing offenses committed using information technologies and combating such offenses;
g) ensuring the protection of information containing information constituting state secrets, other information of limited access and distribution, including by increasing the security of relevant information technologies;
h) improving methods and methods of production and safe use of products, provision of services based on information technology using domestic developments that meet information security requirements;
i) increasing the efficiency of information support for the implementation of state policy of the Russian Federation;
j) neutralization of information impact aimed at eroding traditional Russian spiritual and moral values.
24. The strategic goals of ensuring information security in the economic sphere are to reduce to the minimum possible level the influence of negative factors caused by the insufficient level of development of the domestic information technology and electronics industry, the development and production of competitive means of ensuring information security, as well as increasing the volume and quality of service provision in areas of information security.
25. The main directions of ensuring information security in the economic sphere are:
a) innovative development of the information technology and electronics industry, increasing the share of products from this industry in the gross domestic product and in the structure of the country’s exports;
b) eliminating the dependence of domestic industry on foreign information technologies and means of ensuring information security through the creation, development and widespread implementation of domestic developments, as well as the production of products and the provision of services based on them;
c) increasing the competitiveness of Russian companies operating in the information technology and electronics industry, development, production and operation of information security equipment that provide services in the field of information security, including through the creation of favorable conditions for carrying out activities on the territory of the Russian Federation ;
d) development of a domestic competitive electronic component base and technologies for the production of electronic components, meeting the needs of the domestic market for such products and the entry of these products into the world market.
26. The strategic goal of ensuring information security in the field of science, technology and education is to support the innovative and accelerated development of the information security system, the information technology industry and the electronics industry.
27. The main directions of ensuring information security in the field of science, technology and education are:
a) achieving the competitiveness of Russian information technologies and developing scientific and technical potential in the field of information security;
b) creation and implementation of information technologies that are initially resistant to various types of impact;
c) conducting scientific research and carrying out experimental developments in order to create promising information technologies and means of ensuring information security;
d) development of human resources in the field of information security and application of information technologies;
e) ensuring the protection of citizens from information threats, including through the formation of a culture of personal information security.
28. The strategic goal of ensuring information security in the field of strategic stability and equal strategic partnership is the formation of a sustainable system of non-conflict interstate relations in the information space.
29. The main directions of ensuring information security in the field of strategic stability and equal strategic partnership are:
a) protection of the sovereignty of the Russian Federation in the information space through the implementation of an independent and independent policy aimed at realizing national interests in the information sphere;
b) participation in the formation of an international information security system that ensures effective counteraction to the use of information technologies for military-political purposes that are contrary to international law, as well as for terrorist, extremist, criminal and other illegal purposes;
c) creation of international legal mechanisms that take into account the specifics of information technologies in order to prevent and resolve interstate conflicts in the information space;
d) promoting, within the framework of the activities of international organizations, the position of the Russian Federation, which provides for ensuring equal and mutually beneficial cooperation of all interested parties in the information sphere;
e) development of a national management system for the Russian segment of the Internet.
V. Organizational basis for ensuring information security
30. The information security system is part of the national security system of the Russian Federation.
Ensuring information security is carried out on the basis of a combination of legislative, law enforcement, law enforcement, judicial, control and other forms of activity of government bodies in interaction with local governments, organizations and citizens.
31. The information security system is built on the basis of the delimitation of powers of legislative, executive and judicial authorities in this area, taking into account the jurisdiction of federal government bodies, government bodies of constituent entities of the Russian Federation, as well as local governments, determined by the legislation of the Russian Federation in the field of security security.
32. The composition of the information security system is determined by the President of the Russian Federation.
33. The organizational basis of the information security system consists of: the Federation Council of the Federal Assembly of the Russian Federation, the State Duma of the Federal Assembly of the Russian Federation, the Government of the Russian Federation, the Security Council of the Russian Federation, federal executive authorities, the Central Bank of the Russian Federation, the Military-Industrial Commission of the Russian Federation, interdepartmental bodies created by the President of the Russian Federation and the Government of the Russian Federation, executive authorities of the constituent entities of the Russian Federation, local government bodies, judicial authorities taking part in solving problems of ensuring information security in accordance with the legislation of the Russian Federation.
Participants in the information security system are: owners of critical information infrastructure facilities and organizations operating such facilities, media and mass communications, organizations in the monetary, foreign exchange, banking and other areas of the financial market, telecom operators, information system operators, organizations carrying out activities for the creation and operation of information systems and communication networks, for the development, production and operation of information security means, for the provision of services in the field of information security, organizations carrying out educational activities in this area, public associations, other organizations and citizens who in accordance with the legislation of the Russian Federation, participate in solving problems to ensure information security.
34. The activities of government bodies to ensure information security are based on the following principles:
a) the legality of public relations in the information sphere and the legal equality of all participants in such relations, based on the constitutional right of citizens to freely seek, receive, transmit, produce and disseminate information in any legal way;
b) constructive interaction between government bodies, organizations and citizens when solving problems to ensure information security;
c) maintaining a balance between the need of citizens for the free exchange of information and restrictions related to the need to ensure national security, including in the information sphere;
d) sufficiency of forces and means to ensure information security, determined, inter alia, through the constant monitoring of information threats;
e) compliance with generally recognized principles and norms of international law, international treaties of the Russian Federation, as well as the legislation of the Russian Federation.
35. The tasks of government bodies within the framework of activities to ensure information security are:
a) ensuring the protection of the rights and legitimate interests of citizens and organizations in the information sphere;
b) assessing the state of information security, forecasting and detecting information threats, identifying priority areas for their prevention and eliminating the consequences of their manifestation;
c) planning, implementation and evaluation of the effectiveness of a set of measures to ensure information security;
d) organizing the activities and coordinating the interaction of information security forces, improving their legal, organizational, operational search, intelligence, counterintelligence, scientific and technical, information and analytical, personnel and economic support;
e) development and implementation of measures of state support for organizations engaged in the development, production and operation of information security means, provision of services in the field of information security, as well as organizations carrying out educational activities in this area.
36. The tasks of government bodies within the framework of activities to develop and improve the information security system are:
a) strengthening the vertical management and centralization of information security forces at the federal, interregional, regional, municipal levels, as well as at the level of informatization objects, information system operators and communication networks;
b) improving the forms and methods of interaction between information security forces in order to increase their readiness to counter information threats, including through regular training (exercises);
c) improving the information-analytical and scientific-technical aspects of the functioning of the information security system;
d) increasing the efficiency of interaction between government bodies, local governments, organizations and citizens in solving problems of ensuring information security.
37. The implementation of this Doctrine is carried out on the basis of sectoral strategic planning documents of the Russian Federation. In order to update such documents, the Security Council of the Russian Federation determines a list of priority areas for ensuring information security for the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.
38. The results of monitoring the implementation of this Doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.
Document overview
A new Doctrine of Information Security of Russia has been approved.
Strategic goals and main directions for ensuring information security have been identified.
The main information threats are analyzed. The state of information security is assessed.
It is noted that the practice of introducing information technologies without linking it with ensuring information security significantly increases the likelihood of information threats.
The state of information security is influenced, in particular, by the fact that some foreign countries are increasing the capabilities of information and technical influence on the information infrastructure for military purposes. The activities of organizations carrying out technical intelligence in relation to Russian government agencies, scientific organizations and defense industry enterprises are intensifying.
There is a trend towards an increase in the volume of materials in foreign media with a biased assessment of domestic government policy. Russian media are often subjected to outright discrimination abroad.
Various terrorist and extremist organizations widely use mechanisms of information influence. The scale of computer crime is increasing.
The main directions of ensuring information security in the field of defense, state and public security, in the economic sphere, in the field of science, technology and education, strategic stability and equal strategic partnership are given.
The composition of the information security system is determined by the President of the Russian Federation. The Russian Security Council establishes a list of priority areas for ensuring information security for the medium term.
The results of monitoring the implementation of the doctrine are reflected in the annual report of the Secretary of the Security Council to the President of the Russian Federation.
The previous Doctrine of Information Security of Russia, approved in 2000, has been declared invalid.
The decree comes into force from the date of its signing.
Chairman of the Committee State Duma By information policy, information technology and communications Leonid Levin after the publication of Decree of the President of the Russian Federation of December 5, 2016 No. 646 “On approval of the Information Security Doctrine of the Russian Federation” noted:
“The new Information Security Doctrine, approved by the Decree of the President of the Russian Federation, reflects the changed situation in the world in connection with the development of information technology. The range of threats has expanded and is shifting to the sphere of communication networks and consumer digital technologies.
Most important point it is a recognition that the Internet is as much a space of international politics as any other medium. Accordingly, military threats and military conflicts are also possible on the network. It is directly stated that the intelligence services of individual countries on a state scale use IT for malicious purposes and this poses an obvious threat to the sovereignty of our country and the well-being of citizens. Old threats from extremists and drug dealers, computer hackers and fraudsters remain, but what is new is the emergence of network threats at the level of interstate confrontation. The concept of “cyberwar” has become not a toy of teenagers and futurists, but a factor in international relations. All this once again reminds us of the proposals expressed more than once in Russia to create an international institution for regulating the Internet at the level and according to the principles of the UN. The noble goal of preventing war, which lies at the heart of the UN ideology, becomes extremely urgent.
What is also important in the Doctrine is what actually high level expresses commitment to the principles of freedom of speech and free information exchange. Protecting the right of Russian citizens to freely receive information, and Russian journalists to ensure this right, is designated as a state task. Attention is paid to protecting the privacy of Russian citizens during the processing of personal data. Russian legislation provides for the protection of personal data of Russians from unauthorized changes by placing databases on the territory of the Russian Federation. The relevance of these provisions of the law is emphasized by the new Doctrine.
I would also like to note that the content of the Doctrine clearly indicates that the adoption in the last convocation of the State Duma Federal Law dated June 29, 2015 No. 188-FZ “On Amendments to the Federal Law “On Information, information technology and on the protection of information" and Article 14 of the Federal Law "On the contract system in the field of procurement of goods, works, services to meet state and municipal needs", regarding the introduction of state regulation in the field of use of Russian programs for electronic computers or databases, was timely and extremely necessary. The doctrine clearly indicates that the ability of foreign states to influence information infrastructure for military purposes continues to increase. The law laid the foundations for the transition of state information system to domestic software and allows us to hope that Russian sovereignty in the information sphere will be ensured on the basis of Russian technologies in the same way as is the case in other areas critical to defense and security. This is especially significant for objects critical infrastructure, which are extremely software dependent in the networking domain.”