RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2016/12/06 09:58:49

Russian Information Security Doctrine

Russian President Vladimir Putin approved the new Doctrine of Information Security of the country. The decree on this was published on December 6, 2016 on the legal information portal Decree of the President of the Russian Federation dated 05.12.2016 No. 646 "On the Approval of the Information Security Doctrine of the Russian Federation."

Content

The document states that information technologies have become a global cross-border character and have become an integral part of all spheres of activity of the individual, society and the state. Their effective application is a factor in accelerating the economic development of the state and the formation of the information society. The information sector plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation.

Vladimir Putin approves new Russian Information Security Doctrine

At the same time, the expansion of information technology applications is creating new information threats. The possibilities of cross-border circulation of information are increasingly being used to achieve geopolitical, military-political, terrorist, extremist, criminal and other illegal goals contrary to international law, to the detriment of international security and strategic stability. At the same time, the practice of introducing information technologies without a link to ensuring information security significantly increases the likelihood of information threats.

The new Doctrine describes the strategic objectives and directions of information security in various areas.

Thus, in the field of science, technology and education, support should be provided for the innovative and accelerated development of the information security system, the information technology industry and the electronic industry. The main areas of information security in this area are the achievement of competitiveness of Russian IT and the development of scientific and technical potential in the field of information security, the creation of technologies resistant to various types of impact, the development of personnel potential, ensuring the protection of citizens from information threats, etc.

Russian National Security Strategy

Fundamentals of the state policy of the Russian Federation in the field of international information security

Russian Federation Information Security Doctrine

I. General provisions

1. This Doctrine is a system of official views on ensuring the national security of the Russian Federation in the information sphere,

2. In this Doctrine, the information sphere refers to the totality of information, informatization objects, information systems, sites in the information and telecommunication network Internet"" (hereinafter - the Internet), communication networks, information technology entities whose activities are associated with the formation and processing of information, the development and use of these technologies, support, information security as well as a set of mechanisms for regulating relevant public relations.

3. The following basic concepts are used in this Doctrine:

a) the national interests of the Russian Federation in the information sphere (hereinafter national interests in the information sphere) objectively significant needs of the individual, society and the state in ensuring their security and sustainable development in relation to the information sphere;

b) a threat to the information security of the Russian Federation (hereinafter referred to as an information threat) a set of actions and factors that create a risk of damage to national interests in the information sphere;

c) information security of the Russian Federation (hereinafter - information security) - the state of protection of the person, society and the state from internal and external information threats, in which the realization of constitutional rights and freedoms of the person and citizen, worthy quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state are ensured;

d) ensuring information security - implementation of interlinked legal, organizational, operational search, intelligence, counterintelligence, scientific and technical, information-analytical, personnel, economic and other measures to predict, detect, deter, prevent, repel information threats and eliminate the consequences of their manifestation;

e) the information security forces of state bodies, as well as subdivisions and officials of state bodies, local self-government bodies and organizations authorized to solve tasks for ensuring information security in accordance with the legislation of the Russian Federation;

f) means of ensuring information security of legal, organizational, technical and other means used by the information security forces;

g) information security system for a combination of information security forces carrying out coordinated and planned activities and the means used by them to ensure information security;

h) information infrastructure of the Russian Federation (hereinafter - information infrastructure) - a set of informatization objects, information systems, sites in the network <<Интернет» и сетей связи, расположенных на территории Российской Федерации, а также на территориях, находящихся под юрисдикцией Российской Федерации или используемых на основании международных договоров Российской Федерации.

3. Based on the analysis of the main information threats and assessment of the state of information security, the present Doctrine defines strategic goals and main directions for ensuring information security taking into account the strategic national priorities of the Russian Federation.

4. The legal basis of this Doctrine is the Constitution of the Russian Federation, universally recognized principles and norms of international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as normative legal acts of the President of the Russian Federation and the Government of the Russian Federation.

5. This Doctrine is a document of strategic planning in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by Decree of the President of the Russian Federation dated December 31, 2015 M 683, as well as other strategic planning documents in this area.

6. This Doctrine is the basis for the formation of state policy and the development of public relations in the field of ensuring information security, as well as for the development of measures to improve the information security system.

II. National information interests

7. Information technologies have become globally cross-border and have become an integral part of all spheres of activity of the individual, society and the State. Their effective application is a factor in accelerating the economic development of the state and the formation of the information society.

The information sector plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation.

8. National interests in the information sphere are:

a) ensuring and protecting the constitutional rights and freedoms of a person and a citizen in terms of obtaining and using information, privacy in the use of information technologies, ensuring information support for democratic institutions, mechanisms of interaction between the state and civil society, as well as the use of information technologies in the interests of preserving the cultural, historical and spiritual and moral values ​ ​ of the multinational people of the Russian Federation;

b) ensuring the sustainable and uninterrupted functioning of the information infrastructure, primarily the critical information infrastructure of the Russian Federation (hereinafter - critical information infrastructure) and the unified telecommunication network of the Russian Federation, in peacetime, during the period of immediate threat of aggression and in wartime;

c) development in the Russian Federation information technology industry and electronic industry and also improvement of activity of the production, scientific and scientific and technical organizations for development, production and operation of means of ensuring of information security, to rendering services in the field of ensuring information security;

d) bringing to the Russian and international public reliable information about the state policy of the Russian Federation and its official position on socially significant events in the country and the world, the use of information technologies in order to ensure the national security of the Russian Federation in the field of culture;

e) promoting the formation of an international information security system aimed at countering threats to the use of information technologies in order to violate strategic stability, strengthening equal strategic partnership in the field of information security, as well as protecting the sovereignty of the Russian Federation in the information space.

9. The realization of national interests in the information sphere is aimed at the formation of a safe environment for the circulation of reliable information and information infrastructure resistant to various types of influence in order to ensure the constitutional rights and freedoms of a person and citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.


III. Major information threats and information security

10. The expansion of the fields of application of information technologies, being a factor in the development of the economy and the improvement of the functioning of public and state institutions, at the same time creates new information threats.

The possibilities of cross-border circulation of information are increasingly being used to achieve geopolitical, military-political, terrorist, extremist, criminal and other illegal goals contrary to international law, to the detriment of international security and strategic stability.

At the same time, the practice of introducing information technologies without a link to ensuring information security significantly increases the likelihood of information threats.

11. One of the main negative factors affecting the state of information security is the increase in the ability of a number of foreign countries to increase the information technology impact on information infrastructure for military purposes.

At the same time, the activities of organizations conducting technical intelligence in relation to Russian state bodies, scientific organizations and enterprises of the military-industrial complex are intensifying.

12. The use by the special services of individual States of means of providing information and psychological influence aimed at destabilizing the domestic political and social situation in various regions of the world and leading to the undermining of sovereignty and violation of the territorial integrity of other States is increasing. Religious, ethnic, human rights and other organizations, as well as individual groups of citizens, are involved in this activity, while the possibilities of information technology are widely used.

There is a tendency to increase the volume of materials in foreign media containing a biased assessment of the State policy of the Russian Federation.

The Russian media are often subjected to outright discrimination abroad, Russian journalists are prevented from carrying out their professional activities.

The information impact on the population of Russia, primarily on young people, is increasing in order to erode traditional Russian spiritual and moral values.

13. Various terrorist and extremist organizations make extensive use of mechanisms of information influence on individual, group and public consciousness in order to increase ethnic and social tensions, incite ethnic and religious hatred or enmity, promote extremist ideology, and attract new supporters to terrorist activities. Such organizations actively create means of destructive influence on critical information infrastructure for illegal purposes.

14. Computer crime is increasing, especially in the financial and credit sphere, and the number of crimes related to the violation of constitutional rights and freedoms of a person and citizen, including with regard to privacy, personal and family secrets, in the processing of personal data using information technologies is increasing. At the same time, the methods, methods and means of committing such crimes are becoming more sophisticated.


15. The state of information security in the field of the country's defense is characterized by an increase in the use by individual States and organizations of information technologies for military and political purposes, including for the implementation of actions contrary to international law aimed at undermining the sovereignty, political and social stability, territorial integrity of the Russian Federation and its allies and posing a threat to international peace, global and regional security.

16. The state of information security in the field of State and public security is characterized by a constant increase in complexity, an increase in the scale and coordination of computer attacks on critical information infrastructure, an increase in intelligence activities of foreign States against the Russian Federation, as well as an increase in threats to the use of information technologies in order to harm the sovereignty, territorial integrity, political and social stability of the Russian Federation.

17. The state of information security in the economic sphere is characterized by insufficient development of competitive information technologies and their use for the production of products and the provision of services. The level of dependence of domestic industry on foreign information technologies remains high in terms of the electronic component base, software, computer equipment and communications, which determines the dependence of the socio-economic development of the Russian Federation on the geopolitical interests of foreign countries.

18. The state of information security in the field of science, technology and education is characterized by insufficient effectiveness of scientific research aimed at creating promising information technologies, low level of introduction of domestic developments and insufficient personnel support in the field of information security, as well as low awareness of citizens in matters of ensuring personal information security. At the same time, measures to ensure the security of the information infrastructure, including its integrity, accessibility and sustainable functioning, using domestic information technologies and domestic products often do not have a comprehensive basis.

19. The state of information security in the field of strategic stability and equitable strategic partnership is characterized by the desire of individual states to use technological superiority to dominate the information space.

The current distribution among countries of the resources needed to ensure the safe and sustainable operation of the Internet does not allow for the joint equitable, trust-based management of the Internet.

The absence of international legal norms governing inter-State relations in the information space, as well as mechanisms and procedures for their application, taking into account the specifics of information technologies, makes it difficult to establish an international information security system aimed at achieving strategic stability and equitable strategic partnership.

IV. Strategic objectives and key areas of information security

20. The strategic goal of ensuring information security in the field of defense of the country is to protect the vital interests of the individual, societies and States from internal and external threats related to the use of information technologies for military and political purposes, Contrary to international law, including with a view to carrying out hostile acts and acts of aggression, aimed at undermining sovereignty, violating the territorial integrity of States and posing a threat to international peace, security and strategic stability.

21. In accordance with the military policy of the Russian Federation, the main areas of information security in the field of defense of the country are:

a) strategic deterrence and prevention of military conflicts that may arise as a result of the use of information technologies;

b) improvement of the information security system of the Armed Forces of the Russian Federation, other troops, military formations and bodies, including forces and means of information confrontation;

c) forecasting, detection and assessment of information threats, including threats to the Armed Forces of the Russian Federation in the information sphere;

d) promoting the protection of the interests of the Allies of the Russian Federation in the information sphere;

e) neutralization of information and psychological impact, including aimed at undermining the historical foundations and patriotic traditions associated with the protection of the Fatherland.

22. The strategic objectives of ensuring information security in the field of State and public security are the protection of sovereignty, the maintenance of political and social stability, the territorial integrity of the Russian Federation, the provision of fundamental human and civil rights and freedoms, and the protection of critical information infrastructure.

23. The main areas of information security in the field of state and public security are:

a) countering the use of information technologies for the promotion of extremist ideology, the dissemination of xenophobia, ideas of national exclusivity in order to undermine sovereignty, political and social stability, forcible change of the constitutional system, violation of the territorial integrity of the Russian Federation;

b) suppression of activities damaging the national security of the Russian Federation carried out using technical means and information technologies by special services and organizations of foreign states, as well as individuals;

c) improving the security of critical information infrastructure and its stability, developing mechanisms for detecting and preventing information threats and eliminating the consequences of their manifestation, improving the protection of citizens and territories from the consequences of emergencies caused by information and technical impact on critical information infrastructure facilities;

d) improving the security of the operation of information infrastructure facilities, including in order to ensure sustainable interaction of state bodies, preventing foreign control over the operation of such facilities, ensuring the integrity, stability of the functioning and security of the unified telecommunication network of the Russian Federation, as well as ensuring the security of information transmitted through it and processed in information systems in the Russian Federation;

e) improving the safety of the operation of weapons, military and special equipment and automated control systems;

f) improving the effectiveness of prevention of offences committed using information technologies and countering such offences;

g) ensuring the protection of information containing information constituting state secrets, other information of limited access and distribution, including by increasing the security of relevant information technologies;

h) improvement of methods and methods of production and safe application of products, provision of services based on information technologies using domestic developments that meet information security requirements;

and) improving the efficiency of information support for the implementation of the state policy of the Russian Federation;

c) neutralization of information influence aimed at eroding traditional Russian spiritual and moral values.

24. The strategic objectives of ensuring information security in the economic sphere are to reduce to the minimum possible level the impact of negative factors due to the insufficient level of development of the domestic information technology industry and the electronic industry, the development and production of competitive means of ensuring information security, as well as improving the volume and quality of information security services.

25. The main areas of ensuring information security in the economic sphere are:

a) innovative development of the information technology and electronic industry, increase of the share of the products of this industry in the gross domestic product, in the export structure of the country;

b) elimination of dependence of domestic industry on foreign information technologies and means of ensuring information security due to creation, development and wide introduction of domestic developments, as well as production of products and provision of services based on them;

c) increasing the competitiveness of Russian companies operating in the information technology and electronic industry, developing, producing and operating information security tools that provide services in the field of information security, including by creating favorable conditions for activities in the Russian Federation;

d) development of a domestic competitive electronic component base and technologies for the production of electronic components, ensuring the need of the domestic market for such products and the entry of these products into the world market.

26. The strategic goal of ensuring information security in the field of science, technology and education is to support the innovative and accelerated development of the information security system, the information technology industry and the electronic industry.

27. The main areas of information security in the field of science, technology and education are:

a) achieving the competitiveness of Russian information technologies and developing scientific and technical potential in the field of ensuring information security;

b) creation and implementation of information technologies that are initially resistant to various types of impacts;

c) conducting research and carrying out experimental developments in order to create promising information technologies and means of ensuring information security;

d) development of human resources capacity in the field of information security and application of information technologies;

e) ensuring the protection of citizens from information threats, including through the formation of a culture of personal information security.

28. The strategic goal of ensuring information security in the field of strategic stability and equitable strategic partnership is the formation of a stable system of non-conflict interstate relations in the information space.

29. The main areas of information security in the field of strategic stability and equitable strategic partnership are:

a) protecting the sovereignty of the Russian Federation in the information space by implementing an independent and independent policy aimed at realizing national interests in the information sphere;

b) participation in the formation of an international information security system that provides effective counteraction to the use of information technologies for military-political purposes contrary to international law, as well as for terrorist, extremist, criminal and other illegal purposes;

c) creation of international legal mechanisms that take into account the specifics of information technologies, in order to prevent and resolve inter-state conflicts in the information space;

d) promotion of the position of the Russian Federation within the framework of the activities of international organizations, providing for equal and mutually beneficial cooperation of all interested parties in the information sphere;

e) development of the national management system of the Russian segment of the Internet.

V. Organizational framework for information security

30. The information security system is part of the national security system of the Russian Federation.

Ensuring information security is carried out on the basis of a combination legislative, law-enforcement, law-enforcement, judicial, control and other forms of activity of public authorities in interaction with local governments, the organizations and citizens.

31. The information security system is based on the delimitation of the powers of legislative, executive and judicial authorities in this area, taking into account the subjects of responsibility of federal state authorities, state authorities of the constituent entities of the Russian Federation, as well as local self-government bodies determined by the legislation of the Russian Federation in the field of security.

32. The composition of the information security system is determined by the President of the Russian Federation.

33. The organizational basis of the information security system is: the Federation Council of the Federal Assembly of the Russian Federation, State Duma of the Federal Assembly of the Russian Federation, Government of the Russian Federation, Security Council of the Russian Federation, federal executive authorities, the Central Bank of the Russian Federation, the Military Industrial Commission of the Russian Federation, interdepartmental bodies established by the President of the Russian Federation and the Government of the Russian Federation, the executive authorities of the constituent entities of the Russian Federation, local self-government bodies, judicial authorities, taking part in solving information security tasks in accordance with the legislation of the Russian Federation.

Participants in the information security system are: owners of critical information infrastructure facilities and organizations, operating such facilities, mass media and mass communications, monetary organizations, foreign exchange, banking and other areas of the financial market, telecom operators, operators of information systems, Organizations engaged in the development and operation of information systems and communication networks, development, production and operation of information security tools, information security services, organizations carrying out educational activities in this area, public associations, other organizations and citizens, which, in accordance with the legislation of the Russian Federation, participate in solving tasks to ensure information security.

34. The activities of State bodies in ensuring information security are based on the following principles:

a) the legality of public relations in the information sphere and the legal equality of all participants in such relations, based on the constitutional right of citizens to freely seek, receive, transmit, produce and disseminate information in any legal way;

b) constructive interaction of state bodies, organizations and citizens in solving tasks to ensure information security;

c) maintaining a balance between the need of citizens for free exchange of information and restrictions related to the need to ensure national security, including in the information sphere;

d) sufficiency of information security forces and means, determined including through continuous monitoring of information threats;

e) observance of universally recognized principles and norms of international law, international treaties of the Russian Federation, as well as the legislation of the Russian Federation.

35. The tasks of state bodies in the framework of activities to ensure information security are:

a) ensuring protection of rights and legitimate interests of citizens and organizations in the information sphere;

b) assessing the state of information security, forecasting and detecting information threats, determining priority areas for their prevention and elimination of the consequences of their manifestation;

c) planning, implementation and evaluation of information security package effectiveness;

d) organization of activities and coordination of interaction of information security forces, improvement of their legal, organizational, operational-search, intelligence, counterintelligence, scientific and technical, information-analytical, personnel and economic support;

e) development and implementation of state support measures for organizations engaged in the development, production and operation of information security tools, for the provision of services in the field of information security, as well as organizations engaged in educational activities in this field.

36. The tasks of state bodies in the framework of activities for the development and improvement of the information security system are:

a) strengthening the management vertical and centralization of information security forces at the federal, interregional, regional, municipal levels, as well as at the level of informatization facilities, operators of information systems and communication networks;

b) improving the forms and methods of interaction of the information security forces in order to increase their readiness to counter information threats, including through regular training (exercises);

c) improvement of information, analytical and scientific and technical aspects of information security system operation;

d) increasing the efficiency of interaction between state bodies, local self-government bodies, organizations and citizens in solving tasks to ensure information security.

37. Implementation of this Doctrine is carried out on the basis of sectoral documents of strategic planning of the Russian Federation. In order to update such documents, the Security Council of the Russian Federation defines a list of priority areas for ensuring information security for the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.

38. The results of monitoring the implementation of this Doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.

See also

Notes