Russian Information Security Doctrine

Recently, the Russian authorities have been paying particular attention to the means of transmitting information. The priority task of the state is to convey to the people a certain point of view. This problem is being solved quite successfully, and all thanks to the documents regulating the formation and analysis of the reported information. One of these documents is the Doctrine of Information Security of the Russian Federation. In our article, its main provisions will be examined in detail.

What is information security?

Each state has national interests. They are very long and carefully formed, and therefore need high-quality protection. Interests affect both the government itself and the population living in the country. We live in an amazing time when information rules the world. Thanks to the Internet and the media, it is becoming increasingly difficult to hide any information, and therefore requires special mechanisms for protecting information. The totality of such mechanisms is called information security.

Our country has the Doctrine of Information Security. Its main purpose is to protect national interests. Objects of protection can be divided into three main groups:

• Constitutional freedoms and human rights in the field of information use.
• Modern means of informatization, television and communication communications.
• Means of information support of Russian state policy, as well as a number of state resources.

In the Doctrine of Information Security of the Russian Federation there are three methods for ensuring protection:

• Legal method. It involves the development and introduction of regulations governing relations in the field of informatization.
• Organizational and technical methods. Here it is necessary to single out control over the implementation of information protection requirements, ensuring an IT security monitoring system, as well as holding individuals accountable for offenses committed in this area.
• Economic methods. This is the development of various kinds of projects and their financing.

Thus, the Doctrine of Information Security of Russia is a very important and relevant document, the main provisions of which will be discussed further.

Doctrine Structure

The normative legal act approved by the President of the Russian Federation on December 5, 2016, consists of five parts and a conclusion. The 2000 Information Security Doctrine, which has now expired, has been in force.

The first part of the document contains general provisions. The basic concepts are given, the goals are presented, the methods of legal regulation are formed. The second part describes the national interests of the country that need to be protected. Information threats and security methods are presented in the third part of the document. Strategic goals and ways to ensure IT security are described in the fourth part. Finally, ways to organize a secure information environment are formed in the final chapter.

It’s worth starting with an analysis of the main points. Paragraph 2 of the first chapter of the Information Security Doctrine states that the national interests of a country mean the objectively significant needs of the state and the individual. The threat to such security is a combination of factors that create the risk of harming interests in the IT environment. Finally, security itself is called the state of security of the state and the individual from external information threats.

The Doctrine quite often uses the concept of information infrastructure. We are talking about a set of IT systems located in Russia.

National interests

It's no secret that information technology today is global. They are widely used throughout the globe, and do not differ from each other. This poses a threat to quick access to information that is a state secret. In this regard, different countries are trying to use individual means of encryption and data protection. The effective use of such funds will serve as an excellent factor in the speedy modernization of economic, social and political development.

And yet, why is it necessary to create such complex security systems? The answer is given in the Doctrine of Information Security of the Russian Federation. Chapter 2 of this document spells out the main vectors of public policy, which should be subjected to special protection. Here's what to highlight here:

• Ensuring the stable and continuous functioning of the information infrastructure and a single telecommunication system - both in peacetime and during the period of aggression.
• Protection of constitutional freedoms and interests of the individual. Everyone has the right to privacy. This right can only be ensured with the help of high-quality information technologies.
• The development in Russia of the electronic industry, which could contribute to the improvement of production, scientific, technical or other activities.
• Bringing to the Russian and world public complete and reliable information about public policy pursued by the authorities.
• Promoting the formation of an interstate security system that can be aimed at protecting against external information threats.

The Russian Federation has a considerable number of interests in the field of data protection. Their maintenance and preservation is a priority goal of state power. The information security doctrine also contains provisions on how to ensure the safety of the IT environment. All of them will be disassembled further.

Information Threats

What exactly does the Russian state fear that it so widely finances data protection methods? In the Doctrine of Information Security of Russia, all potential threats are divided into four groups:

• Dangers in the field of constitutional rights and freedoms of people.
• Threats to the information support of Russian policy.
• Security threats to information and telecommunication systems and tools.
• Dangers in the development of modern IT-developments, as well as threats to exit the world market.

The Information Security Doctrine speaks of geopolitical instability. The leaders of Western countries allegedly pursue criminal, extremist, and sometimes even terrorist methods to achieve their goals. Russia, by contrast, stands guard over international law and strategic stability.

The practice of introducing IT development without a link to information security dramatically increases the likelihood of external threats. The conclusion suggests itself: the most important task of the Russian Federation is to build up military and information-technical potential.

The document mentions the widespread use in the world of technologies that adversely affect individual, group and even public consciousness. Engaged in similar, again, other countries. They have one goal: to undermine the political system of Russia and create a state of social tension. This is achieved by inciting ethnic or religious hatred.

What is surprising, the Doctrine of Information Security (No. 646 Decree of the President) contains criticism not only of the outside world, but also of Russia itself. So, in paragraph 17 of Chapter 3 of the document in question it is said about insufficient competitiveness in the field of IT. Due to the stagnant economic situation, the state is not able to spawn at least several large companies that could compete for the status of the best developer in the field of IT. Criticism is also contained in paragraph 18. It refers to the lack of effectiveness of scientific research in Russia, the low level of implementation of domestic developments and the lack of awareness of citizens in matters of personal information security. All this significantly complicates the formation of a system of protection against external threats.

Strategic goals

Why is the Russian Federation Information Security Doctrine necessary? The answer to this question lies in chapter 4 of the same document. It’s easy to guess what legislators prescribed here. It is again about protecting the freedoms, interests and rights of citizens. To achieve this goal, you can through the quality use of information technology. It is necessary to resist the military-political course chosen by many countries. Moreover, if such a course is directly contrary to the norms of world law.

Paragraph 21 of the Information Security Doctrine of the Russian Federation refers to the following strategic plans:

• Deterrence and attempt to eliminate military conflicts, including through the effective use of IT-development.
• Prediction, search and assessment of external information threats.
• Modernization of the security information system used in the Armed Forces of Russia and various military units.
• Securing the interests of the allies of Russia.
• Neutralization of psychological and informational impact in various fields - from economic and political to cultural and patriotic.

When studying the Information Security Doctrine (Decree of the President No. 646), the impression may be formed that the Russian authorities have a little paranoia. Too much attention is paid to external threats and how to protect them. In any case, the document is perfectly structured and clearly reflects the main points regarding the protection of the information environment in Russia.

Information Security Areas

The strategy outlined in Presidential Decree No. 646 (Doctrine of Information Security of the Russian Federation) is simple and understandable. Legislators minimize the impact of negative factors associated with the low level of development of the domestic information industry. In order for the strategy to be fully implemented, the Doctrine presents the main directions for the implementation of information security. In the economic sphere, these are the following points:

• Elimination of dependence of the Russian industry on foreign technologies. Simply put, Russia should stop acquiring foreign protection mechanisms. It is necessary to independently develop all products related to national security.
• Development and support of innovations in the electronic and information industry.
• Promoting the competitiveness of Russian companies operating in the field of IT.
  

In the field of science and technology, the government is obliged in every way to support the development of the information and electronic industry support system. Any successful projects must be popularized and financed. The tasks in the field of science and technology are approximately the same as in the economic sphere:

• human resource development;
• competitiveness support;
• detachment from any relations with foreign companies;
• support for major research;
• focus on creating technologies that are resistant to various types of external influences.

The last direction is the area of ​​strategic stability and equal social partnership. The following tasks should be highlighted here:

• protection of the sovereignty of the Russian Federation;
• the formation of international legal mechanisms that take into account the specifics of the latest technologies;
• promotion on the world stage of the position of the Russian Federation;
• active inclusion of the Russian segment of the Network in the process of technology development.

Organizational Basics

Chapter 5 of the Doctrine of Information Security of the Russian Federation presents the organizational foundations on which a data protection system is built. Security can be ensured only with a competent combination of legislative, judicial, law enforcement and control forms of activity of state authorities. The composition of the security system is determined by the head of state.

What is included in the information security system? These are two chambers of the Federal Assembly of the Russian Federation (parliament), the government, the Security Council, the Central Bank, the Military-Industrial Commission, as well as various interdepartmental bodies. This should also include various regional authorities.

Participants in the system are owners of critical information structure facilities, mass media, monetary and credit organizations, telecom operators, representatives of stock exchanges and many other instances.

The operation of the information security system should be based on the following principles:

• the legitimacy of social relations;
• maintaining a balance between the needs of citizens in ways of exchanging information and the restrictions that are associated with ensuring national security;
• constructive mutual dialogue of state bodies with public organizations and citizens themselves;
• compliance with generally recognized principles and norms of interstate law.

Thus, all state bodies participate in the organization of the information protection system. This indicates the importance of all ongoing activities.

Tasks of government bodies

According to the Information Security Doctrine, adopted in 2016, government bodies must solve the following tasks:

• preservation and development of systems for protecting the rights and legal interests of citizens and public organizations;
• assessing the state of information security, forecasting and searching for threats, identifying priority areas for eliminating the consequences of their manifestation;
• planning and implementation of a set of methods for ensuring information security;
• organization of activities and coordination of the interaction of forces to ensure information security;
• development of legal, organizational, operational-search, intelligence, scientific, technical, analytical, personnel and other methods of providing protection;
• development and implementation of methods of state support to organizations engaged in the formation, production and use of security tools.

In addition to the tasks listed above, the government should decide on strengthening the vertical of management and centralizing its forces. It is necessary to conduct timely checks of ongoing tasks, analyze many aspects of the system, increase the efficiency of interaction between government bodies, etc. The Information Security Doctrine itself, approved in 2016, points to all this.

State Assessment of the Doctrine

How do legislators evaluate the document in question? The decree approving the Information Security Doctrine has caused a lot of controversy both in society and in the government. Some experts were perplexed about the elimination of the provisions of the 2000 Doctrine. Others sharply criticized the document because of its overly militaristic orientation. Nevertheless, most legislators agreed: the adoption of the Doctrine will help to focus the attention of ordinary people on the problem.

The key to the effectiveness of information security methods is civic awareness. Moreover, the Russian government itself has created such conditions under which the country's population cannot boast of civil liability. Half of the Russians still do not know about the existence of the Doctrine in question, and it would be foolish to challenge this fact.

The main provisions of the Information Security Doctrine of 2000 were aimed at state power. The new document also focuses on ordinary people. This is the main difference between the two regulations. In addition, the new Doctrine takes into account current events and problems, such as cyber attacks, the actions of terrorist organizations, the "dark side" of the Internet, insufficient competition in the Russian innovation market and much more. It is the consideration of existing problems and their solutions that are the main advantage of the normative act under consideration. But the Doctrine also has many shortcomings, which will be discussed later.

Critique of the Doctrine

As already mentioned, the decree approving the Doctrine of Information Security of the Russian Federation generated a lot of controversy and disagreement. , - .

, , . ", ". , , . . . " ", . , , , .

, . , - . , . , , .

, , , . , , . 2000 , - .