Russia's policy in the field of international cybersecurity

2024

Cybersecurity agreement between Russia and Iran comes into effect

In August 2024^[1] between the Russian Federation and Iran on cooperation in the field of information security, signed back in 2021, entered into force. It defines terminology, goals, main threats, directions, principles, forms and mechanisms of cooperation to strengthen the protection of the information space of both countries.

The terms enshrined in the agreement are introduced into international circulation, including such concepts as objects of critical information infrastructure, which are in fact a copy of a similar definition from Law No. 187-FZ "On the Safety of CII." This definition allows us to hope that the legislative framework of both countries for the protection of CII will be harmonized, which will allow Russian developers of both protective equipment and PAC, together with software, to promote products already developed in accordance with Russian law for Iranian customers too.

In the agreement, the key is the concept of information space as "an area of ​ ​ activity related to the formation, creation, transformation, transmission, use and storage of information that affects, in particular, individual and public consciousness, information infrastructure and information itself." Information security is a state of security of the information space, and threats are factors that create a danger of damaging information security.

It should be noted that it was precisely such definitions that were proposed by Russia in the UN Convention on Cybersecurity, which was adopted in early August. However, terms such as CII and information space were not included in the final text of the UN convention, which is understandable. If the information space can "have an impact... on individual and public consciousness, "then this is much more than just cybersecurity. This is about information security of a person, which the world community is not yet ready to take on. Nevertheless, Russia and Iran may well not only afford it, but also help each other defend their information space.

The agreement also provides for assistance in the transfer of technologies and knowledge to build capacity and train the parties to the agreement, which theoretically means support from the outside states in the dissemination of Russian technologies formations and in the field of information security in Iran. In theory, this should help expand the market for Russian developers of information security products.

It won't help in any way, "Timur Kaidanny, head of business development at Innostage, told TAdviser. After all, business involves not only the opportunity to do some work, but also to get money for it. And the indicated agreement does not in any way regulate the issue of cross-border transfer of money between our countries under conditions of sanctions pressure. Perhaps it will become somewhat easier for Russian companies to "reach" potential customers and partners in Iran, but it will definitely not become easier to turn these clients into existing ones.

However, it is clear that the agreement on the exchange of information to protect its information space should not concern financial support issues. More precisely, the agreement contains the phrase that "the parties independently bear the costs associated with the participation of their representatives and experts in the relevant measures for the implementation of this agreement," but the issues of payment for services and doing business should be regulated by other agreements. However, the first step towards a joint information security market with Iran has been taken, and this is important, including for Russian developers, since they can hope to resolve all issues related to the sale of their products to Iranian users. At a minimum, the terminology between our countries is agreed.

UN adopted a document initiated by Russia coordinating countries in the fight against cybercrime

At a meeting on August 7, a draft UN convention against cybercrime (A/AC.291/L.15) was adopted^[2], which criminalizes ten crimes in cyberspace, allows traffic control and collection of meta-data files, and also involves the creation of a network of state contact centers for the exchange of information collected to prove crimes. The text of the convention is partially agreed - there are fragments adopted by everyone at the vote, there are - adopted behind the scenes, and there are - not agreed. More

Russia is counting on the agreement of the international convention on ICT

Russia intends to agree on the final version of a comprehensive international convention on countering the use of information and communication technologies (ICT) for illegal purposes in May-June 2024 at the final stage of negotiations. This was announced on April 1, 2024 by the press service of the State Duma deputy RFAnton Nemkin, referring to the RIA Novosti message to the Russian Foreign Ministry.

In May-June, the final stage of negotiations will take place in New York, following which the final text of the agreement should be agreed, the department noted.

The ministry stressed that "despite the position of the West, together with like-minded people, Russia is counting on the adoption of the first document in history regulating international law enforcement cooperation to combat ICT crime."

Including in the issue of using information technology for criminal purposes. Let me remind you that it was Russia that initiated the creation of a special committee at the UN to develop the first ever international convention on countering the use of ICT for illegal purposes, the deputy recalled.

We are witnessing a clear bias - Western countries have much more powers compared to the rest of the world. We are talking about almost complete access to the databases of other states. At the same time, this state of affairs is also maintained at a formal level: for example, at the expense of the Budapest Convention of 2001. Russia, on the other hand, proposes a completely different approach, based on the principle of equality of sovereign states, as well as the principle of non-interference in the internal policy of countries, the parliamentarian explained.

The development of international crime is largely due to the weak coordination of countries, primarily in terms of operational exchange. information The draft convention pays significant attention to emergency mechanisms of interaction, which will allow not only to prevent threats, but also to investigate IT crimes much more effectively, the deputy concluded.

2023: Appointment as Special Representative of the President of the Russian Federation for International Cooperation in the Field of Information Security

At the end of July 2023, the President Russia Vladimir Putin signed a decree appointing information security Arthur Lukmanov, who previously served as director of a similar department in. Ministry of Foreign Affairs of the Russian Federation Read more. here

2022: Putin gives the Ministry of Justice of the Russian Federation the authority to conduct state policy in the field of international cybersecurity

Russia Vladimir Putin The President signed a decree giving the Ministry of Justice of the Russian Federation the authority to conduct state policy in the field of international. information security The corresponding document was published on January 24, 2022 on the official Internet portal of legal information. More. here

2021

Putin approved the foundations of state policy in the field of international cybersecurity

In April 2021, Russian President Vladimir Putin signed a decree approving the foundations of the country's state policy in the field of international information security.

As reported in the document, it reflects strategic planning and official views on the essence of international information security, defines the main threats to international information security, the goals and objectives of the state policy of the Russian Federation in the field of international information security, as well as the main directions of its implementation.

Vladimir Putin approved the foundations of state policy in the field of international cybersecurity

Among the main threats to international cybersecurity, the authors of the documents attributed:

• the use of information and communication technologies (ICT) in the military-political and other spheres in order to undermine (infringe) sovereignty, violate the territorial integrity of states, carry out other actions in the global information space that impede the maintenance of international peace, security and stability;

• the use of ICT for terrorist purposes, including for the promotion of terrorism and the involvement of new supporters in terrorist activities;

• the use of ICT for extremist purposes, as well as to interfere in the internal affairs of sovereign states;

• the use of ICT for criminal purposes, including the commission of crimes in the field of computer information, as well as for the commission of various types of fraud;

• using ICT to conduct computer attacks on state information resources, including critical information infrastructure;

• The use by individual states of technological dominance in the global information space for monopolizing the ICT market, restricting the access of other states to advanced ICT, as well as to strengthen their technological dependence on the states dominant in the field of informatization and information inequality^[3]

The Security Council of the Russian Federation approved the foundations of state policy in the field of international cybersecurity

At the end of March 2021 Russian Security Council , following a meeting chaired by the president Vladimir Putin , he approved the draft "Fundamentals of state the Russian Federation's International Policy." information security Security Council Secretary Nikolai Patrushev noted that the Russian Federation is aimed at intensifying international cooperation for the "digital sovereignty" of states.

To neutralize the growing threats, Russia's focus on intensifying international cooperation, on creating an international legal regime for regulating the activities of states in the information space, primarily to ensure the digital sovereignty of independent states and prevent interstate conflicts using information technologies, was confirmed, he said (words are quoted on the Kremlin website).

The Security Council of the Russian Federation approved the draft "Fundamentals of the state policy of the Russian Federation in the field of international information security"

The document, according to Patrushev, updated global threats in the field of informatization and identified threats associated with computer attacks on state information resources, including critical information infrastructure.

The Secretary of the Security Council added that "Russia's focus on intensifying international cooperation, on creating an international legal regime for regulating the activities of states in the information space, primarily to ensure the digital sovereignty of independent states and prevent interstate conflicts using information technologies, has been confirmed."

The Security Council also decided to prepare a project implementation plan, "priority measures for comprehensive support have been identified."

Vladimir Putin at a meeting of the Security Council said that new technological solutions generate new risks. According to him, the global digital space often becomes a platform for tough information confrontation, for qualitatively unfair competition and cyber attacks.^[4]

2017

Kudrin experts spoke about the future of information security in Russia

In December 2017, the Center for Strategic Research (CSR), chaired by former Finance Minister Alexei Kudrin, published a report on the future of information security in Russia.

According to experts, the main strategies for ensuring cybersecurity in the international sphere assume a choice between strategies, one of which is to focus on cooperation with external partners and strengthen the legal framework for global regulation of this area, while the other is to strengthen internal regulation and focus on its own resources and solutions.

CSR simulated risks in the communications and IT industries

According to the authors of the report, Russia needs to focus on three main areas of work:

• Reducing the risks of military-political use of ICT and forming the foundations of the international legal regime of responsible behavior of States in cyberspace

• Ensuring the security, stability and resiliency of the Internet and digital data infrastructure for Russian users, business and the state

• Ensuring Russian interests in the field of a safe digital environment, combating computer crime, as well as the development of technologies and the information security market

The CSR proposes to develop and consolidate at the international level restrictions on the military-political use of information technologies in relation to critical infrastructure facilities, as well as to interpret the key concepts of the existing system of international law from the point of view of their application in the field of information technology.

In addition, the CSR proposes to adapt key norms of international humanitarian law, including the Geneva Conventions, to actions using information and communication technologies. The entire report is available at this link.. [1]

Putin outlined the priorities of information security of Russia

On October 26, 2017, an expanded meeting of the Security Council was held, at which President Vladimir Putin listed the main directions for the development of information security in Russia. Read more here.

2016: Putin approves new Russian Information Security Doctrine

Main article: Russian Information Security Doctrine

The President Russia Vladimir Putin approved the country's new Information Security Doctrine. The decree was published on December 6, 2016 on the portal of legal information.

2015: Russia creates cybersecurity system

Russia It creates its own system of security and countering cyber threats, quoted the Interfax agency as Deputy Prime Minister, Dmitry Rogozin who spoke on March 10, 2015 at a conference cyber security at Moscow State University^[5]

The Russian cybersecurity system, according to the Deputy Prime Minister, will be based "on the use of smart weapons." This weapon "is created with the help of the most complex production lines, technological circuits, which are also smart equipment," said Dmitry Rogozin.

In his speech, the Deputy Prime Minister classified the main cybersecurity threats that Russia may face. According to Interfax, according to him, "threats can be in three cases: the first is a country stronger (than Russia - approx. CNews) or even a coalition of countries; the second is an opponent equal in strength; the third is the opponent technically weaker. "

2014: Prosecutor General's Office of the Russian Federation proposes to conclude an agreement on combating cybercrime within the framework of the UN

The Prosecutor General's Office of the Russian Federation invited foreign colleagues to conclude an agreement on the fight against crime in the field of information technology within the framework of the UN. The proposal was voiced during the Baikal International Conference of Prosecutors opened in Irkutsk in August 2014 (according to ITAR-TASS).

Prosecutor General Yury Chaika noted that Russia has achieved some success in cooperation with foreign states in combating cross-border flows of "dirty" investments.

He explained that recently, with the participation of the international prosecution community, a number of cross-border criminal groups have been eliminated. In particular, in the case of Boris Berezovsky, Russian prosecutors collaborated with colleagues from France and Brazil, in the Yukos case with Holland and Armenia, Switzerland and Great Britain contributed to the return of funds to the Sovcomflot of Russia. This practical experience, according to Chaika, now needs to be strengthened by an appropriate regulatory framework.

As the Deputy Prosecutor General of the Russian Federation Alexander Zvyagintsev, who spoke at the conference, noted, in 2001 a convention against cybercrime was signed under the auspices of the Council of Europe. According to him, it has a number of shortcomings, in particular in matters of cooperation in criminal cases, and therefore "cannot claim the role of a globally recognized treaty in this area."

In this regard, the Prosecutor General's Office invites foreign colleagues to conclude an agreement on the fight against cybercrime within the framework of the UN. "I am sure that the world community cannot do without (such) an agreement," Zvyagintsev said.

In addition, the department offers foreign partners to conclude bilateral and multilateral international treaties on the return of property obtained by criminal means, which will help return the income of states. "It is simply unprofitable for any state to send abroad requests for confiscation of property obtained by criminal means, since confiscated assets may remain at the disposal of the requested state," the Deputy Prosecutor General explained.

2013: The foundations of the state policy of the Russian Federation in the field of international information security until 2020 were approved

Russian President Vladimir Putin signed a document in July 2013 defining the country's policy in the field of ensuring international information security. It follows from this document that Moscow sees the main threats to itself in the use of Internet technologies as "information weapons for military-political, terrorist and criminal purposes," as well as for "interference in the internal affairs of states."

It is reported that "The foundations of the state policy of the Russian Federation in the field of international information security for the period up to 2020." V. Putin signed at the end of last week. It was developed in the Security Council of the Russian Federation with the participation of relevant ministries, including the Ministry of Foreign Affairs, the Ministry of Defense, the Ministry of Communications and the Ministry of Justice. According to media reports, the document was partly conceived as a response to the adopted in 2011. US "International Strategy for Action in Cyberspace." In it, Washington for the first time equated acts of computer sabotage with traditional military actions, reserving the right to respond to them by all means, including the use of nuclear weapons.

The Russian response looks more peaceful: as follows from the text, Moscow intends to fight threats on the Web not by methods of intimidation, but by strengthening international cooperation. The document highlights four main threats to the Russian Federation in this area.

• The first is the use of information and communication technologies as information weapons for military-political purposes, for the implementation of hostile actions and acts of aggression.
• The second is the use of ICT for terrorist purposes.
• The third is cybercrimes, including improper access to computer information, the creation and distribution of malware.
• The fourth threat outlined in the document reflects a purely Russian approach - we are talking about the use of Internet technologies for "interference in the internal affairs of states," "violation of public order," "inciting enmity" and "propaganda of ideas that incite violence." According to the interlocutors of the publication, the events of the Arab Spring, which demonstrated the potential of the Internet for organizing and coordinating anti-government actions, forced the Russian authorities to pay attention to this threat.

The Russian authorities intend to counter these threats together with their allies, primarily members of the SCO, CSTO and BRICS. With their help, Moscow expects to achieve the implementation of a number of key initiatives: the adoption at the UN of the Convention on Ensuring International Information Security, the development of internationally recognized rules of conduct in cyberspace, the internationalization of the Internet governance system and the establishment of an international legal regime for the non-proliferation of information weapons. Until now, Western countries have opposed the initiatives of the Russian Federation, believing that they are aimed at strengthening state control over the Internet.

See also

• Information security (Russian market)

Notes