> >

We meet the new Russian Information Security Doctrine. What changed? Analysis of the information security doctrine of the Russian Federation

M.Yu. Paklyachenko

New Doctrine information security: issues of legal protection of information

The article provides a comparative legal analysis of the content of the information security doctrines of the Russian Federation in 2000 and 2016. from the point of view of the completeness of disclosure in them of the category of legal protection of information. The advantages and disadvantages of the editions of the current and invalid documents are noted. The opinion on a more complete and comprehensive disclosure of the legal institution of the category of interest within the framework of the Doctrine, which has become invalid, is substantiated.

Keywords Keywords: information security, legal protection of information, Doctrine of information security.

With a certain degree of confidence, it can be argued that by now Russia has already formed a significant set of legal acts, regulations and national standards in the field of information security, including in the direction of regulating various information relations and informatization of the legal system.

It is obvious that lawmaking is a dynamic category, and a relevant confirmation of this is the new Information Security Doctrine (hereinafter referred to as IS), approved by Presidential Decree No. 646 of December 5, 2016. The previous Doctrine, approved on September 9, 2000, was declared invalid.

There is no doubt that, despite the preliminary nomination by the Security Council of the Russian Federation for public discussion of the draft Doctrine, the adopted system of official views on ensuring the national security of the Russian Federation in information sphere will be criticized by experts, which is already confirmed on the Internet. It is also inevitable that research papers will be published on issues

© Paklyachenko M.Yu., 2017

analysis of the essence of the new Doctrine, its structure, as well as a comparison of the content of the expired and current editions.

This article is devoted to the issues of legal protection of information (hereinafter referred to as PID) within the framework of their doctrinal description. The importance of this category, considered precisely from the standpoint of the IS Doctrine, is due to the fundamental value this document strategic planning, which is the basis for the formation public policy and development of public relations in the field of information security, as well as to develop measures to improve the information security system.

The essence and content of the right to protect information

First of all, it should be noted that the definition of FDI is not found either in the previous or in the current Doctrine. Strict definition this concept gives GOST 50922-2006: “Legal protection of information: protection of information by legal methods, including the development of legislative and regulatory legal documents(acts) regulating the relations of subjects for the protection of information, the application of these documents, as well as supervision and control over their execution”1.

Referring to the Federal Law of July 27, 2006 No. 149-FZ “On Information, Information Technologies and Information Protection”, you can expand the content of the FDI, supplementing it with a description of the measures that constitute information protection and are aimed at ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation to such information, confidentiality of information limited access and exercising the right to access information2. Legal measures cited in Art. 16 of the Federal Law "On Information, Information Technologies and Information Protection", the list when listed is preceded by organizational and technical ones.

Together with the description in the Federal Law "On Information, Information Technologies and Information Protection" of the PSI measures, the IS Doctrine, which has become invalid, was harmoniously supplemented by the description of the content of the category under consideration, in the second chapter of which the methods of ensuring IS were disclosed. So, in paragraph 5, among the general methods, along with organizational, technical and economic ones, legal ones were also noted (Fig. 1).

Rice. 1. The structure of the legal protection of information and its consolidation in various sources

“The legal methods of ensuring the RF IS include the development of regulatory legal acts regulating relations in the information sphere, and regulatory methodological documents on issues of ensuring the RF IS.

The most important areas of this activity are:

Introducing amendments and additions to the legislation of the Russian Federation that regulates relations in the field of ensuring information security in order to create and improve the system for ensuring the information security of the Russian Federation, eliminate internal contradictions in federal legislation, contradictions related to international agreements to which the Russian Federation has acceded, and contradictions between federal legislative acts and legislative acts of the constituent entities of the Russian Federation, as well as in order to specify legal regulations establishing liability for violations in the field of IS maintenance in the Russian Federation;

Legislative delimitation of powers in the field of providing information security of the Russian Federation between federal bodies state power and public authorities

subjects of the Russian Federation, determination of goals, objectives and mechanisms for the participation of public associations, organizations and citizens in this activity;

Development and adoption of regulatory legal acts of the Russian Federation establishing the responsibility of legal and individuals for unauthorized access to information, its illegal copying, distortion and illegal use, deliberate dissemination of false information, illegal disclosure of confidential information, use of official information or information containing commercial secrets for criminal and mercenary purposes;

Clarification of the status of foreign news agencies, mass media and journalists, as well as investors when attracting foreign investment for the development of Russia's information infrastructure;

Legislative consolidation of development priority national networks communications and domestic production of space communications satellites;

Determination of the status of organizations providing services of global information and telecommunication networks on the territory of the Russian Federation, and legal regulation of the activities of these organizations;

Creation of a legal framework for the formation in the Russian Federation of regional structures for providing information security”2.

The postulates of the first chapter regarding the state of the RF IS and the main tasks to ensure it looked winning (in the field of FDI) in the IS Doctrine that had lost its force.

Thus, the start of the formation of the base of legal support for information security was marked: the adoption of a number of fundamental laws (for example, federal laws“On information, informatization and information protection”, “On participation in international information exchange”, Law of the Russian Federation “On State Secrets”) and dynamic work to create mechanisms for their implementation, preparation of draft laws regulating public relations in the information sphere.

In addition, the Doctrine revealed shortcomings in this area. It was noted that the level of RF IS does not fully meet the needs of society and the state. The following negative points were cited:

Inconsistency and underdevelopment of the legal regulation of public relations in the information sphere;

Insufficiency of normative legal regulation of relations in the field of realizing the possibilities of constitutional restrictions on freedom of the mass media in the interests of protecting the foundations of the constitutional order, morality, health, rights and legitimate interests of citizens, ensuring the country's defense capability and security;

Imperfection of normative legal regulation of relations in the field of mass media.

The document provided a description of the tasks requiring urgent solutions. In terms of FDI, such a task was to improve the regulatory legal framework for ensuring the IS of the Russian Federation, including mechanisms for exercising the rights of citizens to receive information and access to it, forms and methods for implementing legal norms relating to the interaction of the state with the media.

Thus, the disclosure of the FDI category within the framework of the Doctrine of September 9, 2000 can be characterized as sufficient and complete: positive and negative aspects of the state of the RF IS were noted, goals and objectives in this area were defined, and legal methods were characterized. Separately, the priority of the direction of the state policy in the field of ensuring the information security of the Russian Federation was determined by improving the legal mechanisms for regulating public relations.

It can be argued that at complex perception of the entire content of the Doctrine of 09.09.2000, the significance of the prerogative of the legal aspect, if not dominant, is surely among the most important factors in ensuring the state's information security.

Let's move on to the analysis of the Doctrine of 12/05/2016.

The first change that catches the eye affects the structure of the document - an additional fifth chapter appears. The content of the "Basic Provisions" includes the definition of the Doctrine, the main concepts used in it, the legal basis, the essence and significance of this document for state policy and public relations in the field of information security.

Such a presentation, common in the structure of most legislative acts, seems to be preferable from the point of view of the convenience of perceiving the purpose of the document in the general field of legislation, as well as the assimilation of its conceptual and categorical apparatus.

Provisions affecting PDI issues appear in paragraph 2 of the first chapter of the Doctrine, where IS means include

along with technical and organizational legal means (see Fig. 1).

In contrast to the systematized presentation of the four main components of the national interests of the Russian Federation in the information sphere and the list of actions following each such component to achieve them, as was cited in the IS Doctrine of 2000, the document approved by Presidential Decree No. 646 of 05.12.2016 distributes areas national interests in the information sphere3, as well as strategic goals and main directions for ensuring information security according to the chapters of the same name.

I would especially like to note the absence of a description in the new Doctrine of the sources of IS threats. In the first paragraphs of the third chapter of the document, the current state of information security is outlined in general terms, mainly from the standpoint of international legal relations. The following is a description of the state of information security and information threats in various areas and spheres of the state (state and public security, economics, science, technology and education, etc.).

It seems that this style of presentation is justified primarily by a change in the priorities of the state policy in the field of information security. If earlier the importance of working out the legal aspects of information security as one of the components of the national security of the Russian Federation was not in doubt, now the desire of the state to bring the entire information sphere, of which information security is a component, to a qualitatively new level within the framework of international relations is obvious.

In conclusion, I would like to note that it is possible to compare the content of the doctrines of 2000 and 2016 in many categories, since these documents, being a system (set) of official views, are inherently complex and multifaceted. In this article, an attempt was made to conduct a comparative legal analysis of the doctrines in terms of FDI (Fig. 2), which showed the following.

From the point of view of disclosure of the concept of FDI, the IS Doctrine, approved by the President of the Russian Federation on September 9, 2000 and no longer in force, seems to be more appropriate, since it notes the prerogative of the legal aspect of IS, which is expressed in the description of the state of IS and the main tasks for its provision in terms of law. -

introduction of amendments and additions to the legislation of the Russian Federation: legislative consolidation of the priority of development of national communication networks:

development and adoption of normative legal acts; creation of a legal framework; inconsistency, underdevelopment, insufficiency and imperfection of legal regulation

IS Doctrine 2016

creation of international legal mechanisms; organization and coordination of information security forces, improvement of their legal support

Rice. 2. Excerpts from the doctrines of information security of the Russian Federation, affecting the legal protection of information

regulation, characteristics of internal threats caused by shortcomings in the legal framework, enumeration of legal methods for ensuring the IS of the Russian Federation, as well as goals and objectives in terms of improving the legislative framework of the Russian Federation.

The reasons for the deviation from a thorough description of the legal regulation of information security in the text of the Doctrine of 2016, the obvious highlighting of the development of national information technologies on a qualitatively new level, as well as Russia's aspirations for leading positions in the international arena may be as follows. The difference in the approval of the Doctrines is 16 years, and it is obvious that during this time colossal work has been done in all areas of the national interests and priorities of the Russian Federation, which are indicated, among other things, in the Doctrine of 2000.

The development of the state predetermines the dynamics in the actualization of legislative documents affecting the list of priority areas for ensuring information security. One way or another, the real value and specific results of the adoption of the new Doctrine can be discussed in more detail based on the monitoring results reflected in the annual report of the Secretary of the Security Council of Russia on the state of national security.

Notes

GOST R 50922-2006 “Information security. Basic terms and definitions” (approved by the Order of Rostekhregulirovaniya of December 27, 2006 N 373-st) [Electronic resource] // Site of JSC “Kodeks”. URL: http://docs.cntd.ru/document/1200058320 (accessed 12/15/2016).

Doctrine of information security of the Russian Federation (approved by Decree of the President of the Russian Federation of 09.09.2000 No. Pr-1895) [Electronic resource] // ATP "Consultant-Plus". URL: http://www.consultant.ru/document/cons_doc_LAW_28679/ (accessed 12/15/2016).

The first section "General Provisions" presents the categorical apparatus, the legal basis of the Doctrine, emphasizes the relationship of the Doctrine with the National Security Strategy of the Russian Federation of 2015, and its role as the most important document of strategic planning.

The title of the second section speaks for itself - "National Interests in the Information Sphere". Attention is drawn to the fact that the information sphere plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation, and the implementation of national interests in the information sphere is aimed at creating a safe environment for the circulation of reliable information and an information infrastructure resistant to various types of impact. This is done in order to ensure the constitutional rights and freedoms of man and citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.

In the third section “Main information threats and the state of information security”, the legislator, when formulating threats, pays special attention to the fact that in modern times the expansion of the areas of application of information technologies, being a factor in the development of the economy and improving the functioning of public and state institutions, simultaneously generates new information threats, where the possibilities of cross-border circulation of information are increasingly being used to achieve geopolitical, military-political, as well as terrorist, extremist, criminal and other illegal goals, contrary to international law, to the detriment of international security and strategic stability. The negative factors influencing the state of information security of the Russian Federation are determined, the characteristics of the state of information security in areas related to the national priorities of Russia are given.

The fourth section (Strategic goals and main directions for ensuring information security) defines specific strategic goals for ensuring information security in the areas of strategic national priorities and specifically formulates the main directions for ensuring them.

In the fifth section, the main emphasis is placed on the organizational foundations for ensuring information security, the principles and tasks of the activities of state bodies in the framework of activities to ensure information security are highlighted.



I would like to immediately draw attention to a number of points.

First, the practical synchronism of the appearance of new doctrinal documents in the field of foreign policy and information security of Russia. The decree approving the Foreign Policy Concept of the Russian Federation is dated November 30, 2016.

The provisions of the Concept and the Doctrine are consonant, moreover, it can be argued that the Doctrine is a certain continuation of the Concept on information issues. In fact, the complex of these two acts has created a solid foundation for the activities of our state in the international information field. The concept includes special provisions (clauses 46 - 48) on information support for the foreign policy activities of the Russian Federation, where:

– an important direction of the foreign policy activity of the Russian Federation is to bring to the world community objective information about Russia's position on major international problems, its foreign policy initiatives and actions, processes and plans for the socio-economic development of the Russian Federation, the achievements of Russian culture and science;

– Russia seeks an objective perception of it in the world, develops its own effective means of informational influence on public opinion abroad, helps to strengthen the positions of Russian and Russian-language media in the world information space providing them with the state support necessary for this, actively participates in international cooperation in the information sphere, takes the necessary measures to counter threats to their information security;

- to achieve these goals, it is planned to widely use new information and communication technologies. Russia will strive for the formation of a set of legal and ethical norms safe use such technologies. Russia upholds the right of every person to have access to objective information about events in the world, as well as to different points of view on these events.



Secondly, a distinctive feature of the new Doctrine can, accordingly, be called the concentration of the Russian information policy on counteracting negative biased informational assessments of Western media. Therefore, the informational support for the presentation of the new Doctrine by the Russian media is quite understandable.

Thirdly, the basis of the Doctrine of Information Security of the Russian Federation of 2016 was the actualization of approaches to the protection of national interests in the information sphere, taking into account modern realities. According to its purpose, the Doctrine is a document of strategic planning in the field of ensuring national security, along with the National Security Strategy of the Russian Federation. It is the foundation for the formation of state policy in the field of information security of the Russian Federation.

Attention should be paid to differences between the Information Security Doctrines of the Russian Federation of 2000 and 2016.

We will divide them into four groups, where innovations will be associated with a purely formal sphere; scientific and methodological; changes in the external situation; changes in internal factors.

The first group of differences purely external. Structures of construction of documents differ:

- the first included a preamble and four sections, covering 11 points, the second - five sections, uniting 38 points;

- the titles of the sections and their content do not match at all (in the Doctrine of 2000, the first section was called "Information Security of the Russian Federation", in 2016 - "General Provisions"; in the Doctrine of 2000, the second section was called "Methods for Ensuring Information Security of the Russian Federation", 2016 - "National interests in the information sphere"; in the Doctrine of 2000, the third section was called "The main provisions of the state policy for ensuring information security of the Russian Federation and priority measures for its implementation", 2016 - "Main information threats and the state of information security"; in the Doctrine of 2000 in 2016, the fourth section was called "Organizational basis of the information security system of the Russian Federation", in 2016 - "Strategic goals and main directions for ensuring information security", and, finally, the fifth section - "Organizational foundations for ensuring information security");

– The 2000 Doctrine is almost three times as large in content as the new Doctrine;

– in terms of the style and spirit of the presentation of the material, the new Doctrine is more “restless”, “emotional”, offensive.

The second group of differences. The doctrine of 2000 did not address the problem of terminological unity at all, the few categories it contained - the doctrine of information security, the information sphere, information security, were "blurred" throughout the text. The new Doctrine uses the following key terms: Doctrine of information security, information sphere, national interests of the Russian Federation in the information sphere, threat to information security of the Russian Federation, information security of the Russian Federation, ensuring information security, forces for ensuring information security, means of ensuring information security, system for ensuring information security, information infrastructure of the Russian Federation.

As the problem was presented, we have already shown (this was required by the logic of the material) the difference in scientific and methodological approaches in the definition of terms (for example, information security) or the formulation of national interests and threats in the information sphere.

In this case, I would like to complete this issue by developing the idea of ​​G.A. Atamanov about the approach to understanding the very term "information security" in the new Doctrine. The generalizing word “interests” was withdrawn from the definition of “information security”, on the basis of which, the objects of protection should not be the interests of the individual, society, state, but the individuals themselves, society, the state. But at the same time, without any explanation, in paragraph 20, the strategic goal of ensuring information security in the field of national defense (???) for some reason again indicates the protection of the vital interests of the individual, society and the state ...?

The scientific approach in the presentation of the material in the Doctrine of 2000 was clearly connected with the "triad" of the individual, society, state, and in terms of meaning the Doctrine is divided into three parts. The Doctrine of 2016 can be characterized as an inseparable text aimed at countering various threats in the information sphere.

The new Doctrine for the first time formulates the principles of the activities of the state bodies themselves in the field of ensuring information security, their tasks. The circle of subjects of ensuring information security of the Russian Federation is changing, in the direction of increase, in which there are central bank of the Russian Federation and the Military Industrial Commission of the Russian Federation. For the first time, participants in the information security system were also identified:

– owners and operators of critical information infrastructure facilities;

– Mass media and mass communications;

– organization of financial market spheres;

– communication and information system operators;

- developers of information systems and communication networks.

- organizations, associations and citizens who, in accordance with the legislation of the Russian Federation, participate in solving problems of ensuring information security.

The third group of differences. We note right away that it is methodologically hardly possible to strictly separate external and internal factors, since they are so closely interconnected in the area under consideration. We, accordingly, do it rather conditionally. common element In addition, the new Doctrine focuses on the humanitarian component of information security (resistance to information and psychological impact) both in the external and internal spheres.

First, the 2016 Doctrine identified the impact of foreign states as the head of the external threat. The previous Doctrine spoke about the speculative protection of information systems. The new document directly deals with the defense of critical infrastructures from attacks by other states and terrorists.

Secondly, in the text of the Doctrine of 2000, such a concept as "extremist organizations" does not occur. It was only about the sabotage and subversive activities of the special services of foreign states and the activities of international terrorist organizations.

Thirdly, today special emphasis is placed on the danger of information and psychological impact on the individual and public consciousness of Russians by foreign intelligence services, as well as terrorist and extremist organizations. There was no such attention to this issue in the Doctrine of 2000. It can be assumed that such a sharp change of emphasis is connected with the consequences of active propaganda activities on the Internet, banned in Russia by ISIS, and the response to the situation in Ukraine.

Fourth, in the 2016 Doctrine, immeasurably more space is given to specific military and political risks of using computer technologies against Russia. One of the main negative factors affecting the state of information security is the increase by a number of foreign countries of the possibilities of information and technical influence on the information infrastructure for military purposes. In addition, one of the new dangers is the strengthening of the work of organizations carrying out intelligence in Russian state bodies, scientific organizations and enterprises of the military-industrial complex.

Fifth, the Doctrine of 2000, regarding Western ideological influence on various spheres of life of Russian citizens, mentions the displacement of Russian news agencies, the media from the internal information market and strengthening the dependence of the spiritual, economic and political spheres of public life in Russia on foreign information structures. For the first time, the new Doctrine explicitly states the alarming trend in the increase in the volume of materials in foreign mass media containing a biased assessment of the state policy of the Russian Federation.

Sixth, the new Doctrine has adjusted the strategy for ensuring the information security of the Russian Federation on the Internet. Attention is focused on the priority of bringing to the international community reliable information about the state policy of the Russian Federation and its official position on socially significant events in the country and the world. A set of measures to comply with and achieve the national interests of the Russian Federation in the Internet is indicated. The position on ensuring and protecting the constitutional rights of citizens in the digital space is formulated.

The fourth group of differences is related most of all with the most fundamental change in the world around us, where, compared to 2000, the main human activity has moved to the Internet. Fundamentally reoriented human consciousness, when a significant part of the population is psychologically comfortable in the Internet environment.

For the first time, the Doctrine includes the concept of sustainable and uninterrupted functioning of the information infrastructure. This refers to the Russian segment of the Internet.

And in the new Doctrine, for the first time, the state is forced to both pay attention and look for ways to minimize the impact of the so-called “Twitter revolutions.” The question of the role of such online platforms as Twitter and Facebook, for example, in the transfer of content through networks, has been updated.

Accordingly, a clearly expressed interest appeared in the new Doctrine in creating a system for countering the risks associated with the dissemination through information networks of material that directly threatens Russia's internal political and social stability. And it's not just extremist content. The cornerstone of the new interpretation presented in the Doctrine is precisely its assessment as explosive information aimed at the mass implementation of ideas that can lead to large-scale actions.

A huge place in the new Doctrine is given to the issue of "erosion of spiritual and moral values" as one of the main internal threats. Consequently, the task has been set (on such a scale, for the first time) of protecting the population of the country, and, first of all, young people, from such information impact.

The doctrine of 2000, based on the needs of that time, determined the task of developing and implementing mechanisms for the implementation of legal norms governing relations in the information sphere. The new document focuses on the development of science-intensive industries. Separately, the problem of inconsistent with the modern level of development of the information technology industry is singled out. For the first time, the need to support the innovative and accelerated development of the information security system, the information technology industry and the electronics industry was recorded.

A new aspect was the question of eliminating the dependence of Russian industry on foreign information technologies and information security tools. And if in the Doctrine of 2000 it was about supporting the domestic industry, then in the new Doctrine - the main emphasis is on import substitution!

Today, the legal basis for the development of the information sphere of the Russian Federation is a huge number of regulatory legal acts. Saveliev A.I. noted that studies of the regulatory framework for information legislation for 1990 - 2013 show that during this period about 400 laws were adopted, one way or another regulating relations regarding information and information technologies, about 800 decrees of the Government of the Russian Federation, about 100 decrees of the President of the Russian Federation.

Accordingly, it can be noted that formally in Russian legislation the necessary regulatory and legal framework has developed in the field of regulating information legal relations, but, as Z.N. Gonezhuk, the process of the initially rapid formation of information legislation in the Russian Federation is currently undergoing a process of stagnation. The regulatory framework consists of many disparate legislative acts. They are rather contradictory, and the conceptual and terminological apparatus is far from perfect.

Modern legal regulation of relations in the information sphere, of course, should be based on the observance of the principles of legality, the balance of interests of citizens, society and the state. And an objective necessity has long been the legislative regulation of information protection, as well as the creation of a mechanism that makes it possible to harmonize the very process of developing laws with the realities and progress of information technologies.

We share the statement of I.N. Gaidareva that the versatility of information relations and the need to regulate them require the development of a codified legislative act, as well as a draft of the foundations for ensuring information security, since modern legal regulation does not cover the whole variety of existing relations for the implementation of the right to access to information.

But once again I would like to emphasize that the development of a full-fledged legal act regulating the issues of ensuring information security in the Russian Federation is impossible without revising the basic fundamental grounds, the categorical apparatus, which, in turn, cannot be done without a proper methodologically verified scientific justification of these problems.

PRESIDENT OF THE RUSSIAN FEDERATION

On approval of the Information Security Doctrine of the Russian Federation


In order to ensure the information security of the Russian Federation

I decide:

1. Approve the attached Doctrine of Information Security of the Russian Federation.

2. Recognize as invalid the Doctrine of Information Security of the Russian Federation, approved by the President of the Russian Federation on September 9, 2000 N Pr-1895.

3. This Decree comes into force from the date of its signing.

The president
Russian Federation
V.Putin

Information Security Doctrine of the Russian Federation

I. General provisions

1. This Doctrine is a system of official views on ensuring the national security of the Russian Federation in the information sphere.

In this Doctrine, the information sphere is understood as a set of information, objects of informatization, information systems, sites in the information and telecommunication network "Internet" (hereinafter referred to as the "Internet" network), communication networks, information technologies, entities whose activities are related to the formation and processing of information , development and use of these technologies, ensuring information security, as well as a set of mechanisms for regulating relevant social relations.

2. The following basic concepts are used in this Doctrine:

a) the national interests of the Russian Federation in the information sphere (hereinafter - the national interests in the information sphere) - the objectively significant needs of the individual, society and the state in ensuring their security and sustainable development in terms of the information sphere;

b) threat to the information security of the Russian Federation (hereinafter referred to as the information threat) - a set of actions and factors that create the danger of causing damage to national interests in the information sphere;

c) information security of the Russian Federation (hereinafter - information security) - the state of protection of the individual, society and the state from internal and external information threats, which ensures the implementation of the constitutional rights and freedoms of man and citizen, a decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state;

d) ensuring information security - the implementation of interrelated legal, organizational, operational-investigative, intelligence, counterintelligence, scientific, technical, information-analytical, personnel, economic and other measures to predict, detect, contain, prevent, repel information threats and eliminate their consequences manifestations;

e) information security forces - state bodies, as well as divisions and officials of state bodies, local governments and organizations authorized to solve information security tasks in accordance with the legislation of the Russian Federation;

f) information security means - legal, organizational, technical and other means used by information security forces;

g) information security system - a set of forces for ensuring information security, carrying out coordinated and planned activities, and the means used by them to ensure information security;

h) information infrastructure of the Russian Federation (hereinafter - information infrastructure) - a set of informatization objects, information systems, sites on the Internet and communication networks located on the territory of the Russian Federation, as well as in territories under the jurisdiction of the Russian Federation or used on the basis of international treaties of the Russian Federation.

3. Based on the analysis of the main information threats and the assessment of the state of information security, this Doctrine defines the strategic goals and main directions for ensuring information security, taking into account the strategic national priorities of the Russian Federation.

4. legal basis This Doctrine is constituted by the Constitution of the Russian Federation, generally recognized principles and norms of international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as regulatory legal acts of the President of the Russian Federation and the Government of the Russian Federation.

5. This Doctrine is a strategic planning document in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by Decree of the President of the Russian Federation of December 31, 2015 N 683, as well as other strategic planning documents in this area.

6. This Doctrine is the basis for the formation of state policy and the development of public relations in the field of information security, as well as for the development of measures to improve the information security system.

II. National interests in the information sphere

7. Information technologies have acquired a global cross-border character and have become an integral part of all spheres of activity of the individual, society and the state. Their effective application is a factor in accelerating the economic development of the state and the formation of the information society.

The information sphere plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation.

8. National interests in the information sphere are:

a) ensuring and protecting the constitutional rights and freedoms of a person and a citizen in terms of obtaining and using information, privacy when using information technologies, providing information support for democratic institutions, mechanisms for interaction between the state and civil society, as well as the use of information technologies in the interests of preserving cultural, historical, spiritual and moral values ​​of the multinational people of the Russian Federation;

b) ensuring the stable and uninterrupted functioning of the information infrastructure, primarily the critical information infrastructure of the Russian Federation (hereinafter referred to as the critical information infrastructure) and single network telecommunications of the Russian Federation, in peacetime, in times of imminent threat of aggression and in wartime;

c) development in the Russian Federation of the information technology and electronic industry, as well as improving the activities of industrial, scientific and scientific and technical organizations in the development, production and operation of information security tools, the provision of services in the field of information security;

d) bringing to the Russian and international public reliable information about the state policy of the Russian Federation and its official position on socially significant events in the country and the world, the use of information technologies to ensure the national security of the Russian Federation in the field of culture;

e) assistance in the formation of an international information security system aimed at countering the threats of the use of information technologies in order to violate strategic stability, at strengthening an equal strategic partnership in the field of information security, as well as at protecting the sovereignty of the Russian Federation in the information space.

9. The implementation of national interests in the information sphere is aimed at creating a safe environment for the circulation of reliable information and an information infrastructure resistant to various types of influence in order to ensure the constitutional rights and freedoms of man and citizen, stable socio-economic development of the country, as well as the national security of the Russian Federation.

III. The main information threats and the state of information security

10. Expansion of the areas of application of information technologies, being a factor in the development of the economy and improving the functioning of public and state institutions, at the same time gives rise to new information threats.

The possibilities of cross-border circulation of information are increasingly being used to achieve geopolitical, military-political, as well as terrorist, extremist, criminal and other illegal goals, contrary to international law, to the detriment of international security and strategic stability.

At the same time, the practice of introducing information technologies without linking them to ensuring information security significantly increases the likelihood of information threats.

11. One of the main negative factors affecting the state of information security is the build-up by a number of foreign countries of the possibilities of information and technical influence on the information infrastructure for military purposes.

At the same time, the activities of organizations carrying out technical intelligence in relation to Russian state bodies, scientific organizations and enterprises of the military-industrial complex are intensifying.

12. The use by special services of individual states of means of providing information and psychological impact is expanding, aimed at destabilizing the domestic political and social situation in various regions of the world and leading to undermining the sovereignty and violation of the territorial integrity of other states. Religious, ethnic, human rights and other organizations, as well as certain groups of citizens, are involved in this activity, while the possibilities of information technologies are widely used.

There is a trend towards an increase in the volume of materials in foreign mass media containing a biased assessment of the state policy of the Russian Federation. Russian mass media are often openly discriminated against abroad, and Russian journalists are hindered from exercising their professional activities.

The information impact on the population of Russia, primarily on young people, is increasing in order to erode traditional Russian spiritual and moral values.

13. Various terrorist and extremist organizations widely use the mechanisms of informational influence on individual, group and public consciousness in order to escalate interethnic and social tension, incite ethnic and religious hatred or enmity, propagate extremist ideology, and also attract new supporters to terrorist activities. For illegal purposes, such organizations are actively creating means of destructive impact on critical information infrastructure facilities.

14. The scale of computer crime is growing, primarily in the credit and financial sphere, the number of crimes related to the violation of the constitutional rights and freedoms of a person and a citizen is increasing, including in terms of privacy, personal and family secrets, in the processing of personal data using information technology. At the same time, the methods, methods and means of committing such crimes are becoming more sophisticated.

15. The state of information security in the field of national defense is characterized by an increase in the use by individual states and organizations of information technologies for military-political purposes, including for the implementation of actions contrary to international law aimed at undermining the sovereignty, political and social stability, and territorial integrity of the Russian Federation and its allies and posing a threat to international peace, global and regional security.

16. The state of information security in the field of state and public security is characterized by a constant increase in complexity, an increase in the scale and an increase in the coordination of computer attacks on objects of critical information infrastructure, an increase in intelligence activities of foreign states in relation to the Russian Federation, as well as an increase in threats to the use of information technologies in order to cause damage sovereignty, territorial integrity, political and social stability of the Russian Federation.

17. The state of information security in the economic sphere is characterized by an insufficient level of development of competitive information technologies and their use for the production of products and the provision of services. Remains high level the dependence of the domestic industry on foreign information technologies in terms of the electronic component base, software, computers and communications, which makes the socio-economic development of the Russian Federation dependent on the geopolitical interests of foreign countries.

18. The state of information security in the field of science, technology and education is characterized by insufficient efficiency of scientific research aimed at creating promising information technologies, a low level of implementation of domestic developments and insufficient staffing in the field of information security, as well as low awareness of citizens in matters of ensuring personal information security . At the same time, measures to ensure the security of the information infrastructure, including its integrity, availability and sustainable operation, using domestic information technologies and domestic products often do not have a comprehensive basis.

19. The state of information security in the field of strategic stability and equal strategic partnership is characterized by the desire of individual states to use technological superiority to dominate the information space.

The current distribution between countries of the resources necessary to ensure the safe and stable functioning of the Internet does not allow for joint fair management based on the principles of trust.

The absence of international legal norms governing interstate relations in the information space, as well as mechanisms and procedures for their application, taking into account the specifics of information technology, makes it difficult to form an international information security system aimed at achieving strategic stability and equal strategic partnership.

IV. Strategic goals and main directions for ensuring information security

20. The strategic goal of ensuring information security in the field of national defense is to protect the vital interests of the individual, society and the state from internal and external threats associated with the use of information technologies for military and political purposes that are contrary to international law, including for the purpose of carrying out hostile actions and acts of aggression aimed at undermining the sovereignty, violating the territorial integrity of states and posing a threat to international peace, security and strategic stability.

21. In accordance with the military policy of the Russian Federation, the main directions for ensuring information security in the field of national defense are:

a) strategic deterrence and prevention of military conflicts that may arise as a result of the use of information technologies;

b) improving the information security system of the Armed Forces of the Russian Federation, other troops, military formations and bodies, which includes the forces and means of information warfare;

c) forecasting, detection and assessment of information threats, including threats to the Armed Forces of the Russian Federation in the information sphere;

d) assistance in ensuring the protection of the interests of the allies of the Russian Federation in the information sphere;

e) neutralization of information and psychological impact, including those aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.

22. The strategic goals of ensuring information security in the field of state and public security are the protection of sovereignty, the maintenance of political and social stability, the territorial integrity of the Russian Federation, the provision of fundamental rights and freedoms of man and citizen, as well as the protection of critical information infrastructure.

23. The main directions for ensuring information security in the field of state and public security are:

a) countering the use of information technology to promote extremist ideology, the spread of xenophobia, ideas of national exclusiveness in order to undermine sovereignty, political and social stability, forcibly change the constitutional order, violate the territorial integrity of the Russian Federation;

b) suppression of activities that damage the national security of the Russian Federation, carried out using technical means and information technologies by special services and organizations of foreign states, as well as by individuals;

c) increasing the security of critical information infrastructure and the stability of its operation, developing mechanisms for detecting and preventing information threats and eliminating the consequences of their manifestation, increasing the protection of citizens and territories from the consequences of emergencies caused by information and technical impact on critical information infrastructure facilities;

d) improving the security of the operation of information infrastructure facilities, including in order to ensure sustainable interaction between state bodies, preventing foreign control over the operation of such facilities, ensuring the integrity, stability and security of the unified telecommunications network of the Russian Federation, as well as ensuring the security of information transmitted over it and processed in information systems on the territory of the Russian Federation;

e) improving the safety of functioning of weapons, military and special equipment and automated systems management;

f) increasing the efficiency of prevention of offenses committed with the use of information technologies and counteraction to such offenses;

g) ensuring the protection of information containing information constituting a state secret, other information of limited access and distribution, including by increasing the security of relevant information technologies;

h) improvement of methods and methods of production and safe use of products, provision of services based on information technology using domestic developments that meet the requirements of information security;

i) improving the efficiency of information support for the implementation of the state policy of the Russian Federation;

j) neutralization of information impact aimed at erosion of traditional Russian spiritual and moral values.

24. The strategic goals of ensuring information security in the economic sphere are to reduce to the minimum possible level the impact of negative factors caused by the insufficient level of development of the domestic information technology and electronic industries, the development and production of competitive information security tools, as well as increasing the volume and quality of services in the field of information security.

25. The main directions of ensuring information security in the economic sphere are:

a) innovative development of the information technology and electronics industry, an increase in the share of products of this industry in the gross domestic product, in the structure of the country's exports;

b) eliminating the dependence of the domestic industry on foreign information technologies and means of ensuring information security through the creation, development and widespread implementation of domestic developments, as well as the production of products and the provision of services based on them;

c) increasing the competitiveness of Russian companies operating in the information technology and electronics industries, developing, manufacturing and operating information security tools that provide services in the field of information security, including by creating favorable conditions for carrying out activities on the territory of the Russian Federation ;

d) development of a domestic competitive electronic component base and technologies for the production of electronic components, meeting the needs of the domestic market for such products and entering the world market for these products.

26. The strategic goal of ensuring information security in the field of science, technology and education is to support the innovative and accelerated development of the information security system, the information technology industry and the electronics industry.

27. The main directions for ensuring information security in the field of science, technology and education are:

a) achieving the competitiveness of Russian information technologies and developing scientific and technical potential in the field of information security;

b) creation and implementation of information technologies that are initially resistant to various types of impact;

c) conducting scientific research and experimental development in order to create advanced information technologies and means of ensuring information security;

d) development of human resources in the field of information security and the use of information technologies;

e) ensuring the protection of citizens from information threats, including through the formation of a culture of personal information security.

28. The strategic goal of ensuring information security in the field of strategic stability and equal strategic partnership is the formation of a stable system of non-conflict interstate relations in the information space.

29. The main directions for ensuring information security in the field of strategic stability and equal strategic partnership are:

a) protecting the sovereignty of the Russian Federation in the information space through the implementation of an independent and independent policy aimed at realizing national interests in the information sphere;

b) participation in the formation of an international information security system that provides effective counteraction to the use of information technologies for military and political purposes that are contrary to international law, as well as for terrorist, extremist, criminal and other illegal purposes;

c) creation of international legal mechanisms, taking into account the specifics of information technologies, in order to prevent and resolve interstate conflicts in the information space;

d) promotion within the framework of the activities of international organizations of the position of the Russian Federation, which provides for the provision of equal and mutually beneficial cooperation of all interested parties in the information sphere;

e) development of a national management system for the Russian segment of the Internet.

V. Organizational bases for ensuring information security

30. The information security system is part of the national security system of the Russian Federation.

Ensuring information security is carried out on the basis of a combination of legislative, law enforcement, law enforcement, judicial, control and other forms of activity of state bodies in cooperation with local governments, organizations and citizens.

31. The system for ensuring information security is built on the basis of the delimitation of powers of legislative, executive and judicial authorities in this area, taking into account the jurisdiction of federal government authorities, government authorities of the constituent entities of the Russian Federation, as well as local governments determined by the legislation of the Russian Federation in the field of security security.

32. The composition of the information security system is determined by the President of the Russian Federation.

33. The organizational basis of the information security system is made up of: the Federation Council of the Federal Assembly of the Russian Federation, the State Duma of the Federal Assembly of the Russian Federation, the Government of the Russian Federation, the Security Council of the Russian Federation, federal executive authorities, the Central Bank of the Russian Federation, the Military Industrial Commission of the Russian Federation, interdepartmental bodies created by the President of the Russian Federation and the Government of the Russian Federation, executive authorities of the constituent entities of the Russian Federation, local governments, judicial authorities participating in solving problems of ensuring information security in accordance with the legislation of the Russian Federation.

Participants in the information security system are: owners of critical information infrastructure facilities and organizations operating such facilities, mass media and mass communications, organizations in the monetary, foreign exchange, banking and other areas of the financial market, telecom operators, information system operators, organizations that carry out activities for the creation and operation of information systems and communication networks, for the development, production and operation of information security tools, for the provision of services in the field of information security, organizations engaged in educational activities in this area, public associations, other organizations and citizens who in accordance with the legislation of the Russian Federation, they participate in solving problems of ensuring information security.

34. The activities of state bodies to ensure information security are based on the following principles:

a) the legality of public relations in the information sphere and the legal equality of all participants in such relations, based on the constitutional right of citizens to freely seek, receive, transmit, produce and disseminate information in any legal way;

b) constructive interaction of state bodies, organizations and citizens in solving problems to ensure information security;

c) maintaining a balance between the need of citizens for the free exchange of information and restrictions associated with the need to ensure national security, including in the information sphere;

d) sufficiency of forces and means to ensure information security, determined, among other things, through continuous monitoring of information threats;

e) observance of generally recognized principles and norms of international law, international treaties of the Russian Federation, as well as the legislation of the Russian Federation.

35. The tasks of state bodies in the framework of activities to ensure information security are:

a) ensuring the protection of the rights and legitimate interests of citizens and organizations in the information sphere;

b) assessing the state of information security, forecasting and detecting information threats, determining priority areas for their prevention and elimination of the consequences of their manifestation;

c) planning, implementation and evaluation of the effectiveness of a set of measures to ensure information security;

d) organizing activities and coordinating the interaction of information security forces, improving their legal, organizational, operational-investigative, intelligence, counterintelligence, scientific, technical, information-analytical, personnel and economic support;

e) development and implementation of measures state support organizations engaged in the development, production and operation of information security tools, the provision of services in the field of information security, as well as organizations engaged in educational activities in this area.

36. The tasks of state bodies in the framework of activities to develop and improve the information security system are:

a) strengthening the vertical of control and centralization of information security forces at the federal, interregional, regional, municipal levels, as well as at the level of informatization objects, operators of information systems and communication networks;

b) improving the forms and methods of interaction between information security forces in order to increase their readiness to counter information threats, including through regular training (exercises);

c) improvement of information-analytical and scientific-technical aspects of the functioning of the information security system;

d) increasing the efficiency of interaction between state bodies, local governments, organizations and citizens in solving problems of ensuring information security.

37. The implementation of this Doctrine is carried out on the basis of sectoral strategic planning documents of the Russian Federation. In order to update such documents, the Security Council of the Russian Federation determines a list of priority areas for ensuring information security in the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.

38. The results of monitoring the implementation of this Doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.



Electronic text of the document
prepared by Kodeks JSC and verified against:
Official Internet portal
legal information
www.pravo.gov.ru, 06.12.2016,
N 0001201612060002

Correspondents of the Politika Segodnya news agency compared information security strategies of 2000 and 2016

Following the foreign policy concept, the Kremlin also updated the information doctrine. The corresponding decree was signed by President Vladimir Putin on Monday, December 5. Thus, having sent to the archive the strategy of the year 2000, which has been in force since the time when the Internet was just appearing in Russia. Correspondents found out how threats, expectations and tasks have changed over 16 years IA "Politics Today" by comparing the two doctrines.

Early 2000

As such, the 2000 Doctrine does not have a preamble. The very first article of the strategy records the expansion of the information sphere into all components of Russia's security: from political to defense. The growth engine of the world of text and interpretation is called technological progress. And in the developing world, the state has its own national interests: human rights and freedoms, ensuring the spiritual renewal of the country, preserving and strengthening the moral values ​​of society, traditions of patriotism and humanism, cultural and scientific potential of the country.

Start 2016

Doctrine 2016 begins more academically - with definitions. The authors explain what information security is and what the national interest is. In the very first position of the document there is a new word for the 2000 strategy - "Internet". In the second - "information security forces", those drafters of the doctrine call government agencies that are responsible for information security.

The national interests of Russia, as before, are seen as ensuring and protecting constitutional human rights and freedoms. By such, the compilers of the doctrine understand not only the work with information, but also "the use of information technologies in the interests of preserving the cultural, historical, spiritual and moral values ​​of the multinational people of the Russian Federation."

Also of national interest are an uninterrupted information network system in peacetime and wartime, the development of the relevant industry sector, bringing Russia's opinion to residents of foreign countries and contributing to international information security.

Threats 2000

In Doctrine 2000, the list of threats is divided into types: from infringing on constitutional human rights to technical threats to deployed networks. First on the list of challenges of the 21st century is... the adoption by government agencies of laws that could infringe on the rights and freedoms of citizens. Following the danger awaits around the corner - from criminal structures. In addition, the list of threats to information security includes the displacement of domestic media from Russian market information by foreign colleagues, “devaluation of spiritual values, propaganda of mass culture based on the cult of violence, on spiritual and moral values ​​that are contrary to the values ​​accepted in Russian society". The authors of the doctrine are also afraid of the outflow of specialists and intellectual property rights abroad.

Threats 2016

The authors of the 2016 doctrine are concerned about “means of information and psychological influence aimed at destabilizing the domestic political and social situation.” Between the lines, it is noted that the number of materials critical of the Russian Federation has increased in the foreign media. There is also increasing pressure on young people, the purpose of which is to "erode traditional Russian spiritual and moral values."

For the first time in the doctrine of information security, the word "terrorism" is used, and there is an increase in cybercrime in the world. Among the threats, the authors of the doctrine name the country's low position among information leaders, including the best of Russia no. The drafters of the strategy also consider the existing distribution of resources between countries necessary for the safe and sustainable development of the Internet to be dangerous. It does not allow for "joint, fair, trust-based management."

Tasks 2000

Doctrine 2000 starts from scratch. The tasks are the development of programs and legislative mechanisms for information security, the state information policy of Russia, modernization on domestic technologies that are worth supporting and the creation and development of a modern protected technological basis for government in peacetime, in emergency situations and in wartime.

Tasks 2016

The 2016 doctrine puts “defense” as its strategic goal. People, society and the state need protection from external information threats. The authors of the doctrine do not exclude that information war can result in a real military conflict. And they do not want to allow this, offering to create in the structure of the Armed Forces of the Russian Federation “forces and means of information confrontation”, such that they can come to the aid of allies. Technologies, the authors of the doctrine prefer domestic ones, which should appear due to the innovative development of the information technology and electronics industries. They expect to receive help, including from Russian science.

President Vladimir Putin approved the doctrine of information security. Its main provisions are in the RBC review

The document consists of 38 articles divided into five chapters. The text begins with an indication of national interests in the field of national security. The following is a listing of the main information threats in the modern world. On the basis of these threats, the strategic goals of national policy concerning the economy, military sphere, diplomacy, science and education are formed.

national interests

  • Ensuring and protecting the constitutional rights and freedoms of man and citizen in the part related to the receipt and use of information.
  • Ensuring stable and uninterrupted functioning of critical information infrastructure in Russia.
  • Development of the information technology and electronics industry in Russia.
  • Promotion of reliable information about the state policy of Russia and its official position on socially significant events in the country and the world.
  • Assistance in the formation of an international information security system.

Main information threats

  • A number of Western countries are increasing the possibilities of information and technical influence on the information infrastructure for military purposes.
  • The activities of organizations carrying out technical intelligence in Russia are being strengthened.
  • The special services of individual states are trying to destabilize the internal political and social situation in various regions of the world. The goal is to undermine the sovereignty and violate the territorial integrity of states. Methods - the use of information technology, as well as religious, ethnic and human rights organizations.
  • In the foreign media, there is a growing volume of materials containing a biased assessment of Russia's state policy.
  • Obstacles are created for Russian journalists abroad, Russian media are subjected to "blatant discrimination".
  • Terrorist and extremist groups escalate interethnic and social tension, engage in propaganda, and attract new supporters.
  • The scale of computer crime is growing, primarily in the financial sector.
  • The number of crimes related to the violation of constitutional human rights and freedoms, privacy, and protection of personal data is growing. These crimes are getting more and more sophisticated.
  • Foreign states are stepping up intelligence activities in Russia. The number of computer attacks on critical information infrastructure is growing, their scope and complexity are growing.
  • The high level of dependence of the domestic industry on foreign information technologies (electronic component base, software, Computer Engineering, means of communication).
  • The low level of effectiveness of Russian scientific research aimed at creating promising information technologies. Domestic developments are poorly implemented, the personnel potential in this area is low.
  • Individual states use technological superiority to dominate the information space. Internet governance based on the principles of fairness and trust between different countries is impossible.

Strategic Goals

The strategic goal of ensuring information security in the field of national defense is to protect the vital interests of the individual, society and the state from internal and external threats associated with the use of information technologies for military and political purposes that are contrary to international law, including for the purpose of carrying out hostile actions and acts aggression aimed at undermining the sovereignty, violating the territorial integrity of states and posing a threat to international peace, security and strategic stability.

In military policy:

  • Strategic deterrence and prevention of military conflicts that may arise as a result of the use of information technology.
  • Improving the information security system of the army.
  • Forecasting, detection and evaluation of information threats.
  • Assistance in ensuring the protection of the interests of Russia's allies in the information sphere.
  • Neutralization of information and psychological impact, including those aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.

In the field of state and public security:

  • Countering the use of information technology to promote extremism, xenophobia and nationalism.
  • Improving the security of critical information infrastructure.
  • Improving the safety of functioning of weapons, military and special equipment and automated control systems.
  • Ensuring the protection of information containing information constituting a state secret.
  • Improving the efficiency of information support for the implementation of state policy.
  • Neutralization of the information impact aimed at erosion of traditional Russian spiritual and moral values.

In economics:

  • Innovative development of the information technology industry.
  • Elimination of the dependence of the domestic industry on foreign information technologies.
  • Development of a domestic competitive electronic component base and technologies for the production of electronic components.

In science and education:

  • Achieving the competitiveness of Russian information technologies.
  • Development of human resources in the field of information security.
  • Formation of a culture of personal information security among citizens.

In international relations:

  • Implementation of an independent and independent information policy.
  • Participation in the formation of an international information security system.
  • Ensuring equal and mutually beneficial cooperation of all interested parties in the information sphere, promoting the Russian position in relevant international organizations.

Organizational basis of the information security system

  • Council of the Federation
  • The State Duma
  • Government
  • Security Council
  • Federal executive authorities (federal services and agencies)
  • central bank
  • Military Industrial Commission
  • Interdepartmental bodies created by the president and the government
  • Executive authorities of subjects
  • Local governments
  • Judicial authorities.

Participants of the information security system

  • Owners and operators of critical information infrastructure facilities
  • Banks
  • Communications and information systems operators
  • Developers of information systems and communication networks.
A computer
The most interesting:
How to connect the printer via LAN
Instagram self-promotion tools
How to make money on Glopart