Written difficult language, and a rare reader even reaches the middle of this not very large document. To simplify the work with him, I decided to make a brief retelling (review) of the main provisions. I publish!
Doctrine information security is a system of official views on ensuring the national security of the Russian Federation in information sphere.
The document defines the following national interest in the information sphere (in fact, they have not changed since 2000):
- Ensuring and protecting the rights and freedoms of citizens in terms of obtaining and using information, privacy, as well as the preservation of spiritual and moral values.
- Uninterrupted operation of critical information infrastructure (CII).
- Development of the IT and electronic industry in Russia.
- Bringing to the Russian and international public reliable information about the state policy of the Russian Federation.
- Promoting international information security.
Doctrine is necessary for public policy formation and measures to improve the information security system.
Information Security(IB) is a state of protection of the individual, society and the state from internal and external information threats. Moreover, the new version of the document also states that constitutional rights and freedoms, a decent quality and standard of living for citizens, the sovereignty and territorial integrity of the Russian Federation, and its sustainable socio-economic development should be ensured. as well as public security. Not "security for the sake of security", but even a certain balance is obtained: the rights of citizens, the economy, security.
The document was created on the basis of an analysis of threats and an assessment of the state of the IS of the Russian Federation and develops the provisions of the National Security Strategy of the Russian Federation (dated December 31, 2015 No. 683).
Threat to information security of the Russian Federation(information threat) - a set of actions and factors that create the danger of causing damage to national interests in the information sphere.
The Doctrine defines the following main threats and characteristics IS state(I quote them briefly):
- Foreign countries are increasing their ability to influence IT infrastructure for military purposes.
- The activities of organizations carrying out technical intelligence in relation to Russian organizations are being strengthened.
- The introduction of IT without linking to information security increases the likelihood of threats.
- Special services use methods of information and psychological impact on citizens.
- More and more foreign media report biased information.
- Russian media abroad are discriminated against.
- External informational influence erodes traditional Russian spiritual and moral values (especially among young people).
- Terrorist and extremist organizations widely use the mechanisms of information influence.
- The scale of computer crime is growing, primarily in the financial sector
- Methods, ways and means of committing computer crimes are becoming more sophisticated.
- The complexity and number of coordinated computer attacks on CII objects is increasing.
- Remains high level dependence of the domestic industry on foreign IT.
- Russian scientific research in the field of IT is not effective enough, there is a shortage of personnel.
- Russian citizens have low awareness of personal information security issues.
- Individual states seek to use technological superiority to dominate the information space. Including on the Internet.
The document contains the following areas of information security and main directions by them:
1. Defense of the country:
a) strategic deterrence and prevention of military conflicts;
b) improvement of the IS maintenance system of the RF Armed Forces;
c) forecasting and assessment of information threats;
d) assistance in ensuring the protection of the interests of the allies of the Russian Federation;
e) neutralization of information and psychological impact.
2. State and public security:
a) opposition to the use of IT for propaganda;
b) counteraction to special services using IT;
c,d) increasing the security of CII;
e) improving the safety of functioning of weapons, military and special equipment and automated systems management;
f) combating IT crimes;
g) protection of state secrets and other types of secrets;
h) development of domestic IT;
and) Information support state policy of the FR;
j) neutralization of information and psychological impact.
3. Economic sphere:
a-d) development and support of domestic IT.
4. Science, technology and education:
a-c) the development of science;
d) development of human resources;
e) formation of a culture of personal information security.
5. Stability and equal strategic partnership
a) protection of the sovereignty of the Russian Federation in the information space;
b-d) participation in the formation of the international information security system;
e) development national system management of the Russian segment of the Internet.
The document also contains part "V. Organizational bases for ensuring information security" about the general powers and tasks of the authorities. But they, in my opinion, are not very interesting for strategic planning ...
Yesterday (December 5, 2016) the updated Information Security Doctrine was finally approved Russian Federation(here is a link to the text). Let me remind you that old version document was already from 2000, and by now it, of course, is outdated. It is strange that the final version differs significantly from the project discussed earlier, but okay ...
In my opinion, the document turned out to be quite sensible and concise (only 16 pages), but rather received only cosmetic changes. Unfortunately, the document is not very convenient to use, certain topics (import substitution, CII protection, incident response, etc.) are blurred, important provisions need to be collected...
When I first read the document, I noticed this (in comparison with the 2000 edition):
1. Updated terms
The basic term "information security of the Russian Federation" has changed (expanded).
It was:
The information security of the Russian Federation is understood as the state of protection of its national interests in the information sphere, determined by the totality of balanced interests of the individual, society and the state.
It became:
Information security of the Russian Federation - the state of protection of the individual, society and the state from internal and external information threats, which ensures the implementation of the constitutional rights and freedoms of man and citizen, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation , defense and security of the state.
All terms were even singled out in a separate paragraph, and they define the following concepts: "national interests of the Russian Federation in the information sphere", "threat to the information security of the Russian Federation", "information security of the Russian Federation", "ensuring information security", "information security forces ", "information security tools", "information security system", "information infrastructure of the Russian Federation".
2. It appeared about the security of critical information infrastructure (CII), and they began to talk about the need for its uninterrupted functioning
Now they are talking about CII explicitly, but there are few specifics. Of course, I wanted to hear about GosSOPKA, but there are only echoes of it:
...
c) increased security critical information infrastructure and stability of its functioning, development of mechanisms for detecting and preventing information threats and eliminating the consequences of their manifestation, increasing the protection of citizens and territories from the consequences of emergencies caused by information and technical impact on critical information infrastructure facilities;
d) improving the safety of operation information infrastructure facilities, including for the purpose of ensuring stable interaction between state bodies, preventing foreign control over the operation of such facilities, ensuring the integrity, stability and security of the unified telecommunications network of the Russian Federation, as well as ensuring the security of information transmitted over it and processed in information systems ah on the territory of the Russian Federation;
The Russian segment of the Internet is mentioned separately:
29. The main directions for ensuring information security in the field of strategic stability and equal strategic partnership are:
...
e) development of a national management system for the Russian segment of the Internet.
3. Much, much talk about the information and psychological impact
Mention the need to "bring to the Russian and international public credible information on public policy", focusing on "the extent of the use of means of providing information and psychological impact aimed at destabilizing the domestic political and social situation" and "aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland", they write about "the trend towards an increase in the volume of materials in foreign media containing biased assessment state policy", are afraid of "erosion of traditional Russian spiritual and moral values". The questions are of course important and correct, they were mentioned in the old edition, but there is too much about it ...
4. Focus on providing information security in the financial sector
And also PD mention:
14. Computer crime is on the rise, especially in credit and financial sphere, the number of crimes related to the violation of the constitutional rights and freedoms of a person and a citizen is increasing, including in terms of privacy, personal and family secrets, when processing personal data using information technologies. At the same time, the methods, methods and means of committing such crimes are becoming more sophisticated.
5. They talk about the problem of implementing IT without taking into account information security issues
At the same time, the practice of introducing information technologies without linking them to ensuring information security significantly increases the likelihood of information threats.
6. A lot of text about import substitution is expected.
I will write a separate note about this with quotes.
7. Development of information security services has become a national priority8. National interests in the information sphere are:Hello consulting and outsourcing!
...
c) development in the Russian Federation of the information technology and electronic industry, as well as improving the activities of industrial, scientific and scientific and technical organizations in the development, production and operation of information security tools, the provision of services in the field of information security;
8. Finally, they began to talk about the prevention and combating of crime
23. The main directions for ensuring information security in the field of state and public security are:
e) increasing the effectiveness of preventing crimes committed using information technology and combating such crimes;
DOCTRINE
information security of the Russian Federation
1. This Doctrine is a system of official views on ensuring the national security of the Russian Federation in the information sphere.
In this Doctrine, the information sphere is understood as a set of information, objects of informatization, information systems, sites in the information and telecommunication network "Internet" (hereinafter referred to as the "Internet" network), communication networks, information technologies, entities whose activities are related to the formation and processing of information , development and use of these technologies, ensuring information security, as well as a set of mechanisms for regulating relevant social relations.
2. The following basic concepts are used in this Doctrine:
a) the national interests of the Russian Federation in the information sphere (hereinafter - the national interests in the information sphere) - the objectively significant needs of the individual, society and the state in ensuring their security and sustainable development in terms of the information sphere;
b) threat to the information security of the Russian Federation (hereinafter referred to as the information threat) - a set of actions and factors that create the danger of causing damage to national interests in the information sphere;
c) information security of the Russian Federation (hereinafter - information security) - the state of protection of the individual, society and the state from internal and external information threats, which ensures the implementation of the constitutional rights and freedoms of man and citizen, a decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state;
d) ensuring information security - the implementation of interrelated legal, organizational, operational-investigative, intelligence, counterintelligence, scientific, technical, information-analytical, personnel, economic and other measures to predict, detect, contain, prevent, repel information threats and eliminate their consequences manifestations;
e) information security forces - state bodies, as well as divisions and officials of state bodies, local governments and organizations authorized to solve information security tasks in accordance with the legislation of the Russian Federation;
f) information security means - legal, organizational, technical and other means used by information security forces;
g) information security system - a set of forces for ensuring information security, carrying out coordinated and planned activities, and the means used by them to ensure information security;
h) information infrastructure of the Russian Federation (hereinafter - information infrastructure) - a set of informatization objects, information systems, sites on the Internet and communication networks located on the territory of the Russian Federation, as well as in territories under the jurisdiction of the Russian Federation or used on the basis of international treaties of the Russian Federation.
3. Based on the analysis of the main information threats and the assessment of the state of information security, this Doctrine defines the strategic goals and main directions for ensuring information security, taking into account the strategic national priorities of the Russian Federation.
4. The legal basis of this Doctrine is the Constitution of the Russian Federation, generally recognized principles and norms of international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as regulatory legal acts of the President of the Russian Federation and the Government of the Russian Federation.
5. This Doctrine is a strategic planning document in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by Decree of the President of the Russian Federation of December 31, 2015 No. 683, as well as other strategic planning documents in this area.
6. This Doctrine is the basis for the formation of state policy and the development of public relations in the field of information security, as well as for the development of measures to improve the information security system.
II. National interests in the information sphere
7. Information technologies have acquired a global cross-border character and have become an integral part of all spheres of activity of the individual, society and the state. Their effective application is a factor in accelerating the economic development of the state and the formation of the information society.
The information sphere plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation.
8. National interests in the information sphere are:
a) ensuring and protecting the constitutional rights and freedoms of a person and a citizen in terms of obtaining and using information, privacy when using information technologies, providing information support for democratic institutions, mechanisms for interaction between the state and civil society, as well as the use of information technologies in the interests of preserving cultural, historical, spiritual and moral values of the multinational people of the Russian Federation;
b) ensuring the stable and uninterrupted functioning of the information infrastructure, primarily the critical information infrastructure of the Russian Federation (hereinafter referred to as the critical information infrastructure) and the unified telecommunication network of the Russian Federation, in peacetime, during the immediate threat of aggression and in wartime;
c) development in the Russian Federation of the information technology and electronic industry, as well as improving the activities of industrial, scientific and scientific and technical organizations in the development, production and operation of information security tools, the provision of services in the field of information security;
d) bringing to the Russian and international public reliable information about the state policy of the Russian Federation and its official position on socially significant events in the country and the world, the use of information technologies to ensure the national security of the Russian Federation in the field of culture;
e) assistance in the formation of an international information security system aimed at countering the threats of the use of information technologies in order to violate strategic stability, at strengthening an equal strategic partnership in the field of information security, as well as at protecting the sovereignty of the Russian Federation in the information space.
9. The implementation of national interests in the information sphere is aimed at creating a safe environment for the circulation of reliable information and resistant to various types the impact of the information infrastructure in order to ensure the constitutional rights and freedoms of man and citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.
III. Main information threats and the state of information security
10. The expansion of the areas of application of information technologies, being a factor in the development of the economy and improving the functioning of public and state institutions, at the same time gives rise to new information threats.
The possibilities of cross-border circulation of information are increasingly being used to achieve geopolitical, military-political, as well as terrorist, extremist, criminal and other illegal goals, contrary to international law, to the detriment of international security and strategic stability.
At the same time, the practice of introducing information technologies without linking them to ensuring information security significantly increases the likelihood of information threats.
11. One of the main negative factors influencing the state of information security is the increase by a number of foreign countries of the possibilities of information and technical influence on the information infrastructure for military purposes.
At the same time, the activities of organizations carrying out technical intelligence in relation to Russian state bodies, scientific organizations and enterprises of the military-industrial complex are intensifying.
12. The use by special services of individual states of means of providing information and psychological impact is expanding, aimed at destabilizing the domestic political and social situation in various regions of the world and leading to undermining the sovereignty and violation of the territorial integrity of other states. Religious, ethnic, human rights and other organizations, as well as individual groups of citizens, are involved in this activity, while the possibilities of information technologies are widely used.
There is a trend towards an increase in the volume of materials in foreign mass media containing a biased assessment of the state policy of the Russian Federation.
Russian mass media are often openly discriminated against abroad, and Russian journalists are hindered from exercising their professional activities.
The information impact on the population of Russia, primarily on young people, is increasing in order to erode traditional Russian spiritual and moral values.
13. Various terrorist and extremist organizations widely use the mechanisms of informational influence on individual, group and public consciousness in order to escalate interethnic and social tension, incite ethnic and religious hatred or enmity, propagate extremist ideology, and also attract new supporters to terrorist activities. For illegal purposes, such organizations are actively creating means of destructive impact on critical information infrastructure facilities.
14. The scale of computer crime is growing, primarily in the credit and financial sphere, the number of crimes related to the violation of the constitutional rights and freedoms of a person and a citizen is increasing, including in terms of privacy, personal and family secrets, in the processing of personal data using information technology. At the same time, the methods, methods and means of committing such crimes are becoming more sophisticated.
15. The state of information security in the field of national defense is characterized by an increase in the use by individual states and organizations of information technologies for military-political purposes, including for the implementation of actions contrary to international law aimed at undermining the sovereignty, political and social stability, and territorial integrity of the Russian Federation and its allies and posing a threat international peace, global and regional security.
16. The state of information security in the field of state and public security is characterized by a constant increase in complexity, an increase in the scale and increase in the coordination of computer attacks on objects of critical information infrastructure, an increase in intelligence activities of foreign states in relation to the Russian Federation, as well as an increase in threats to the use of information technologies in order to cause damage sovereignty, territorial integrity, political and social stability of the Russian Federation.
17. The state of information security in the economic sphere is characterized by an insufficient level of development of competitive information technologies and their use for the production of products and the provision of services. The level of dependence of the domestic industry on foreign information technologies remains high in terms of electronic component base, software, computer science and means of communication, which makes the socio-economic development of the Russian Federation dependent on the geopolitical interests of foreign countries.
18. The state of information security in the field of science, technology and education is characterized by insufficient efficiency scientific research aimed at creating promising information technologies, low level introduction of domestic developments and insufficient staffing in the field of information security, as well as low awareness of citizens in matters of ensuring personal information security. At the same time, measures to ensure the security of the information infrastructure, including its integrity, availability and sustainable operation, using domestic information technologies and domestic products often do not have a comprehensive framework.
19. The state of information security in the field of strategic stability and equal strategic partnership is characterized by the desire of individual states to use technological superiority to dominate the information space.
The current distribution between countries of the resources necessary to ensure the safe and stable functioning of the Internet does not allow for joint fair management based on the principles of trust.
The absence of international legal norms regulating interstate relations in the information space, as well as mechanisms and procedures for their application, taking into account the specifics of information technology, makes it difficult to form an international information security system aimed at achieving strategic stability and equal strategic partnership.
IV. Strategic goals and main directions of ensuring information security
20. The strategic goal of ensuring information security in the field of national defense is to protect the vital interests of the individual, society and the state from internal and external threats associated with the use of information technologies for military and political purposes that are contrary to international law, including for the purpose of carrying out hostile actions and acts of aggression aimed at undermining the sovereignty, violating the territorial integrity of states and posing a threat to international peace, security and strategic stability.
21. In accordance with the military policy of the Russian Federation, the main directions for ensuring information security in the field of national defense are:
a) strategic deterrence and prevention of military conflicts that may arise as a result of the use of information technologies;
b) improving the information security system of the Armed Forces of the Russian Federation, other troops, military formations and bodies, which includes the forces and means of information warfare;
c) forecasting, detection and assessment of information threats, including threats to the Armed Forces of the Russian Federation in the information sphere;
d) assistance in ensuring the protection of the interests of the allies of the Russian Federation in the information sphere;
e) neutralization of information and psychological impact, including those aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.
22. The strategic goals of ensuring information security in the field of state and public security are the protection of sovereignty, the maintenance of political and social stability, the territorial integrity of the Russian Federation, the provision of fundamental rights and freedoms of man and citizen, as well as the protection of critical information infrastructure.
23. The main directions for ensuring information security in the field of state and public security are:
a) countering the use of information technology to promote extremist ideology, the spread of xenophobia, ideas of national exclusiveness in order to undermine sovereignty, political and social stability, forcibly change the constitutional order, violate the territorial integrity of the Russian Federation;
b) suppression of activities that damage the national security of the Russian Federation, carried out using technical means and information technologies by special services and organizations of foreign states, as well as by individuals;
c) increasing the security of critical information infrastructure and the stability of its operation, developing mechanisms for detecting and preventing information threats and eliminating the consequences of their manifestation, increasing the protection of citizens and territories from the consequences of emergencies caused by information and technical impact on critical information infrastructure facilities;
d) improving the security of the operation of information infrastructure facilities, including in order to ensure sustainable interaction between state bodies, preventing foreign control over the operation of such facilities, ensuring the integrity, stability and security of the unified telecommunications network of the Russian Federation, as well as ensuring the security of information transmitted over it and processed in information systems on the territory of the Russian Federation;
e) improving the safety of functioning of weapons, military and special equipment and automated control systems;
f) increasing the efficiency of prevention of offenses committed with the use of information technologies and counteraction to such offenses;
g) ensuring the protection of information containing information constituting a state secret, other information limited access and dissemination, including by increasing the security of relevant information technologies;
h) improvement of methods and methods of production and safe use of products, provision of services based on information technology using domestic developments that meet the requirements of information security;
i) efficiency improvement information support implementation of the state policy of the Russian Federation;
j) neutralization of information impact aimed at erosion of traditional Russian spiritual and moral values.
24. The strategic goals of ensuring information security in the economic sphere are to reduce to the minimum possible level the impact of negative factors caused by the insufficient level of development of the domestic information technology and electronic industries, the development and production of competitive information security tools, as well as increasing the volume and quality of services in the field of information security.
25. The main directions of ensuring information security in the economic sphere are:
a) innovative development of the information technology and electronics industry, an increase in the share of products of this industry in the gross domestic product, in the structure of the country's exports;
b) eliminating the dependence of the domestic industry on foreign information technologies and means of ensuring information security through the creation, development and widespread introduction of domestic developments, as well as the production of products and the provision of services based on them;
c) increasing the competitiveness of Russian companies operating in the information technology and electronics industries, developing, manufacturing and operating information security tools that provide services in the field of information security, including by creating favorable conditions for carrying out activities on the territory of the Russian Federation ;
d) development of a domestic competitive electronic component base and technologies for the production of electronic components, meeting the needs of the domestic market for such products and the entry of these products into the world market.
26. The strategic goal of information security in the field of science, technology and education is to support the innovative and accelerated development of the information security system, the information technology industry and the electronics industry.
27. The main directions for ensuring information security in the field of science, technology and education are:
a) achieving the competitiveness of Russian information technologies and developing scientific and technical potential in the field of information security;
b) creation and implementation of information technologies that are initially resistant to various types of impact;
c) conducting scientific research and experimental development in order to create advanced information technologies and means of ensuring information security;
d) development of human resources in the field of information security and the use of information technologies;
e) ensuring the protection of citizens from information threats, including through the formation of a culture of personal information security.
28. The strategic goal of ensuring information security In the field of strategic stability and equal strategic partnership is the formation of a stable system of non-conflict interstate relations in the information space.
29. The main directions for ensuring information security in the field of strategic stability and equal strategic partnership are:
a) protecting the sovereignty of the Russian Federation in the information space through the implementation of an independent and independent policy aimed at realizing national interests in the information sphere;
b) participation in the formation of an international information security system that provides effective counteraction to the use of information technologies for military and political purposes that are contrary to international law, as well as for terrorist, extremist, criminal and other illegal purposes;
c) creation of international legal mechanisms, taking into account the specifics of information technologies, in order to prevent and resolve interstate conflicts in the information space;
d) promotion within the framework of the activities of international organizations of the position of the Russian Federation, which provides for the provision of equal and mutually beneficial cooperation of all interested parties in the information sphere;
e) development of a national management system for the Russian segment of the Internet.
V. Organizational bases for ensuring information security
30. The information security system is part of the national security system of the Russian Federation.
Ensuring information security is carried out on the basis of a combination of legislative, law enforcement, law enforcement, judicial, control and other forms of activity of state bodies in cooperation with local governments, organizations and citizens.
31. The system for ensuring information security is built on the basis of the delimitation of the powers of legislative, executive and judicial authorities in this area, taking into account the jurisdiction of federal government authorities, government authorities of the constituent entities of the Russian Federation, as well as local governments determined by the legislation of the Russian Federation in the field of security security.
32. The composition of the information security system is determined by the President of the Russian Federation.
33. The organizational basis of the information security system is made up of: the Federation Council of the Federal Assembly of the Russian Federation, the State Duma of the Federal Assembly of the Russian Federation, the Government of the Russian Federation, the Security Council of the Russian Federation, federal executive authorities, the Central Bank of the Russian Federation, the Military Industrial Commission of the Russian Federation, interdepartmental bodies created by the President of the Russian Federation and the Government of the Russian Federation, executive authorities of the constituent entities of the Russian Federation, local governments, judicial authorities that, in accordance with the legislation of the Russian Federation, take part in solving problems of ensuring information security.
The participants in the information security system are: owners of critical information infrastructure facilities and organizations operating such facilities, mass media and mass communications, organizations in the monetary, foreign exchange, banking and other areas of the financial market, telecom operators, information system operators, organizations that carry out activities for the creation and operation of information systems and communication networks, for the development, production and operation of information security tools, for the provision of services in the field of information security, organizations engaged in educational activities in this area, public associations, other organizations and citizens who, in in accordance with the legislation of the Russian Federation, they participate in solving problems of ensuring information security.
34. The activities of state bodies to ensure information security are based on the following principles:
a) the legality of public relations in the information sphere and the legal equality of all participants in such relations, based on the constitutional right of citizens to freely seek, receive, transmit, produce and disseminate information in any legal way;
b) constructive interaction of state bodies, organizations and citizens in solving problems to ensure information security;
c) maintaining a balance between the need of citizens for the free exchange of information and restrictions associated with the need to ensure national security, including in the information sphere;
d) sufficiency of forces and means of ensuring information security, determined, among other things, through continuous monitoring of information threats;
e) observance of generally recognized principles and norms of international law, international treaties of the Russian Federation, as well as the legislation of the Russian Federation.
35. The tasks of state bodies in the framework of activities to ensure information security are:
a) ensuring the protection of the rights and legitimate interests of citizens and organizations in the information sphere;
b) assessing the state of information security, forecasting and detecting information threats, determining priority areas for their prevention and elimination of the consequences of their manifestation;
c) planning, implementation and evaluation of the effectiveness of a set of measures to ensure information security;
d) organizing activities and coordinating the interaction of information security forces, improving their legal, organizational, operational-investigative, intelligence, counter-intelligence, scientific, technical, information-analytical, personnel and economic support;
e) development and implementation of state support measures for organizations engaged in the development, production and operation of information security tools, for the provision of services in the field of information security, as well as organizations engaged in educational activities in this area.
36. The tasks of state bodies in the framework of the development and improvement of the information security system are:
a) strengthening the vertical of control and centralization of information security forces at the federal, interregional, regional, municipal levels, as well as at the level of informatization objects, operators of information systems and communication networks;
b) improving the forms and methods of interaction between information security forces in order to increase their readiness to counter information threats, including through regular training (exercises);
c) improvement of information-analytical and scientific-technical aspects of the functioning of the information security system;
d) increasing the efficiency of interaction between state bodies, local governments, organizations and citizens in solving problems of ensuring information security.
37. The implementation of this Doctrine is carried out on the basis of sectoral strategic planning documents of the Russian Federation. In order to update such documents, the Security Council of the Russian Federation determines a list of priority areas for ensuring information security in the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.
38. The results of monitoring the implementation of this Doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.
Correspondents of Politika Segodnya news agency compared information security strategies of 2000 and 2016
Following the foreign policy concept, the Kremlin updated and information doctrine. The corresponding decree was signed by President Vladimir Putin on Monday, December 5. Thus, having sent to the archive the strategy of the year 2000, which has been in force since the time when the Internet was just appearing in Russia. Correspondents found out how threats, expectations and tasks have changed over 16 years IA "Politics Today" by comparing the two doctrines.
Early 2000
As such, the 2000 Doctrine does not have a preamble. The very first article of the strategy records the expansion of the information sphere into all components of Russia's security: from political to defense. The growth engine of the world of text and interpretation is called technological progress. And in the developing world, the state has its own national interests: human rights and freedoms, ensuring the spiritual renewal of the country, preserving and strengthening the moral values of society, traditions of patriotism and humanism, cultural and scientific potential of the country.
Start 2016
Doctrine 2016 begins more academically - with definitions. The authors explain what information security is and what the national interest is. In the very first position of the document there is a new word for the 2000 strategy - "Internet". In the second - "information security forces", those drafters of the doctrine call government agencies that are responsible for information security.
The national interests of Russia, as before, are seen as ensuring and protecting constitutional human rights and freedoms. By such, the compilers of the doctrine understand not only the work with information, but also "the use of information technologies in the interests of preserving the cultural, historical, spiritual and moral values of the multinational people of the Russian Federation."
Also of national interest are an uninterrupted information network system in peacetime and wartime, the development of the relevant industry sector, bringing Russia's opinion to residents of foreign countries and contributing to international information security.
Threats 2000
In Doctrine 2000, the list of threats is divided into types: from infringing on constitutional human rights to technical threats to deployed networks. First on the list of challenges of the 21st century is... the adoption by government agencies of laws that could infringe on the rights and freedoms of citizens. Following the danger awaits around the corner - from criminal structures. In addition, the list of threats to information security includes the displacement of domestic media from Russian market information by foreign colleagues, "devaluation of spiritual values, propaganda of mass culture based on the cult of violence, on spiritual and moral values that contradict the values accepted in Russian society." The authors of the doctrine are also afraid of the outflow of specialists and intellectual property rights abroad.
Threats 2016
The authors of the 2016 doctrine are concerned about “means of information and psychological influence aimed at destabilizing the domestic political and social situation.” Between the lines, it is noted that the number of materials critical of the Russian Federation has increased in the foreign media. There is also increasing pressure on young people, the purpose of which is to "erode traditional Russian spiritual and moral values."
For the first time in the doctrine of information security, the word "terrorism" is used, and there is an increase in cybercrime in the world. Among the threats, the authors of the doctrine name the country's low position among information leaders, including the best of Russia no. The drafters of the strategy also consider the existing distribution of resources between countries necessary for the safe and sustainable development of the Internet to be dangerous. It does not allow for "joint, fair, trust-based management."
Tasks 2000
Doctrine 2000 starts from scratch. The tasks are the development of programs and legislative mechanisms for information security, the state information policy of Russia, the modernization of domestic technologies worth supporting and the creation, development of a modern protected technological basis for government in peacetime, in emergency situations and in wartime.
Tasks 2016
The 2016 doctrine puts “defense” as its strategic goal. People, society and the state need protection from external information threats. The authors of the doctrine do not rule out that the information war could turn into a real military conflict. And they do not want to allow this, offering to create in the structure of the Armed Forces of the Russian Federation “forces and means of information confrontation”, such that they can come to the aid of allies. Technologies, the authors of the doctrine prefer domestic ones, which should appear due to the innovative development of the information technology and electronics industries. They expect to receive help, including from Russian science.
The first section "General Provisions" presents the categorical apparatus, the legal basis of the Doctrine, emphasizes the relationship of the Doctrine with the National Security Strategy of the Russian Federation of 2015, and its role as the most important document of strategic planning.
The title of the second section speaks for itself - "National Interests in the Information Sphere". Attention is drawn to the fact that the information sphere plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation, and the implementation of national interests in the information sphere is aimed at creating a safe environment for the circulation of reliable information and an information infrastructure resistant to various types of impact. This is done in order to ensure the constitutional rights and freedoms of man and citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.
In the third section “Main information threats and the state of information security”, the legislator, when formulating threats, pays special attention to the fact that in modern times the expansion of the areas of application of information technologies, being a factor in the development of the economy and improving the functioning of public and state institutions, simultaneously generates new information threats, where the possibilities of cross-border circulation of information are increasingly being used to achieve geopolitical, military-political, as well as terrorist, extremist, criminal and other illegal goals, contrary to international law, to the detriment of international security and strategic stability. The negative factors influencing the state of information security of the Russian Federation are determined, the characteristics of the state of information security in areas related to the national priorities of Russia are given.
The fourth section (Strategic goals and main directions for ensuring information security) defines specific strategic goals for ensuring information security in areas of strategic national priorities and specifically formulates the main directions for ensuring them.
In the fifth section, the main emphasis is placed on the organizational foundations for ensuring information security, the principles and tasks of the activities of state bodies in the framework of activities to ensure information security are highlighted.
I would like to immediately draw attention to a number of points.
First, the practical synchronism of the appearance of new doctrinal documents in the field of foreign policy and information security of Russia. The decree approving the Foreign Policy Concept of the Russian Federation is dated November 30, 2016.
The provisions of the Concept and the Doctrine are consonant, moreover, it can be argued that the Doctrine is a certain continuation of the Concept according to information issues. In fact, the complex of these two acts has created a solid foundation for the activities of our state in the international information field. The concept includes special provisions (clauses 46 - 48) on information support for the foreign policy activities of the Russian Federation, where:
– an important direction of the foreign policy activity of the Russian Federation is to bring to the world community objective information about Russia's position on major international problems, its foreign policy initiatives and actions, processes and plans for the socio-economic development of the Russian Federation, the achievements of Russian culture and science;
– Russia seeks an objective perception of it in the world, develops its own effective means of informational influence on public opinion abroad, helps to strengthen the positions of Russian and Russian-language media in the global information space, providing them with the state support necessary for this, actively participates in international cooperation in information sphere, takes the necessary measures to counter threats to its information security;
- To achieve these goals, it is expected wide use new information and communication technologies. Russia will strive for the formation of a set of legal and ethical norms safe use such technologies. Russia upholds the right of every person to have access to objective information about events in the world, as well as to different points of view on these events.
Secondly, a distinctive feature of the new Doctrine can, accordingly, be called the focus of Russian information policy on counteracting negative biased informational assessments of Western media. Therefore, the informational support for the presentation of the new Doctrine by the Russian media is quite understandable.
Thirdly, the basis of the Doctrine of Information Security of the Russian Federation of 2016 was the actualization of approaches to the protection of national interests in the information sphere, taking into account modern realities. According to its purpose, the Doctrine is a document of strategic planning in the field of ensuring national security, along with the National Security Strategy of the Russian Federation. It is the foundation for the formation of state policy in the field of information security of the Russian Federation.
Attention should be paid to differences between the Information Security Doctrines of the Russian Federation of 2000 and 2016.
We will divide them into four groups, where innovations will be associated with a purely formal sphere; scientific and methodological; changes in the external situation; changes in internal factors.
The first group of differences purely external. Structures of construction of documents differ:
- the first included a preamble and four sections, covering 11 points, the second - five sections, uniting 38 points;
- the titles of the sections and their content do not match at all (in the Doctrine of 2000, the first section was called "Information Security of the Russian Federation", in 2016 - "General Provisions"; in the Doctrine of 2000, the second section was called "Methods for Ensuring Information Security of the Russian Federation", 2016 - "National interests in the information sphere"; in the Doctrine of 2000, the third section was called "Basic provisions of the state policy for ensuring information security of the Russian Federation and priority measures for its implementation", 2016 - "Main information threats and the state of information security"; in the Doctrine of 2000 in 2016, the fourth section was called "Organizational basis of the information security system of the Russian Federation", in 2016 - "Strategic goals and main directions for ensuring information security", and, finally, the fifth section - "Organizational foundations for ensuring information security");
– The 2000 Doctrine is almost three times as large in content as the new Doctrine;
– in terms of the style and spirit of the presentation of the material, the new Doctrine is more “restless”, “emotional”, offensive.
The second group of differences. The Doctrine of 2000 did not address the problem of terminological unity at all, the few categories available in it - the doctrine of information security, the information sphere, information security, were "blurred" throughout the text. The new Doctrine uses the following key terms: Doctrine of information security, information sphere, national interests of the Russian Federation in the information sphere, threat to information security of the Russian Federation, information security of the Russian Federation, ensuring information security, forces for ensuring information security, means of ensuring information security, system for ensuring information security, information infrastructure of the Russian Federation.
As the problem was presented, we have already shown (this was required by the logic of the material) the difference in scientific and methodological approaches in defining terms (for example, information security) or formulating national interests and threats in the information sphere.
V this case I would like to complete this issue by developing the idea of G.A. Atamanov about the approach to understanding the very term "information security" in the new Doctrine. The generalizing word “interests” was withdrawn from the definition of “information security”, on the basis of which, the objects of protection should not be the interests of the individual, society, state, but the individuals themselves, society, the state. But at the same time, without any explanation, in paragraph 20, the strategic goal of ensuring information security in the field of national defense (???) for some reason again indicates the protection of the vital interests of the individual, society and the state ...?
The scientific approach in the presentation of the material in the Doctrine of 2000 was clearly connected with the "triad" of the individual, society, state, and in terms of meaning the Doctrine is divided into three parts. The Doctrine of 2016 can be characterized as an inseparable text aimed at countering various threats in the information sphere.
The new Doctrine for the first time formulates the principles of the activities of the state bodies themselves in the field of ensuring information security, their tasks. The circle of subjects for ensuring information security of the Russian Federation is changing, in the direction of increase, in which the Central Bank of the Russian Federation and the Military-Industrial Commission of the Russian Federation appear. For the first time, participants in the information security system were also identified:
– owners and operators of critical information infrastructure facilities;
– Mass media and mass communications;
– organization of financial market spheres;
– communication and information system operators;
- developers of information systems and communication networks.
- organizations, associations and citizens who, in accordance with the legislation of the Russian Federation, participate in solving problems of ensuring information security.
The third group of differences. We note right away that it is methodologically hardly possible to strictly separate external and internal factors, since they are so closely interconnected in the area under consideration. We, accordingly, do it rather conditionally. A common element, in addition to everything, is that both in the external and in the internal spheres in the new Doctrine, the emphasis is on the humanitarian component of information security (resistance to information and psychological impact).
First, the 2016 Doctrine identified the impact of foreign states as the head of the external threat. The previous Doctrine spoke about the speculative protection of information systems. The new document directly deals with the defense of critical infrastructures from attacks by other states and terrorists.
Secondly, in the text of the Doctrine of 2000, such a concept as "extremist organizations" does not occur. It was only about the sabotage and subversive activities of the special services of foreign states and the activities of international terrorist organizations.
Thirdly, today special emphasis is placed on the danger of information and psychological impact on the individual and public consciousness of Russians by foreign intelligence services, as well as terrorist and extremist organizations. There was no such attention to this issue in the Doctrine of 2000. It can be assumed that such a sharp change of emphasis is connected with the consequences of active propaganda activities on the Internet, banned in Russia by ISIS, and the response to the situation in Ukraine.
Fourth, in the 2016 Doctrine, immeasurably more space is given to specific military-political risks of using computer technology against Russia. One of the main negative factors affecting the state of information security is the increase by a number of foreign countries of the possibilities of information and technical influence on the information infrastructure for military purposes. In addition, one of the new dangers is the strengthening of the work of organizations engaged in reconnaissance in Russian government bodies, scientific organizations and enterprises of the military-industrial complex.
Fifth, the Doctrine of 2000, regarding Western ideological influence on various spheres of life of Russian citizens, mentions the displacement of Russian news agencies, the media from the domestic information market and the increased dependence of the spiritual, economic and political spheres of Russian public life on foreign information structures. . For the first time, the new Doctrine explicitly states the alarming trend in the increase in the volume of materials in foreign mass media containing a biased assessment of the state policy of the Russian Federation.
Sixth, the new Doctrine has adjusted the strategy for ensuring the information security of the Russian Federation on the Internet. Attention is focused on the priority of bringing to the international community reliable information about the state policy of the Russian Federation and its official position on socially significant events in the country and the world. A set of measures to comply with and achieve the national interests of the Russian Federation in the Internet is indicated. The position on ensuring and protecting the constitutional rights of citizens in the digital space is formulated.
The fourth group of differences is related most of all with the most fundamental change in the world around us, where, compared to 2000, the main human activity has moved to the Internet. Fundamentally reoriented human consciousness, when a significant part of the population is psychologically comfortable in the Internet environment.
For the first time, the Doctrine includes the concept of sustainable and uninterrupted functioning of the information infrastructure. This refers to the Russian segment of the Internet.
And in the new Doctrine, for the first time, the state is forced to both pay attention and look for ways to minimize the impact of the so-called “Twitter revolutions.” The question of the role of such online platforms as Twitter and Facebook, for example, in the transfer of content through networks, has been updated.
Accordingly, there was a clear interest in the new Doctrine to create a system to ensure that the risks associated with proliferation through information networks material that directly threatens the internal political and social stability of Russia. And it's not just extremist content. The cornerstone of the new interpretation presented in the Doctrine is precisely its assessment as explosive information aimed at the mass implementation of ideas that can lead to large-scale actions.
A huge place in the new Doctrine is given to the issue of "erosion of spiritual and moral values" as one of the main internal threats. Consequently, the task has been set (on such a scale, for the first time) of protecting the population of the country, and, first of all, young people, from such information impact.
The doctrine of 2000, based on the needs of that time, determined the task of developing and implementing mechanisms for the implementation of legal norms governing relations in the information sphere. The new document focuses on the development of science-intensive industries. Separately, the problem of inappropriate modern level development of the information technology industry. For the first time, the need to support the innovative and accelerated development of the information security system, the information technology industry and the electronics industry was recorded.
A new aspect was the question of eliminating the dependence of the Russian industry on foreign information technologies and information security tools. And if in the Doctrine of 2000 it was about supporting the domestic industry, then in the new Doctrine - the main emphasis is on import substitution!
Today legal basis development of the information sphere of the Russian Federation is a huge number of regulatory legal acts. Saveliev A.I. noted that studies of the regulatory framework for information legislation for 1990 - 2013 show that during this period about 400 laws were adopted, one way or another regulating relations regarding information and information technologies, about 800 decrees of the Government of the Russian Federation, about 100 decrees of the President of the Russian Federation.
Accordingly, it can be noted that, formally, the Russian legislation has developed the necessary regulatory framework in the field of regulating information legal relations, but, as Z.N. Gonezhuk, the process of the initially rapid formation of information legislation in the Russian Federation is currently undergoing a process of stagnation. The regulatory framework consists of many disparate legislative acts. They are rather contradictory, and the conceptual and terminological apparatus is far from perfect.
Modern legal regulation of relations in the information sphere, of course, should be based on the observance of the principles of legality, the balance of interests of citizens, society and the state. And an objective necessity has long been the legislative regulation of information protection, as well as the creation of a mechanism that makes it possible to harmonize the very process of developing laws with the realities and progress of information technologies.
We share the statement of I.N. Gaidareva that versatility information relations and the need to resolve them require the development of a codified legislative act, as well as a draft basis for ensuring information security, since modern legal regulation does not cover the whole variety of existing relations for the implementation of the right to access to information.
But once again I would like to emphasize that the development of a full-fledged legal act regulating the issues of ensuring information security in the Russian Federation is impossible without revising the basic fundamental grounds, the categorical apparatus, which, in turn, cannot be done without a proper methodologically verified scientific justification of these problems.